Subway.co.uk would like to place cookies on your computer to help us make this website better. To find out more about the cookies on our website, please see our Privacy Policy.

SFAFT BV Privacy Policy
Subway Franchise Advertising Fund Trust B.V. Amsterdam, the Netherlands www.subway.co.uk United Kingdom and Ireland

 

TABLE OF CONTENTS

  1. Privacy Statement
  2. Consent
  3. Consent to Share and Disclose Information, Including International Data Transfers
  4. Consent to Electronic Notice If There is a Security Breach
  5. Type of information we may collect
  6. Internet Users - Cookies, Internet Protocol (IP) Address, Aggregate Informatio
  7. Compliance with the Digital Advertising Alliance
  8. Interest-Based/Online Behavioral Advertising
  9. Children and Data Collection
  10. A Note to Parents/Guardians—Additional Information About Children's Privacy
  11. Our Use of Your Personal Information
  12. Collection and Use of Customer Information
  13. Collection and Use of SUBWAY® Franchisee and Prospective Franchisee Information
  14. Website
  15. Mobile Information
  16. Marketing Promotions and Advertising
  17. Forward-to-a-Friend and Refer-a-Friend
  18. Opt-Out of Email and Mobile Updates
  19. Sharing of Personal Information
  20. Security
  21. Phishing
  22. Storage, Retention and Accuracy of Personal Information
  23. Access, Control and Update Information About You
  24. Contact Information
  25. Links to Non-SFAFT BV Web Sites and Third Parties
  26. Social Media and Online Engagement
  27. Your California Privacy Rights
  28. Safe Harbor Compliance
  29. Members of the European Union
  30. Changes to our Privacy Policy
  31. Terms and Conditions of Website Use

1. Privacy Statement

Your privacy is very important to us. This Privacy Policy discloses how Subway Franchisee Advertising Fund Trust, B.V. ("SFAFT BV") and its affiliated companies collects, protects, uses and shares personal information gathered about you, in conformance with Directive 95/46/EC of the European Parliament, the Council of 24 October 1995, the United Kingdom Data Protection Act of 1998 and the Republic of Ireland Data Protection Act of 1988. Our privacy practices are consistent with:

  • The European Union Data Protection Directive and the U.S. Department of Commerce Safe Harbor Program Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
  • Fair information practices established by the Organisation for Economic Co-operation and Development (OECD).
  • The Asia Pacific Economic Cooperation forum (APEC) Privacy Framework.
  • Applicable country, national, state and local data protection laws (some country's laws require country specific information in a privacy policy.

SFAFT operates as the advertising part of the SUBWAY® Group's advertising entities, which includes, but is not limited to: Subway Franchisee Advertising Fund Trust, Ltd. ("SFAFT") is a Connecticut statutory trust, with a business address at 325 Bic Drive, Milford, CT 06461. Subway Franchisee Advertising Fund Trust, B.V. ("SFAFT BV") is a Netherlands limited liability company, with a business address at Prinsengracht 13, 1015 DK Amsterdam. Subway Franchisee Advertising Fund of Australia Pty. Ltd. ("SFAFA") is a company limited by shares, with a business address at Level 1, 42 Amelia Street, Fortitude Valley, Queensland, 4006, Australia. Subway Franchisee Advertising Fund of Canada, Inc./Le Fond De Publicité Des Franchisés Subway Du Canada Inc. ("SFAFC") is a federal corporation, with a business address at Monarch Registries, 11210-107 Avenue NW, Main Floor, Ed Monton, AB T5H 0Y1. The FAF Group administers national and local advertising funds and activity for SUBWAY® restaurants and SUBWAY® franchisees worldwide. SFAFT, SFAFT BV, SFAFA, and SFAFC are collectively referred to herein as the "FAF Group".

