Download
Five Guys App
Privacy Policy
Introduction
In this Customer Privacy Policy (Privacy Policy):
- references to we, us or our means any subsidiaries and affiliated companies as amended from time to time of Five Guys Holding, Inc., in each case operating in countries outside the USA and Canada, including the Netherlands, and Belgium;
- references to you or your means the person accessing and using the Website (as defined below) and/or otherwise visiting a FIVE GUYS® Restaurant;
- references to the Websites mean the following websites found at (as amended from time to time):
- www.fiveguys.nl (Netherlands);
- www.fiveguys.be (Belgium).
- and includes the Five Guys app; and
- references to FIVE GUYS® Restaurant means any restaurant for the operation of FIVE GUYS® fast casual restaurants which specialize in the sale of fresh made burgers, fries, and other accompaniments prepared in accordance with our Five Guys brand standards.
If you are a customer of Five Guys in the USA or Canada, this Privacy Policy will not apply to you. Please instead refer to our privacy notice at www.fiveguys.com.
Privacy Policy
This Privacy Policy sets out the basis on which we collect and use personal information about you through your use of the Website and when you visit a FIVE GUYS® Restaurant.
This Privacy Policy describes:
- who is responsible for the personal information that we collect about you;
- the personal information we collect about you;
- how we will use it;
- who we may disclose it to; and
- your rights and choices in relation to your personal information.
This is to make sure you have a full picture of how we collect and use your personal information.
In this Privacy Policy where we use the words personal information we use these words to describe information that is about you and is information which identifies you or them.
Our Website is not intended for children and we do not knowingly collect personal information relating to children.
You have the right to object to our use of your personal information in certain circumstances. A summary of your right to object (along with your other rights under data protection law) and details of who to contact if you want to exercise this right can be found at the How to Contact us section below. For further information on your rights see the Your rights section below.
Who is responsible for THE personal information that we collect?
For the purpose of data protection law, we are the controller in respect of your personal information collected and used through your use of the Website and when you visit a FIVE GUYS® Restaurant. This is because we dictate the purpose for which your personal information is used and how we use your personal information.
What PERSONAL Information do we hold about you?
We collect and use personal information about you in the course of providing the Website and when you visit a FIVE GUYS® Restaurant and you provide us with your personal information. We may also collect certain personal information from you via our Website or when you choose to interact with us.
Information that we hold about you
The information that we hold about you may include the following:
| Type of Personal Information | Examples |
|---|---|
| General | |
| Contact information. | Name, title, address, email address and telephone number. |
| Telephone recordings | Recordings of telephone calls with our representatives and call centres. |
| Register to use our online services | Username and account number for access to our Website. |
| Details of complaints and compliments you make | Name, address, e-mail address or telephone number, details about the service you received/your experience. |
| Financial | |
| Financial information and account details | Details regarding products purchased, price, payment method and other financial account details. |
| Other | |
| CCTV footage | Images captured on CCTV if you visit a FIVE GUYS® Restaurant. |
| Photographs | Images that you share with us via social media. |
| Customer satisfaction/feedback surveys | Your views and opinions about your visit to a FIVE GUYS® Restaurant and your dining experience as well as your views about the Website. |
| Technical Information | Technical Information from any device you use in our FIVE GUYS® Restaurants in Belgium and the Netherlands. |
We also collect information from other third party sources and or publicly available sources such as:
- Facebook;
- Twitter;
- Instagram;
- LinkedIn; and
- Snapchat.
We collect identity and contact information about you from the above, and any other available sources (as updated from time to time).
WHAT SPECIAL CATEGORIES OR SENSITIVE PERSONAL INFORMATION DO WE HOLD ABOUT YOU?
We may also collect certain sensitive personal information about you from you (including any special categories of personal data). This may include information concerning your health such as food allergies or intolerances which you provide to us. Where we do so we will rely on your explicit consent or we will notify you if we can rely on a different legal basis for processing this type of information.
