Hero Certified Burgers Inc. Privacy Policy and Information Security Policy ("Privacy Policy" or "Policy")

Effective Date: March 1, 2017

Welcome. This Policy is designed to help you understand generally how the My Hero Certified Burgers app (the "app") collects personally identifying information about you and how it uses and discloses personal information. My Hero Certified Burgers app is an app for Hero Certified Burgers Inc. and its customers ("Hero Certified Burgers Inc.," "we," "us"). You may contact us at our Address For Legal Notices below. This Policy applies to information that personally identifies you (other than publicly available information and certain aggregate information that does not expressly identify you individually) ("personal information") collected or other sites that appear to be controlled or managed by Hero Certified Burgers Inc. or, where indicated, other information you provide to us.



Table of Contents

    1. How Does This Policy Relate to Use of the Site?
    2. Information We Automatically Collect
    3. Information We Collect That You Provide
    4. Other Websites
    5. What We Generally Do with Personal Information Collected
    6. Your Ability to Update Personal Information
    7. Information Security
    8. Your Particular Consents
    9. Children
    10. Theft
    12. Information About Enforcement of Our Policy
    13. Privacy Policy-Careers
    14. Supplemental Privacy Policy-My Hero Certified Burgers
    15. Supplemental Privacy Policy-Mobile Apps

1. How Does This Policy Relate to Use of the Site?
This Policy is part of and incorporated into the app. Terms of Use ("Terms of Use"), which is the contract between you and Hero Certified Burgers governing use of the app. Parts of the Terms of Use affect this Policy, so, unless you have already done so, please review them prior to using the Site. Terms used but not defined in this Policy have the definitions in the Terms of Use.

This Policy is supplemented by additional policies relevant to particular activities, and each of the supplemental policies will also apply and should be read together with this Policy. Here are examples of areas in which you will encounter supplemental privacy policies but this list is not complete: a supplemental policy may be included within this Policy, elsewhere on the Site with respect to a particular activity, or on a third party site relating to Hero Certified Burgers Inc. business (e.g. Hero Certified Burgers Inc. Advisors Panel). To the extent the supplemental policies are not set forth within this Policy, they are incorporated into this Policy.

2. Information We Automatically Collect
Hero Certified Burgers Inc. collects some information automatically from visitors to the Site, for example through the use of "web beacons", and other technologies. These technologies make your use of the Site or our operations more convenient. We use these technologies for a variety of purposes such as to improve your app use experience, to manage Site traffic, to assess promotional effectiveness, to track information such as the total number of visitors, IP addresses and browser types, access times, pages viewed and referring website addresses. For example, we may collect information about your activities on the app so we may make product recommendations, to tailor content to your interests, or to provide shopping cart services during a future visit to our Site. We may also deliver ads or make recommendations in the context of your current visit to our Site or a single search query in our Site.

We generally do not share information from "cookies" and the like with third parties other than our service providers and within the Hero Certified Burgers Inc. Organization (as defined in Section 8, below), but reserve the right to do so. If we materially change the type of information we automatically collect or the way in which we share it, we will notify you.

3. Information We Collect That You Provide
It is always your choice, or the choice of anyone acting for you, whether to provide personal information. However, some must be provided to participate in certain programs or activities, so the decision not to provide information might limit or eliminate certain functions of the Site or the ability to participate. Other information is up to your good judgment, e.g., do not provide personal information about yourself that could be misused by others in a chat room, bulletin board, blog or similar forum and do not provide personal information about others without their permission. Depending on what you choose, the kinds of personal information we tend to request about you or others include but are not limited to your name, email address, telephone number, physical address, your preferences for products, programs or services and participation in our surveys, clubs, promotions, contests, sweepstakes or loyalty programs and other information relating to particular activities. We may also collect credit or debit card information if you are making a purchase. Additional information about what we collect is available in any supplemental privacy policies for particular activities.