SFAFT BV shares information, including Personal Information with the SUBWAY® Group, which includes, but is not limited to: Franchise World Headquarters, LLC ("FWH"), which operates as a service-oriented company for and on behalf of the SUBWAY® System worldwide by providing core business related services for the following franchising entities: Doctor's Associates Inc. ("DAI"). DAI owns and licenses the SUBWAY® trademark and SUBWAY® Restaurant System to its affiliates, including, but not limited to, Subway International B.V. ("SIBV"), a Limited Liability Company and the franchisor of the SUBWAY® system for Europe, Subway Systems Australia Pty Ltd ("SSA"), Subway Franchise Systems of Canada, Ltd. ("SFSC"), Subway Partners Colombia C.V. ("SPCCV"), Subway Systems do Brasil Ltda. ("SSB"), Sandwich and Salad Franchises of South Africa Pty Ltd. ("SSFSA") and Subway Systems India Private Limited ("SSIPL"), in order to develop SUBWAY® restaurants worldwide. FWH, DAI, SIBV, SSA, SFSC, SPCCV, SSB, SSFSA, and SSIPL are collectively referred to herein as the "SUBWAY® Group".

All Personal Information is collected in a fair and non-intrusive manner, with your voluntary consent. Personal Information is not accessible to anyone outside the specific function for which it is collected. SFAFT BV respects the privacy of our SUBWAY® customers, our employees, job applicants, and other visitors to our websites who may choose to provide personal information. We recognise the need for appropriate protections and management of personal information that you provide to us. This Privacy Policy will assist you to understand what types of information we may collect, how that information may be used, and with whom the information may be shared.

This Privacy Policy explains SFAFT BV's practices regarding the information collected online from users of the SUBWAY® Restaurant Systems website located at http://www.subway.co.uk/privacy-policy.aspx.

In an effort to comply with the law, and our commitment to protect your personal information, we provide the following, which discloses our policies. Please note that this Privacy Policy does not govern the privacy policies and procedures of independently owned and operated SUBWAY® stores. In addition, this privacy policy does not govern the personal information handling policies and procedures of FWH, DAI or our affiliates within the SUBWAY® Group. To find out more about FWH and DAI's privacy practices, please see the SUBWAY® Online Privacy Notice located at: http://www.subway.com/subwayroot/PrivacyNotice.aspx.


2. Consent

This Privacy Policy applies to all information gathered for and on behalf of SFAFT BV, whether in writing, verbally or electronically, through any website operated by or on behalf of SFAFT BV, including, but not limited to, www.subway.co.uk, together with any and all future websites that are operated by or on behalf of SFAFT BV (the "Websites"). By using the Websites, or participating in any program or service managed by SFAFT BV, you consent to the data practices described in this Privacy Policy. If you have questions about this Privacy Policy or the protection of your information, please contact SFAFT BV's Privacy Officer at fafprivacyofficer@subway.com.
BY SUBMITTING PERSONAL INFORMATION TO SFAFT BV, AND/OR BY ACCESSING AND USING THE WEBSITE, YOU AGREE THAT SFAFT BV MAY COLLECT, USE AND DISCLOSE SUCH PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY AND THE TERMS AND CONDITIONS AS PERMITTED OR REQUIRED BY LAW.


3. Consent to Share and Disclose Information, Including International Data Transfers

In addition to consenting to this Privacy Policy and the Terms and Conditions, including any relevant supplemental policies, you expressly consent to SFAFT BV sharing the information that you have provided, as described herein. SFAFT BV may share information with its affiliates, the SUBWAY® Group. SFAFT BV may also share information with companies that provide support services to it, such as credit card processors, mailing houses, web hosts, technical support providers, fulfillment centers or other service providers or for enforcing or investigating transactions or business operations, because these companies may need information about you in order to perform their functions. These companies are not authorised to use the information SFAFT BV shares with them for any other purpose, but SFAFT BV does not control these companies. You agree that SFAFT BV and those with whom it shares information (the "Recipients") may disclose and transfer your information worldwide, including in and outside the United States, the European Economic Area, Canada, and other jurisdictions serviced by the SUBWAY® Group, for any purpose relating to SFAFT BV's operations and programs.