Information about third parties
In the course of using the Website and when you visit a FIVE GUYS® Restaurant, you may provide us with personal information relating to third parties.
We will use this personal information in accordance with this Privacy Policy. If you are providing personal information to us relating to a third party, you confirm that you have the consent of the third party to share such personal information with us and that you have made the information in this Privacy Policy available to the third party.
How do we use THE personal information we collect about you?
We use your personal information in connection with the provision of the Website and to supply our products to you when you visit a FIVE GUYS® Restaurant. In particular, your personal information may be used by us, our employees, service providers, and disclosed to third parties for the purposes set out in the table below. For each of these purposes, we have set out the legal basis on which we use your personal information. This is because under data protection law, we can only use your personal information if we have a legal basis to do so.
Examples of where we have a legal basis to process your personal information includes when:
- we have your consent;
- it is necessary to enter into or perform a contract we have with you (or to take steps at your request prior to entering into that contract);
- it is necessary in order to protect your vital interests;
- it is in our legitimate interests to process your personal information; or
- the processing is necessary to comply with a legal duty.
We must tell you which legal basis we are relying on when we use your personal information. The legal basis we typically rely on and the main purposes for which we use your personal information are set out below.
| Purpose | Legal Basis |
|---|---|
| To communicate with you and other individuals. | Legitimate interests. We require your personal information in order to enable us to manage and carry out our operations as a business. Necessary to enter into or perform a contract we have with you. |
| To manage complaints, feedback and queries and provide customer support. | Legitimate interests. We require your personal information in order to enable us to manage and carry out our operations as a business. |
| To improve the quality of the Website and your dining experience. | Legitimate interests. We require your personal information to enhance, modify and personalise the Website and your dining experience for your benefit. |
| To perform any contract entered into with you to fulfil your orders for food and drink and the process payment for those orders. | Legitimate interests. We require your personal information in order to enable us to manage and carry out our operations as a business. Necessary to enter into or perform a contract we have with you. |
| To comply with any legal or regulatory obligations (including in connection with a court order). | Necessary for compliance with a legal obligation to which we are subject. |
| To engage with you via social media. | Legitimate interests. We require your personal information in order to enable us to manage and carry out our operations as a business. Consent. |
| To analyse and improve our products to evaluate and develop our business. | Legitimate interests. We require your personal information in order to enable us to manage and carry out our operations as a business. |
| To protect against fraud or other criminal activity, as well as dealing with Government authorities/law enforcement agencies. | Necessary for compliance with a legal obligation to which we are subject. Legitimate interests. We require your personal information in order to enable us to manage and carry out our operations as a business. |
| To process and fulfil your online orders, including preparing your food and notifying you when it is ready. Where relevant, our third-party provider Lineten (which operates our online ordering pages) may use Google Analytics. | Legitimate Interests. We require your personal information in order to enable us to provide you with a convenient and pleasurable experience in our stores and to enable us to manage and carry out our operations as a business. Consent. In jurisdictions where consent is required, we rely on your consent obtained via our cookie banner before GA cookies are activated. |
Who may we disclose your PERSONAL information to?