4. Other Websites
Hero Certified Burgers Inc. works with third parties on certain programs, and often those third parties own and/or are responsible for that program's Web site. In those cases, if you provide personal information, you will be giving it to a third party and their privacy policy will apply, in addition to ours. You agree that if they provide it to us then we may apply our Policy to what we receive.
In addition, many Hero Certified Burgers Inc. restaurants are owned and operated by franchisees, who are independent business people. Hero Certified Burgers Inc. franchisees are responsible for their Web sites and associated content. Your use of those sites is subject to different privacy policies and terms and conditions. We are not responsible for the practices and policies of franchisees.

5. What We Generally Do with Personal Information Collected
In general, we use personal information we collect to respond to your inquiries or requests, administer surveys, clubs, promotions, contests, sweepstakes or loyalty programs, process and manage your purchases, (and related activities) for which we collect it. For example (and without limitation), if you sign up for a newsletter, we'll send the newsletter we'll use the information to find out about you and share it with service providers and others we view as relevant to the employment process; if you opt-in to receive emails, texts or other electronic communications from us, we may make recommendations or deliver advertisements about our products and services. Further information is available in the supplemental policies for some activities, but you should assume that we will use all information for all lawful purposes. Subject to applicable law, we reserve the right voluntarily or involuntarily to make all lawful, worldwide uses of personal information, including without limitation, to: collect, use, access (or bar access), process, fulfill, disclose, display, share, respond to legal process or otherwise exercise our rights under applicable law, transfer, store, sell, lease, retain, commingle, investigate, verify, prove, enforce, delete, and otherwise deal with personal information, and information other than personal information, voluntarily or involuntarily (collectively "Disclose").

6. Your Ability to Update Personal Information
In general, you are able to update your personal information in our app. If your information has changed, you may update it through the profile area of the app. Some activities allow some updating, e.g., you may update your profile by using the functionality in that section of the app.
We keep personal information for as long as we think is necessary or advisable and we reserve the right to retain it to the full extent not prohibited by law. We may discard personal information in our discretion, so you should retain your own records, and not rely upon our storage of any personal information or other data.

7. Information Security
WE DO NOT GUARANTEE THE SECURITY OF PERSONAL INFORMATION OR OTHER INFORMATION IN ANY FORM. We make what we believe to be commercially reasonable efforts to provide a reasonable level of security for personal information we are required to protect, but this is not a promise that your information will never be disclosed except as provided herein. As you probably know, information can sometimes be intercepted or accessed in violation of law, contract or policy and technologies don't always work as anticipated.

8. Your Particular Consents
In addition to consenting to the Terms of Use, including this Policy (and any relevant supplemental policies), Hero Certified Burgers Inc. is interested in letting you know about, and receiving your particular consent to, a few activities relating to personal information that will help us to deal with personal information that is Disclosed in furtherance of our operations and programs. These are described immediately below.

Consent to Share and Disclose Personal Information, Including Data Transfers Internationally. We may share information within the Hero Certified Burgers Inc. The Hero Certified Burgers Inc. Organization includes Hero Certified Burgers Inc., our subsidiaries, affiliates and franchisees of any of them. We may also share information with companies that provide support services to us (such as credit card processors, mailing houses, web hosts, technical support providers, fulfillment centers or other services or for enforcing or investigating transactions or business operations). These companies may need information about you in order to perform their functions. These companies are not authorized to use the information we share with them for any other purpose, but we do not control these companies. You agree that Hero Certified Burgers Inc. and those with whom we share personal information ("Recipients") may Disclose and transfer your personal information worldwide (including in and outside the U.S, the European Union and other jurisdictions ) for any purpose relating to our operations, programs, or otherwise that is not allowed or prohibited by this Policy.

Consent to Electronic Notice If There is a Security Breach. If we or a Recipient is required to provide notice of unauthorized access or other invasion of certain security systems, you agree that we (or they) may do so when required (or voluntarily) by posting notice on our Site or sending notice to any email address we have for you, in our (or their) good faith discretion. You agree that notice to you will count as notice to others for whom you are acting, and agree to pass the notice on to them.

