CCPA PRIVACY POLICY

Fogo de Chão California Consumer Privacy Act Privacy Policy

Last updated: January 1, 2023

We, Fogo de Chão, Inc., issue this California Consumer Privacy Act Privacy Policy (“CCPA Privacy Policy“) to provide information about how we collect, use, disclose and otherwise process California residents’ personal information and rights that California residents may have under the California Consumer Privacy Act of 2018 (“CCPA“). This CCPA Privacy Policy only applies to you if you reside in California. This CCPA Privacy Policy does not reflect our processing of California residents’ personal information where an exception under the CCPA applies.

1. Our Personal Information Handling Practices over the Preceding 12 Months

The table below sets out the categories of personal information (as defined by the CCPA) about California residents that we collected, sold, shared and disclosed to others over the preceding 12 months, and the sources of such personal information. Following the table are descriptions of the purposes for which we used personal information. We distinguish among: (1) users of our website (“website users“); (2) representatives of our prospective, current or past B2B contacts, customers and other business partners (collectively, “B2B contacts“); and (3) our prospective, current and past employees and other personnel (collectively, “employees“). In the descriptions of categories of personal information, “consumer” means “California resident”.

Category of personal informationDid we collect? If so, from what source?Did we sell? If so, to whom and for what purpose?Did we share? If so, to whom and for what purpose? Did we disclose? If so, to whom and for what purpose?
Non-Sensitive Personal Information
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.Yes, from website users, B2B contacts and employees. Yes, we sold IP addresses of website users to our targeted advertising business partners to support our cross-context behavioral advertising efforts.Yes, we shared IP addresses of website users to our targeted advertising business partners to support our cross-context behavioral advertising efforts.Yes. In addition to the sales and sharing mentioned in previous columns, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.Yes, from website users, B2B contacts and employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Characteristics of protected classifications under California or federal law.Yes, from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Yes, from website users, B2B contacts and employees.Yes, we sold information about products that website users considered or purchased to our targeted advertising business partners to support our cross-context behavioral advertising efforts.Yes, we shared information about products that website users considered or purchased to our targeted advertising business partners to support our cross-context behavioral advertising efforts.Yes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Biometric informationNoN/AN/AN/A
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.Yes, from website users, B2B contacts and employees.Yes, we sold information about interactions between our website users and website to our targeted advertising business partners to support our cross-context behavioral advertising efforts.Yes, we shared information about interactions between our website users and website to our targeted advertising business partners to support our cross-context behavioral advertising efforts.Yes. In addition to the sales and sharing mentioned in previous columns, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Geolocation data.Yes, from website users, B2B contacts and employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Audio, electronic, visual, thermal, olfactory, or similar information.Yes, from website users, B2B contacts and employees.No, although some of the information we sold (as described elsewhere in this table) was in electronic formNo, although some of the information we shared (as described elsewhere in this table) was in electronic formYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Professional or employment-related information.Yes, from B2B contacts and employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).Yes, from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Inferences drawn from any personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Yes, using personal information from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Sensitive Personal Information
A consumer’s social security, driver’s license, state identification card, or passport number.Yes, from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.Yes, from website users and employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
A consumer’s precise geolocation.Yes, from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.Yes, from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.Yes, from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
A consumer’s genetic data.No.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
The processing of biometric information for the purpose of uniquely identifying a consumer.No.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Personal information collected and analyzed concerning a consumer’s health.Yes, from employees.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.No.NoNoYes, we disclosed these types of personal information to our service providers and contractors to receive services from them.

We used the personal information collected from website users to maintain, secure and optimize our website; respond to requests, inquiries, and comments; to provide periodic news and updates; to make reservations; to process orders; to correspond with them; to provide additional functionality that enables them to use our website more effectively; to enhance their online experience; to assist us with improving our website; to serve targeted Fogo de Chão advertisements on websites we do not operate to users; to engage in email marketing; and to process sales of gift cards and other items.

We used the personal information collected from B2B contacts to provide them and the organization they represent with information they request and other information we believe is of interest to them; to make and receive orders and shipments; to process payments; and to provide, maintain, improve and ensure the integrity of our products, information, distribution, and marketing.

We used the personal information that we collected from employees to perform the services or provide the goods reasonably expected by our employees in their role as our employees, including those services and goods that are reasonably necessary for us to administer the employment relationship and for our employees to perform their duties; to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system; to resist malicious, deceptive, fraudulent or illegal actions directed at us and to prosecute those responsible for those actions; to ensure the physical safety of natural persons; for short-term, transient use; to perform services on behalf of us; to verify or maintain the quality or safety of our services and products; to improve, upgrade, or enhance our services and products; to perform functions that are required under laws that apply to us; and to fulfil the other purposes set forth in our privacy notices at collection to employees.

We use the personal information of website users, B2B contacts and employees to protect and secure our business operations, assets, online services, network, and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct; to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.

We do not have actual knowledge that we sell or share the personal information of California residents under 16 years of age. We do not use sensitive personal information for purposes other than those referred to in Subsection 1798.121(a) of the CCPA.

2. Your Rights under the CCPA

As a California resident, you have the following rights under the CCPA:

• The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period.

• The right to delete personal information that we have collected from you, subject to certain exceptions.

• The right to correct inaccurate personal information that we maintain about you.

• The right to opt-out of the sale or sharing of your personal information by us. We disclose California residents’ personal information to our targeted advertising business partners for the purposes of cross-contextual behavioral advertising and, as such, we “sell” and “share” personal information as these terms are defined under the CCPA. Please note that we do not sell personal information in the sense of disclosing your personal information in exchange for money. Please also note that, if you exercise your right to opt-out of the “sharing” of your personal information, we may still disclose your personal information to third parties for purposes other than cross-contextual behavioral advertising, as described in our privacy disclosures.  

• The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.

3. How to Exercise Your CCPA Rights

Methods of Submission and Instructions:

• To submit a request to exercise your rights to know, delete or correct, please submit an email request to privacy@fogo.com or contact us at 1-888-249-5046. Please specify in your request the personal information about you that you would like to have provided, deleted, or corrected.

• To submit a request to exercise your right to opt-out of sales and sharing, please click here: https://fogodechao.com/notice-of-right-to-opt-out/ .

• Verification: Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child. You may designate an authorized agent by taking the steps outlined under “Authorized Agent” further below.In your request or in response to us seeking additional information, you, or your authorized agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and, if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfil your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfil your request.

• Opt-Out Preference Signals: We respond to opt-out preference signals communicated via the Global Privacy Control and will process such signals with respect to the browser or signal communicating the signals or, if you have signed onto your Fogo de Chão account while communicating Global Privacy Control opt-out preference signals, you specifically. To use Global Privacy Control opt-out preference signals, please follow the instructions here: https://globalprivacycontrol.org/.

• Authorized Agents: You can designate an authorized agent to make a request under the CCPA on your behalf if the authorized agent is a natural person or a business entity registered with the Secretary of State of California, we receive a written authorization stating that you have authorized the authorized agent to submit a request on your behalf which has been signed by you and the authorized agent, and we have verified the identity of you and the authorized agent. If you provide an authorized agent with power of attorney pursuant to California Probate Code sections 4000 to 4465, it may not be necessary to perform the above steps, and we will respond to any request from the authorized agent in accordance with the CCPA.

4. Contact Us

If you have questions or concerns about our privacy policies or practices, please contact us using the following details:

Email address: privacy@fogo.com
Postal address: Fogo de Chão, Inc., Attention: Customer Service, 14850 Quorum Drive, Suite 500 | Dallas TX, 75254