We may share your personal information with:
| Type of third party | Examples |
|---|---|
| General | |
| Our group companies | Other companies and entities that are part of the Five Guys Group. |
| Our service providers | Our business partners, suppliers and sub-contractors for the performance of any contract we enter into with you for example: • Sitecore / WordPress – for website content management and analytics (WordPress to replace Sitecore as of July 2025). • Market Force / KnowledgeForce – for customer feedback, survey administration, prize draw processing, and analytics. • Yext – for managing and distributing restaurant information across platforms; includes Google Business Profiler as a sub-processor. • LineTen NXG / LineTen (UK) – for Click & Collect and online order systems, including payment and data processing. • NCR Corporation and NCR Limited – for point-of-sale systems and transaction processing. • CloudConnected – for IT services, cybersecurity, software updates, and hardware management. • One Trust – for cookie management and user behavior analysis. • Eagle Eye Networks – for secure cloud storage and management of CCTV footage. • Microsoft Corporation – for internal communications and document collaboration via Microsoft 365. • Social media and content creation partners:Small Fish (Italy)Social Elite Marketing (Ireland)Follow Austria (Austria, Switzerland, Luxembourg) A current list of these third party service providers with whom we share your personal information can be provided to you on application to the Legal Department at [email protected]. |
| Our professional advisers | Including accountants, lawyers and other professional advisers that assist us in carrying out our business activities, a current list of these third parties can be provided to you on application to the Legal Department at [email protected]. |
| Our franchisees | These are individuals or organisations who enter into an agreement with us to operate a FIVE GUYS® Restaurant under the Five Guys brand in various jurisdictions all over the world. Your personal information will not be shared with all of our franchisees but only those that are relevant to you. |
| Social media related parties | We have different social media related parties for each area of the world in which we operate – your personal information may be shared with the social media related parties in our area but not all. A list of our current social media related parties and the countries in which they operate is set out below: • Start with Wunder (Bahrain) • Socialite MEA (Qatar) • Hrmny (UAE) • Prismic (Kuwait) • Golden AX (South Korea) • New Step (KSA) • Creative Mutant (Australia) • WSD (Hong Kong) Technology Co., Ltd (Macau and Hong Kong) |
We may also disclose your personal information to other third parties, for example:
- in the event that we sell or buy any business or assets we will disclose your personal information to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party (or are subject to a reorganisation within our corporate group), personal information held by us will be one of the transferred assets; and
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or we are involved in any litigation with you.
WHERE WILL WE TRANSFER YOUR PERSONAL INFORMATION?
We may process your personal information both within and outside the European Economic Area (EEA). When we transfer personal information outside the EEA, we will implement appropriate and suitable safeguards to ensure that such data will be protected as required by applicable data protection law, for example we will seek to anonymise it. If we can’t anonymise your personal information, we will take reasonable steps to ensure that your personal information is protected. To do this we may use a set of standard data protection clauses (Standard Contractual Clauses) which have been approved by the European Commission in accordance with Article 46 of the GDPR. Where personal information is transferred to the United States, we may also rely on the EU-U.S. Data Privacy Framework (DPF), where applicable. For further information as to the safeguards we implement and to obtain a copy please contact the Legal Department at [email protected].
How long will we keep your personal information?
We will retain your personal information for no longer than is necessary for the purposes for which the personal information are processed. The length of time we hold on to your personal information will vary according to what that information is and the reason for which it is being processed.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means. We also consider any applicable legal, regulatory, tax, accounting or other requirements which may specify how long we should retain your personal information for.
Subject to the above, personal information about our customers will be retained by us for seven years from, the date of your communication with us to allow us to:
- respond to any queries or complaints you may have; and
- fulfil our obligations to the relevant tax authorities depending on where you are resident and other relevant governing bodies.
For further information on our policy and how long we will keep your information for, please contact the Legal Department at [email protected] or by one of the other means of communication set out in the How to Contact Us section below.
DATA SECURITY
We have put in place appropriate security measures to seek to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Legal Department at [email protected].
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights
The rights below are rights that apply under the EU General Data Protection Regulation and so will predominantly apply if your personal data is used by an entity established in the EEA. Therefore, the rights may not apply to everyone who reads or receives this policy. The rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. You can exercise these rights using the contact details below.