9. Children
We do not want to collect information from children. Do not provide any personal information unless you are at least 13 years of age, and please caution your children not to provide any. If a child under 13 has provided personal information, a parent or guardian may so inform us by writing us at Our Address for Legal Notices (see below) and we will use commercially reasonable efforts to delete it from our database, subject to applicable law and this Policy.

10. Identity Theft
If anyone believes they're a victim of identity theft entitled by law to request information from us, write us at Our Address for Legal Notices and we'll explain what information we require in order to respond. After receiving that information, we'll supply (without charge) information we then have that we are legally required to provide (subject to applicable law and reserving all rights and defenses).

11. Amendments
We will be changing what we do and how and why we Disclose data periodically-this Policy describes what we currently envision, but that will change as we change. You agree that this Policy amends and replaces any previous privacy policies and applies retroactively. We may further amend all or part of this Policy in the same way that we make amendments to our Terms of Use and such amended versions will be posted on this page. USE OF THE SITE AFTER THE EFFECTIVE DATE WILL CONSTITUTE YOUR CONSENT TO THE AMENDMENTS, SO IF YOU DO NOT WANT TO BE BOUND BY AN AMENDED VERSION, DO NOT USE THE SITE AND CEASE ALL USE OF THE CONTENT OR SERVICES.

12. Information About Enforcement of Our Policy
This Policy is part of and supplemented by our Terms of Use, which together with any supplemental privacy policy form a contract. We and you are bound by the Terms of Use, including this Policy. If you think we are in default, you may contact us by writing to Our Address for Legal Notices. There are no third party beneficiaries of this Policy.
Our Address for Legal Notices:

Hero Certified Burgers Inc.

78 Signet Drive
Toronto, Ontario M9L 3A1
Attn: Legal

13. Supplemental Privacy Policy-Hero Certified Burgers TM
Welcome. This Supplemental Privacy Policy—My Hero Certified Burgers TM (“My Hero Certified Burgers Policy”) supplements the Hero Certified Burgers Inc. Privacy Policy and Information Security Policy (“Privacy Policy”), which is part of our Terms of Use, so read them in addition to this My Hero Certified Burgers Policy. Any terms used but not defined in this My Hero Certified Burgers Policy are defined in those documents. BEFORE YOU CAN FINALIZE YOUR MY Hero Certified Burgers ACCOUNT PROFILE SET-UP, YOU’LL NEED TO REVIEW AND ACCEPT THIS MY Hero Certified Burgers POLICY (WHICH WILL ALSO BE YOUR CONSENT TO RECEIVE EMAILS FROM Hero Certified Burgers INC. AND YOUR ACCEPTANCE TO THE PRIVACY POLICY AND TERMS OF USE, AND IF YOU ARE USING THE MY Hero Certified Burgers MOBILE APP, IT WILL ALSO BE YOUR SIGNATURE TO THE SUPPLEMENTAL PRIVACY POLICY—MOBILE APPS, WHICH CAN BE REVIEWED BELOW


Table of Contents

A. Creating a Profile
B. Email Consent
C. Your Ability to Edit your Profile Information
D. Children
E. Amendments

Information That We Collect When You Create a Profile in My Hero Certified Burgers. You will need to create an account profile (a “profile”) so you can receive communications from Hero Certified Burgers. When you create a profile, we will need you to provide your name, Postal code, email address and date of birth. We collect your email address in order to create a user name for your profile and to send you promotional and other emails pursuant to Email Consent section below. We also collect your Postal code so we can communicate with you about offers that are specific to your geographic location. We also use the above information for authentication and fraud prevention purposes and purposes allowed in our Privacy Policy.

How We Use Profile Information. In addition to the uses of personal information allowed in the Privacy Policy, we make these kinds of uses of personal information submitted when you create a profile in My Hero Certified Burgers Inc. We Disclose (as defined in the Privacy Policy) it:

• to Hero Certified Burgers Inc. service providers so we may communicate with you about our latest news and to provide you coupons and promotional information;

• within the Hero Certified Burgers Inc. Organization and to our service providers to facilitate our business or marketing purposes; and
• as stated in the Email Consent section below.

