Introduction

The National Restaurant Association is committed to maintaining the privacy of its members, partners, clients, customers, and all of its constituents and users and knows that you care about how your information is used or shared.  We value your trust and have created this privacy policy so that you are aware of our commitment to privacy.

This privacy policy applies to information we collect from all sources, including our websites, mobile sites, applications, conferences, events, surveys, research and email communication. By visiting or using these media channels, you consent to the information collection and use practices described in this privacy policy.  This privacy policy may be amended from time to time in the discretion of the National Restaurant Association.

Who are we?

The National Restaurant Association is made up of a portfolio of affiliated organizations dedicated to advancing the restaurant and hospitality industry, details of which entities can be found below.  The Association is the largest foodservice trade association in the world, supporting over 500,000 restaurant businesses.

This privacy policy is issued on behalf of the National Restaurant Association so when we mention “Association”, “we”, “us” or “our” in this privacy policy we are referring to the relevant affiliated organization  responsible for the information that identifies you as an individual (personal data). The Association’s Enterprise Communications Department is the controller of your personal data and responsible for this website.

Our affiliates

National Restaurant Solutions LLC (NRAS) provides food and alcohol safety training and certification, and other educational materials for foodservice employees on safe food handling and management.  NRAS also provides hospitality professionals with education and training through its American Hotel and Lodging Educational Institute (AHLEI) product line.

The National Restaurant Association Educational Foundation is the philanthropic foundation affiliated with the National Restaurant Association. It exists to enhance the restaurant industry’s service to the public through education, community engagement and promotion of career opportunities.

The National Registry of Food Safety Professionals provides food safety training and examination certifications for professionals primarily in food manufacturing facilities, groceries, processing plants, food packaging and warehouses.

The Multicultural Foodservice and Hospitality Alliance provides products and solutions to increase cultural awareness and advance diversity throughout the hospitality industry.

The Restaurant Law Center enhances the restaurant industry’s legal advocacy capabilities to provide protection and advancement for the industry at the federal, state and local level.

The National Restaurant Association Political Action Committee is a voluntary, non-partisan political action committee formed to support and elect pro-industry and pro-business congressional candidates for federal office.

How do you contact us?

We welcome all inquiries. Please contact us about this privacy policy and/or about your personal data via any of the following methods:

  • Telephone: (800) 765-2122
  • Address:

Data Protection Officer
National Restaurant Association
233 South Wacker Drive, Suite 3600
Chicago, IL 60606

  • Email: Privacy@restaurant.org

What information do we gather about you?

The information we collect from you helps us to personalize and continually improve your experience. The collected information falls into three categories:

  1. Personal data given to us, which will be considered to include:
    By you: We may collect and process Personal Data that you provide or submit to us when, for example, you visit our website, register for an event, purchase a course or exam, take a course or exam, apply for a certification, take a survey, participate in a webinar or community forum, or contact customer service. This Personal Data may include your name, address, telephone number, email address and/or username.

    By our members: We may also collect and process personal data provided or submitted by or for our members, including employers or franchisors that provide personal data on behalf of employees, franchisees or other agents. This may include employees’ business and personal contact details, job titles, years of admission, personal data submitted upon registering or renewing membership (including dues payment information).

  1. Personal data we collect from third parties
    We may receive personal data about you or your affiliates from third parties, such as social media services, commercially available sources and business partners (third parties). This personal data may include your name, contact information, transactions/purchase history, demographic data and/or information about your activities on other websites.

    If, for example, you access us through a social media service, then the information we collect may include content the social media service will share with us. The information we obtain depends on your privacy settings on the applicable social media service. When you access us through social media services you are authorizing us to collect, store and use such information and content in accordance with this privacy policy.  We may also collect and use personal data obgtained from other commercial sources.  At this time, we are not able to track and identify the source of third party derived personal data.