4. Consent to Electronic Notice if there is a Security Breach

If SFAFT BV or a Recipient is required to provide notice of unauthorised access of certain security systems, you agree that SFAFT BV, or the Recipient, may do so when required or voluntarily by posting notice on the Website or sending notice to any email address SFAFT BV or the Recipient has for you, in the good faith discretion of SFAFT BV or the Recipient. You agree that notice to you will count as notice to any other individual for whom you are acting and agree to provide the notice to any such individual.


5. Type of information we may collect

Personal Information is defined as any information concerning the personal or material circumstances of an identified or identifiable individual. An identifiable person is one who can be identified, directly or indirectly, by reference to a Social Security Number and/or Identification Number (hereinafter "SSN/I.N") or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal Information shall include but is not limited to: name, home address, home zip code, home telephone number, mobile phone number, email address, Social Security Number and/or Identification Number, financial information and employment related information such as may be found on resumes, applications, background verification information, or in employment references.
SFAFT BV takes measures to maintain the confidentiality of your SSN/I.N to protect your SSN/I.N from unlawful disclosure, and to limit access to your SSN/I.N. SFAFT BV will not make your SSN/I.N available to the general public, print your SSN/I.N on any card, require you to provide your SSN/I.N to access any products or services, transmit your SSN/I.N over the Internet unless the connection is secure or your SSN/I.N has been encrypted, or requires the transmittal of your SSN/I.N to access our Website without requiring additional authentication.
Non-personal information is information that is already a matter of public record or knowledge. Business contact information is considered non-personal information and not subjected to special protection and it can be routinely shared with anyone inside or outside of the business. Business contact information shall include but is not limited to: business name, business address, business telephone number, and is not considered personal information in certain jurisdictions.
Sensitive data is information that can include but is not limited to, an individual's gender, racial or ethnic origins, politics, religion, trade union membership, veteran status, physical or mental health, disabilities, sex life, sexual orientation, or criminal (or alleged criminal) activities, proceedings or convictions. We will never collect Sensitive Personal Information except to comply with Affirmative Action data requirements.


6. Internet Users - Cookies, Internet Protocol (IP) Address, Aggregate Information

Cookies - in addition to Personal Information, we use data collection devices such as "cookies" on certain web pages to help analyse our web page flow and measure promotional effectiveness. A cookie is a small file, typically of letters and numbers, downloaded to an individual's hard drive while they are viewing the website. Cookies allow the website to remember important information that will make your visit to the site more useful. We use cookies to help improve your future visits. If you do not wish to receive a cookie or if you wish to set your browser to warn you each time a cookie is being sent, or if you wish to turn off all cookies, use the options on your browser to assist you. The "Help" option on your browser may assist you in changing your cookie preferences. Please note that by turning cookies off, you will not have access to many features available on our website.
Cookies can expire at the end of a browser session (from when a user opens the browser window to when they exit the browser) or they can be stored for longer.
Session cookies - allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes such as remembering what a user has put in their shopping basket as they browse around a site. They could also be used for security or to facilitate use of webmail. These session cookies expire after a browser session and would not be stored long term.
Persistent cookies - are stored on a users' device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be remembered. Persistent cookies may be used for a variety of purposes including remembering users' preferences and choices when using a site or to target advertising
First and third party cookies - Whether a cookie is 'first' or 'third' party refers to the website or domain placing the cookie. First party cookies in basic terms are cookies set by a website visited by the user - the website displayed in the URL window. Third party cookies are cookies that are set by a domain other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website this would be a third party cookie.
For more information about cookies, including how to see what cookies have been set and how to manage, block and delete them, visit www.allaboutcookies.org. The website www.allaboutcookies.org gives you detailed step by step guidance on how to control and delete cookies depending on your browser type. You can adjust your browser settings to your preferred level of protection. In the table below we have, where possible, included links to privacy controls for third-party websites that deliver cookies via our website within advertisements or widgets.
We have tried to list all the cookies which we or our technology partners use but please bear in mind that sometimes there may be a short delay in updating this list. If you do notice a discrepancy, or think a cookie is missing, please let us know by contacting our Privacy Officer at fafprivacyofficer@subway.com.