When you create a profile, you will be consenting to receive future emails from Hero Certified Burgers Inc. and its existing or future affiliates and subsidiaries (and their service providers and business partners) for marketing purposes and to help us improve products and services, including emails regarding surveys, clubs, promotions, offers, contests, sweepstakes, loyalty programs, processing and managing purchases and to engage in other related activities. Such emails will include an easy opt-out feature or you can opt-out by clicking the “unsubscribe” link on our sign-in page at any time. You may opt-out of receiving all emails from Hero Certified Burgers Inc. or just certain emails from Hero Certified Burgers Inc. If you opt-out of receiving all emails from Hero Certified Burgers Inc., we will maintain your profile so you can use other features of My Hero Certified Burgers, but we won’t send you emails (except pursuant to the following sentence). You may not opt-out of emails that we’re allowed to send by law or contract, such as messages relating to a transaction with or affecting you or a business relationship or request that you have made.

You may edit your profile by changing things such as your name or your postal code. You agree that such change does not affect in any manner your original consent to receive emails. If, however, you wish to change your original consent to receive emails, you will be asked to confirm your change. For example, you may use the edit feature to stop receiving future promotional and/or other email communications from Hero Certified Burgers Inc. as described in the Email Consent section above. If you deactivate your profile entirely, we will usually maintain your profile information for a reasonable period of time after you deactivate it (e.g., for purposes such as fraud control, documentation or if you have a question about why you are not receiving further communications from us). After that, we may stop keeping or render it inactive, but we reserve the right to keep or use it longer subject to applicable law or contracts.

Only individuals thirteen (13) years of age or older may create a profile. Users between the ages of thirteen (13) to eighteen (18) must review this My Hero Certified Burgers Policy with a parent or legal guardian to ensure the parent or legal guardian agrees to this My Hero Certified Burgers Policy. In the event that the user’s parent or legal guardian does not agree to this My Hero Certified Burgers Policy, the user must immediately discontinue use of My Hero Certified Burgers.

This My Hero Certified Burgers Policy can be amended in the same way we amend our Terms of Use and Privacy Policy, so please read them for details. If a change impacts the emails sent, you can always opt-out of further emails by following the directions in the email.

14. Supplemental Privacy Policy-Mobile Apps
Welcome. This Supplemental Privacy Policy—Mobile Apps (“App Policy”) supplements the Hero Certified Burgers Inc. Privacy Policy and Information Security Policy (“Privacy Policy”). This App Policy (as well as the main Privacy Policy) applies if you download or use any mobile app that we offer (alone or with others) (an “App”) from time to time for download, such as on the Site, or through a third party platform (such as the Apple iTunes store or Google Play, etc.). Additionally, wherever the Privacy Policy uses the term “Site,” that term is defined in the Privacy Policy to include all Apps.


Information That Is Automatically Collected by Apps. When you download or use an App, personal information about you, or the device that you use in connection with the App, may automatically be collected by us, or by third parties. This may include, for example, information about your download or use of the App, unique device identifiers associated with the device(s) you use to download or use the App or associated with equipment or systems used in connection with your device (e.g., an identifier of a Wi-Fi router or Internet access point). Third parties may also obtain information, such as your mobile device manufacturer or carrier, mobile or data network systems or operators, other providers of other apps or code on your device, and anyone who has administrative privileges to devices you use. In general, we do not control what information those kinds of third parties may receive and do not take any steps affirmatively to provide them with more information than they would obtain from other apps you might choose to download (we just feel that it is important to remind you that there are third parties who may receive information through apps).

You may also be reminded by the app “store” (e.g., a third party platform you might use to obtain the App, such as Apple iTunes store or Google Play, etc.) that certain information might be sought by us or others, or that certain privacy policies will apply to an App. You agree that we may rely upon any consents or agreements you provide to such stores (e.g., if you tell them that it’s okay that an App collect “location” or other personal information, we may rely on your consent as if you had given it directly to us).