  1. Personal and non-personal data collected via technology
    With regard to each of your visits to our website, we collect information that is sent to us automatically by your web browser. We may use this information to:
  • Generate aggregated statistics about visitors to our website; and
  • For all other business purposes, such as providing customer service, fraud prevention, market research, identification of other commercial opportunities that may be of interest to you and solicitation of the same, or improving our website.

    Please check your web browser if you want to learn what information your browser sends or how to change your settings.  You may also explore and adjust your privacy settings.

How do we use your personal data?

We may use the personal data collected from you or from third parties:

  • to fulfill any contract entered into between you and us,
  • to provide you with the information, products and services that you have requested, subscribed for, purchased, or expressed interest in,
  • to provide you with solicitations or information for additional products and services that we believe may be of interest to you based upon your personal data or prior inquiry or purchases,
  • to carry out our obligations arising from your membership,
  • to provide to our affiliated third parties with whom we have affinity programs or similar commercial relationships in order to market and provide products, goods or services that believe may be of interest to the industry,
  • to communicate exam results, pending expiration dates or other information regarding your certificate, certification, or similar status,
  • to provide you with information or other materials relating to an event that you are currently or were previously registered for, including information regarding speakers, sponsors or other attendees,
  • to provide email newsletters or similar materials from us or our affiliates,
  • to respond to your inquiries,
  • to notify you about changes to our membership, products or services,
  • to customize your website or product experience tailored to your indicated interests, and/or
  • to transfer as part of a merger or sale of the business.

We may further use the information we automatically collect about you:

  • to administer our website for internal operations, including troubleshooting, data analytics, resting, research, statistical and survey purposes, and enhancing website security,
  • to improve our website to ensure content is presented most effectively for you,
  • as part of our efforts to keep our website safe and secure,
  • to measure and understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, and/or
  • to make suggestions and recommendations about our website or services that may interest you.

How do we share your personal data?

We may share your personal data with third parties, including our affiliates or allied organizations such as State Restaurant Associations, affinity partners, service providers, social media sites, strategic business partners and/or as required to comply with applicable law. We will at all times use commercially reasonable efforts to ensure that the third parties with whom we share your personal data represent that they have sufficient technical/organizational privacy measures for secure data processing.  We cannot guarantee that third parties will at all times comply with such standards.

We contract with third parties to provide services on our behalf, including credit-card and billing processes, ad serving, shipping, email distribution, list processing, analytics, promotion management and website security.  This may also include independent contractors that need to know the information in order to help us provide our products and services to you or to process information on our behalf, or to offer or provide commercial services.  We provide these third parties only with the information they need to perform their services.  We require these third parties to agree to restrict their use of personal data in any other way than to provide the service that you or we requested and they are not to  share, resell or use the data for other commercial or direct marketing purposes.

If you log in with or connect a social media service account with your Association account, you are authorizing us to share information we collect from and about you with the social media service provider and you understand that the social media service’s use of the shared information will be governed by the social media service’s privacy policy. If you do not want your personal data shared this way, please do not log in with or connect your social media service account with your Association account.

As we continue to develop our business, we might sell certain business units or otherwise be involved in new commercial activities, or engage in a merger, reorganization, dissolution, liquidation or transfer of all or part of our business.  In such transactions, personal data may be transferred as a business asset.

We may release personal data when we believe such release may be appropriate to comply with the law. This includes exchanging information with third parties for fraud protection and credit risk reduction.

We may provide/sell/rent access to your information (including personal data) to our strategic business partners  in order to offer products or services that may suit your interests or business, and for our partners to better target their products and services to you.

For EU Parties

For those European Union parties for whom we are obligated to apply General Data Privacy Regulation (GDPR) protections and safeguards (EU Parties), you agree that we may share and disclose your information when you have provided explicit consent.  We will never sell your personal data to third parties with whom you do not have an existing relationship.  We may share,  sell, or rent access to your information (including personal data) to our strategic business partners with whom you have an existing relationship in order for our partners to better target their products and services to you.