To opt out of being tracked by Google Analytics across all websites visit: tools.google.com/dlpage/gaoptout.


This website uses the following cookies:
Cookie Name Purpose 1st or 3rd Party More Information
__utma
__utmb
__utmc
__utmz
(www.subway.co.uk domain) These functional cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. 3rd Party For an overview of privacy at Google visit: http://www.google.com/analytics/learn/privacy.html

datr
When a web browser accesses facebook.com (except social plugin iframes), the cookie helps facebook identify suspicious login activity and keeps users safe 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

lu
This cookie helps protects people using public computers 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

p
When a web browser accesses facebook.com (except social plugin iframes), the cookie helps facebook identify suspicious login activity and keeps users safe 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

c_user This stores a facebook user ID 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

csm - 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

xs This is a facebook authentication cookie 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

act This cookie helps Facebook monitor site performance 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

presence The presence cookie is used to contain the user's chat state. For example, which chat tabs are open. 3rd Party For an overview of privacy at Facebook visit: http://www.facebook.com/about/privacy/

ASP.NET_SessionId This cookie is used to record that users have viewed the webcast. It collects information in an anonymous form. This cookie expires when you close your browser. 3rd Party For an overview of privacy at workcast: http://www.workcast.co.uk/privacy

__utmz=37676093.1337598675.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
subwayCookieCompliance=true Cookie Selection - This strictly necessary cookie is used to record if a user has accepted the use of cookies on this website. Strictly Necessary Not Applicable.

PREF
(www.subway.co.uk/mobile domain)
These cookies are used by Google to ascertain how many users are using their mapping service. They expire after a period between six months and two years. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

__utma
(www.subway.co.uk/mobile domain)
This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred. Google Analytics uses the information from this cookie to calculate things like Days and Visits to purchase. 3rd Party For an overview of privacy at Google visit: http://www.google.com/analytics/learn/privacy.html

__utmc
(www.subway.co.uk/mobile domain)
This cookie takes a timestamp of the exact moment in time when a visitor leaves a site. 3rd Party For an overview of privacy at Google visit: http://www.google.com/analytics/learn/privacy.html

__utmz
(www.subway.co.uk/mobile domain)
This cookie keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. It expires in 15,768,000 seconds - or, in 6 months. 3rd Party For an overview of privacy at Google visit: http://www.google.com/analytics/learn/privacy.html

NID
(www.subway.co.uk/mobile domain)
These are used by Google to track how many people are using their Maps, which appear on every branch page. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

__utmb
(www.subway.co.uk/mobile domain)
This cookie takes a timestamp of the exact moment in time when a visitor enters a site 3rd Party For an overview of privacy at Google visit: http://www.google.com/analytics/learn/privacy.html

HSID
(www.subway.co.uk/mobile domain)
These cookies are used by GoogleMaps to deliver maps and track usage of their service. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

APISID
(www.subway.co.uk/mobile domain)
The Google+1 button is a way for you to share information publicly, as part of your Google Profile. Clicking it will be recorded by Google, along with the information about the page you are viewing. This helps you and others receive customised content from Google and its partners. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

SS
(www.subway.co.uk/mobile domain)
These cookies are used by GoogleMaps to deliver maps and track usage of their service. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

SID
(www.subway.co.uk/mobile domain)
These cookies are used by GoogleMaps to deliver maps and track usage of their service. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

__utma
__utmb
__utmc
__utmz
(https://subcard.subway.co.uk/cardholder/home_uk.html domain) These functional cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. 3rd Party For an overview of privacy at Google visit: http://www.google.com/analytics/learn/privacy.html

NID
(https://subcard.subway.co.uk/cardholder/home_uk.html domain) These are used by Google to track how many people are using their Maps, which appear on every branch page. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