| Summary of your rights | |
|---|---|
| Right of access to your personal information | You have the right to receive a copy of your personal information that we hold about you, subject to certain exemptions. We may require further information in order to respond to your request (for instance, evidence of your identity and information to enable us to locate the specific personal information you require). |
| Right to rectify your personal information | You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete. |
| Right to erasure of your personal information: | You have the right to ask that your personal information be deleted in certain circumstances. For example: • where your personal information is no longer necessary in relation to the purposes for which they were collected or otherwise used; • if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal information; • if you object to the use of your personal information (as set out below); • if we have used your personal information unlawfully; • or if your personal information needs to be erased to comply with a legal obligation. |
| Right to restrict the use of your personal information | You have the right to suspend our use of your personal information in certain circumstances. For example: • where you think your personal information is inaccurate and only for such period to enable us to verify the accuracy of your personal information; • the use of your personal information is unlawful and you oppose the erasure of your personal information and request that it is suspended instead; • we no longer need your personal information, but your personal information is required by you for the establishment, exercise or defence of legal claims; or • you have objected to the use of your personal information and we are verifying whether our grounds for the use of your personal information override your objection. |
| Right to data portability | You have the right to obtain your personal information in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible. The right only applies: • to personal information which you have provided to us; • where the use of your personal information is based on your consent or is necessary for the performance of a contract; and • when the use of your personal information is carried out by automated (i.e. electronic) means. |
| Right to object to the use of your personal information (including to object to direct marketing, automated decision making and profiling) | You have the right to object to the use of your personal information in certain circumstances and subject to certain exemptions. Examples of this right include; • where you have grounds relating to your particular situation and we use your personal information for our legitimate interests (or those of a third party); • where we use your personal data to take a decision which is based solely on automated processing where that decision produces a legal effect or otherwise significantly affects you; and • if you object to the use of your personal information for direct marketing purposes. |
| Right to withdraw consent | You have the right to withdraw your consent at any time where we rely on consent to use your personal information. |
| Right to complain to the relevant data protection authority | You have the right to complain to the relevant Data Protection Authority where you think we have not used your personal information in accordance with data protection law. This will depend on factors such as which FIVE GUYS® Restaurant you visited and the country in which it is located, where you work or reside, or where the infringement occurred. Please see the list of Data Protection Authorities set out in Annex 1 to this Notice for details of the Data Protection Authorities which may be relevant in the event that you have a complaint. |
How to complain
If you think there is a problem with how your personal information is being handled, please contact us by using the details set out in the How to Contact Us section below.
You also have a right to complain to the Data Protection Authority in your country. For your convenience, the contact details of the authorities in Belgium and the Netherlands are listed below. A full and up-to-date list of national authorities is available on the European Data Protection Board’s official website: https://edpb.europa.eu/about-edpb/board/members_en
Please get in touch using the the “How to Contact Us” section below if you require any further information.
| The Netherlands | Autoriteit Persoonsgegevens Hoge Nieuwstraat 8 P.O. Box 93374 2509 AJ Den Haag/The Hague Tel. +31 70 888 8500 Fax +31 70 888 8501 Website: https://autoriteitpersoonsgegevens.nl/ Member: Mr Aleid Wolfsen – Chairman of the Autoriteit Persoonsgegevens |
| Belgium | Autorité de la protection des données – Gegevensbeschermingsautoriteit (APD-GBA) Rue de la Presse 35 – Drukpersstraat 35 1000 Bruxelles – Brussel Tel. +32 2 274 48 00 Fax +32 2 274 48 35 Email: [email protected] Website: https://www.autoriteprotectiondonnees.be https://www.gegevensbeschermingsautoriteit.be Member: Mr Koen Gorissen – President of APD-GBA and Joint representative of EDPB The competence for complaints is split among different data protection supervisory authorities in Belgium. Competent authorities can be identified according to the list provided here: https://www.autoriteprotectiondonnees.be/citoyen/l-autorite/autres-autorites https://www.gegevensbeschermingsautoriteit.be/burger/de-autoriteit/andere-autoriteiten |
Changes to our privacy policy
We will review this Privacy Policy regularly and we reserve the right to make any changes at any time to take account of changes in our business activities and legal requirements and the manner in which we process personal information.
Any changes we make to this Privacy Policy in the future will be posted on the applicable Website.
How to contact us
If you have any questions regarding this Privacy Policy or the way we use your personal information (outside of the USA and Canada), you can contact us by e-mail to the Legal Department at [email protected], or by mail to:
Attention: Legal Department
Prinsengracht 739-741
1017 JX Amsterdam, the Netherlands.
This Privacy Policy was last updated in October 2025.