The Association is headquartered in the United States. Your personal data may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants or service providers who are located worldwide. If you are visiting from outside the United States, be aware that your personal data may be transferred to, stored, and processed in the United States where our services are located and our central database is operated. By using our service, you consent to such transfer of your personal data.

EU Parties: How do we use your personal data?

This section applies only to EU Parties for whom we are obligated to provide GDPR protections and safeguards.  Upon receipt of adequate consent (or opt-in), we will use your Personal Data substantially similar to the use of personal data for non EU parties, with the exception of the below provision describing our processing of personal data of EU parties.

We will only process the personal data of EU parties, including sharing it with third parties, where:

  • you have provided consent (which can be withdrawn at any time),
  • the processing is necessary for the performance of a contract to which you are a party,
  • we are required to by law,
  • processing is required to protect your vital interests or those of another person, or
  • processing is necessary for legitimate commercial interests, except where such interests are overridden by your rights and interests.

How do we store and retain your personal data?

The personal data that you provide to us is generally stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that once your personal data is submitted through our website, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place.

We will retain your personal data for as long as your account is active or as needed to provide you with our website. If you wish to cancel your account or request that we no longer use your personal data to provide you service, please contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and perform our agreements.

How do we protect your personal data?

We strive to protect your privacy. We have implemented an information security program that contains organizational and technical controls that are reasonably designed to safeguard your personal data at all times. We use industry standard SSL encryption when you enter sensitive information in online forms (e.g., payment card, password, etc.).

Although we use security measures to help protect your personal data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of any information transmitted to us over the internet.  Nor can we guarantee the security of any information shared with third parties.

What are my rights?

We respect your preferences regarding how we use your personal data to best serve you. Generally, there are two easy ways to make changes: 1) Contact us using one of the media channels listed in this privacy policy or on our website, or 2) update your user profile on our website.

Your rights with respect to the personal data include the right to:

  • have personal data updated, corrected or deleted,
  • unsubscribe, or opt-out of certain types of processing (e.g., promotions and discounts, event updates, etc.),
    • There are certain notices you may not opt-out of, including renewal notices, payment confirmation notices, or notifications of changes to NRAS products and services
    • You may unsubscribe to certain types of solicitations by contacting the party who sent such materials to you
    • You may opt-out of text messages by responding “STOP” at any time
  • request a copy or transfer of your personal data, and
  • if you are citizen of the European Union (“EU”), make a complaint to the EU Data Protection Authority.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions you began prior to requesting such change or deletion (e.g., when you make a purchase, you may not be able to change or delete the personal data provided until after the completion of a such purchase).

For residents of California only: California law requires select businesses to disclose policies relating to the sharing of certain categories of your personal data with third parties. If you reside in California and have provided your personal data to us, you may request information about our disclosure of certain categories of your personal data to third parties.

What is our cookie policy?

Cookies are a small text file that is sent to and stored on your computer or other internet device to identify your browser or store information. They are commonly used to retain settings or other features for your next visit to our website.

When someone visits our website we collect standard internet log information and details of visitor behavior patterns. This allows us to enhance our products, services and website. Not all cookies are set by default, it depends on how you interact with the website.

You do not have to accept our cookies and can block them by activating the setting on your browser that allows you to refuse all or some cookies. You may also delete them after they have been placed on your hard drive. If you do not accept or delete our cookies, some of the areas of the website that you access may take more time to work or may not function properly.

Do we collect information on or from children?

We do not knowingly nor intentionally collect any personal data from children under the age of 13.  If we learn that we have collected personal data about a child under the age of 13, the information will be immediately deleted.

Changes to this privacy policy

We evaluate this privacy policy periodically in light of changing business practices, technology and legal requirements. As a result, it is updated from time to time.  We will revise the “Last Update” date at the top of the privacy policy and place a notice online when we make material changes to our privacy policy. Your use of our website, products, or services following these changes means you acknowledge you have read and accept the revised privacy policy and terms thereof.