HSID
(https://subcard.subway.co.uk/cardholder/home_uk.html domain) These cookies are used by GoogleMaps to deliver maps and track usage of their service. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

APISID
(https://subcard.subway.co.uk/cardholder/home_uk.html domain) The Google+1 button is a way for you to share information publicly, as part of your Google Profile. Clicking it will be recorded by Google, along with the information about the page you are viewing. This helps you and others receive customised content from Google and its partners. You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

SS
(https://subcard.subway.co.uk/cardholder/home_uk.html domain) These cookies are used by GoogleMaps to deliver maps and track usage of their service. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

SID
(https://subcard.subway.co.uk/cardholder/home_uk.html domain) These cookies are used by GoogleMaps to deliver maps and track usage of their service. 3rd Party You can find out more about these cookies at www.google.com/intl/en/privacy/privacy-policy.html

Web Beacon - Also called a Web bug or a pixel tag or a clear GIF. We use pixels tags or transparent GIF files, to help manage our online advertising and promotions. These tags collect anonymous (not personally identifiable) information about which advertisements and promotions bring users to our website. With both cookie and tag technology, the information that we collect and share is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address.

Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel that is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.

Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser's cookies will prevent Web beacons from tracking the user's activity. The Web beacon will still account for an anonymous visit, but the user's unique information will not be recorded.

Internet Protocol (IP) Address - an Internet Protocol (IP) Address is associated with your computer's connection to the internet. SFAFT BV may use your IP address to help diagnose problems with SFAFT BV's server, to administer the Website and to maintain contact with you as you navigate through the Website. Your computer's IP address also may be used to provide you with information based upon your navigation through the Website. SFAFT BV does not link IP addresses to any Personal Information.

Aggregate Information - is used to measure the visitors' interest in, and use of, various areas of the Website and the various programs that SFAFT BV administers, SFAFT BV will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, SFAFT BV may undertake statistical and other summary analyses of the visitors' behaviors and characteristics. Although SFAFT BV may share this aggregate information with third parties, none of this information will allow anyone to identify you, or to determine anything else personal about you.

7. Compliance with the Digital Advertising Alliance

SFAFT, an affiliate of SFAFT BV, uses the Evidon assurance platform to comply with the cross-industry Self-Regulatory Program for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA) (http:///aboutads.info). As part of this service, SFAFT's online advertisements and Web sites are sometimes delivered with icons that help consumers understand how their data is being used and provide choice options to consumers that want more control. The list of our advertising partners may be updated from time to time. To opt-out of internet-based advertising by all DAA-participating companies, visit http://www.aboutads.info/choices/.

8. Interest-Based/Online Behavioral Advertising

On some pages of our site we may allow third-party advertising partners to set web tracking tools (e.g., cookies and web beacons) to collect anonymous, non-personally identifiable information regarding your activities on those pages (e.g., your IP address, page(s) visited, time of day). We may also share such information we have collected with third-party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering future targeted advertisements to you when you visit other (non-SUBWAY®) sites within their networks. This practice is commonly referred to as "interest-based advertising" or "online behavioral advertising."

Pages of our website that collect information that may be used by such advertising partners for interest-based advertising purposes may be identified by a link to AdChoices on the page.

Opting out (site pages). If you do not want your browsing while on such pages to be used for interest-based advertising purposes, you may click on the AdChoices link to opt-out of such uses by the listed advertising partner(s). Even if you opt-out through this service, we may still collect non-personally identifiable information regarding your site activities and use it for non-interest-based advertising purposes as described in this privacy statement.

Opting out (advertisements). Advertisements on third-party sites that contain the AdChoices link and that link to this privacy policy may have been directed to you based on anonymous, non-personally identifiable information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt-out of the advertising partners' use of this information for interest-based advertising purposes. Even if you opt-out through this service, we may still collect and use information from the advertisements for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.