Information That You Provide That is Collected in Apps. In addition to the types of personal information that we collect on the Site generally, additional information may be collected in an App. For example, when using our My Hero Certified Burgers App, you may register to create a My Hero Certified Burgers account profile (and you must do so to use the mobile payment feature). Registration will actually occur on our website, and you will need to supply your email address a password and the other information required for a My Hero Certified Burgers account profile (which is subject to the terms of the My Hero Certified Burgers Policy). When you register, App features may allow you to provide other information as well. For example, you can create menu selections to remember meal combos or learn about nutritional information; store information about past purchases or experiences at Hero Certified Burgers; purchase, use or load certain gift card and/or credit card information into the App; share general location information with us and the App in connection with locating nearby Hero Certified Burgers locations; or provide preferences related to offers and incentives that we and our affiliates might offer. The information you decide to include will be synchronized from time to time between our website and the App so that you may have access to it from several devices.

Updates to, and Deletion of, Information. You may update some information (not all of which will necessarily be personal information) provided to an App by using any functionality in the App for that. For example, if you have saved a meal selection, or have provided information about a gift card, you can change or delete it using any options in the App. You can remove Apps by deleting or uninstalling them from all of devices they are on. Properly removing the App will stop your device from providing further information to us or others, but will not affect information already collected or Disclosed, including information that resides somewhere else. For example, our App synchronizes with your My Hero Certified Burgers account profile on our website (and vice versa) and the website information for such account profiles is held by us. To eliminate that website information, you will need to edit your account profile information on our website as described in the Your Ability to Edit your Profile Information section of the My Hero Certified Burgers Policy. Additionally, because of the way we maintain account profiles, residual copies of account profile, App and other associated information may remain on our backup systems. Also, App or information removal (full or partial) will not have any effect on information already Disclosed or relied upon by us or others.

How We Use Information Collected in Apps.
In addition to the uses of personal information allowed in the Privacy Policy, we make these kinds of uses of personal information collected in an App. We disclose (as defined in the Privacy Policy) it:

• to rest of our Site (such as our website), and we combine it with information that we collect on, through or in connection with the Site. For example, we will combine any account profiles you create in an App with any account profile you create on our website, and vice versa;

• for marketing purposes and to help us improve products and services, including to send you emails and other communications if you’ve created an account profile as described in the Email Consent section of the My Hero Certified Burgers Policy;

• to our affiliates and other third parties or persons who assist with the operation of an App, the rest of the Site, or app stores; and

• to our gift card service provider to process payment transactions and to support Hero Certified Burgers Inc. gift card products.

Consent to Share and Disclose Personal Information.
In addition to consenting to the Terms of Use and Privacy Policy, you agree that by using an App or providing personal information in the App, you are consenting to the collection, retention, use and disclosure of your information in accordance with the terms of this App Policy, the My Hero Certified Burgers Policy (as applicable) and the Privacy Policy. You also agree that you are consenting to Hero Certified Burgers disclosing your information to third parties as stated in this App Policy (e.g., see the How We Use Information Collected in Apps section above).

Passwords. The Terms of Use require you to keep secret your password and other access credentials confidential. This is especially important for Apps if you want to hinder unauthorized access to the information that will be available through an App, including information that is synchronized with the App and payment data. When using mobile payment features of an App, the utilization of passwords and other access credentials is particularly important and may provide enhanced security (keeping in mind that any data transmitted via mobile phones or other devices cannot be guaranteed to be 100% secure).

Security. The Information Security section of our Privacy Policy provides information about our general security. Apps use mobile phones and other devices, and any security of data that resides on the device will only be as secure as the device itself. Please be advised, however, that the transmission of information over wireless and wired networks is not inherently secure and, although we endeavor to provide reasonable security measures, no security system can prevent all potential security breaches. As a result, your information may be subject to interception or loss which is beyond our control.