9. Children and Data Collection

SFAFT BV adheres to the United States Federal Privacy Protection standards as stated in the Children's Online Privacy Protection Act ("COPPA"). We care about the safety of children. We will not knowingly allow anyone under 13 to provide us any personally identifying information. Children under 13 years of age are required to obtain the express permission of a parent or guardian before submitting any Personal Information about themselves (such as their names, e-mail address, and phone number) over the Internet. If a child has provided us with personally-identifiable information without the consent of a parent or guardian, the parent or guardian of that child should contact the Privacy Officer immediately at fafprivacyofficer@subway.com. We will use reasonable efforts to promptly delete the child's information from our servers.

10. A Note to Parents/Guardians—Additional Information About Children's Privacy

At SFAFT BV, children's privacy is important to us. Therefore, we take additional measures to help children protect their privacy while online including not asking them to disclose more personally identifiable information than is necessary for them to participate in an activity and encouraging them to use non-personally identifiable screen names rather than their real names.

SFAFT BV is dedicated to protecting your privacy and handling any personal information we obtain from you with care and respect. This Children's Privacy Statement is designed to answer your questions regarding our privacy policies and principles with respect to children under the age of 13. SFAFT BV recognises the need to provide additional privacy protections when children visit our website at www.subway.co.uk.

The Children's Online Privacy Protection Act ("COPPA") requires that we inform parents and legal
guardians about how we collect, use, and disclose personal information from children under 13 years of age; and that we obtain the consent of parents and guardians in order for children under 13 years of age to use certain features of our website. Also, when we use the term "parent", we mean to include legal guardians.

Children can participate in many of our features without providing personally identifiable information. However, to enable their participation in certain of our interactive features, we may ask children to provide us with personally identifiable information. The types of information we may request include first name as well as the child's and parent's email addresses. We use a child's email address to respond to a specific request to participate in an activity (e.g., participate in a contest or sweepstakes, respond to their question, and enable them to subscribe to a newsletter). We use parents' e-mail addresses to obtain their consent or notify them of their child's online activities and enable the parent to unsubscribe the child from a newsletter or other similar activity.

We do not share children's personally identifiable information with outside third parties not bound by this Privacy Policy. Sometimes, we use agents or contractors to help us conduct a contest or sweepstakes, send prizes to winners, or provide customer service related to activities on the site. In these cases, we require the agent or contractor to keep the information confidential and to use it only for the specific services they are performing.

At any time parents can refuse to permit us to collect further personal information from their child and can request that any personal information we have collected be deleted from our records.

We will provide parents notice by e-mail of any material changes in the way we intend to collect, use, and/or share their child's personal information. Please note that, at all times, parents should update their personal information to provide us a current email address.

If you would like to review any personally identifiable information that we have collected online from your child, have this information deleted, and/or request that there be no further collection or use of your child's information, or if you have questions about these information practices, you may contact our Privacy Officer. The SFAFT BV Privacy Officer can be reached by telephone at: 0044 1223 550 820; by Facsimile at: 01223 844884; by email at: fafprivacyofficer@subway.com; or by mail at SFAFT BV Privacy Officer, In Care of, Subway® Realty LTD, Chaston House, Mill Court, Hinton Way, Great Shelford, Cambridge, CB22 5LD.

11. Our Use of Your Information

We use your Personal Information to facilitate the services you request. We have tailored our Privacy Policy to adequately inform you of the use of your Personal Information.

12. Collection and Use of Customer Personal Information

We may collect Personally Identifiable Information from you such as your name, home address and/or other Personal Information in order for you to enter a SUBWAY® sweepstakes or to request a SUBWAY® coupon. The Personal Information that you submit is gathered only on a voluntary basis.

We may collect limited Personally Identifiable Information, including, but not limited to your name and/or any "nickname", date of birth, email and/or home address, and any other information that would allow someone to identify or contact you, as well as information about your personal product preferences, survey responses and online activities, if any.

We may collect Personal Information for one of several different purposes, such as:

  • to manage your participation in a contest or sweepstakes or for other purposes stated on an entry form, which will allow us to notify you of a potential prize which you may have won;
  • to allow us to send you specific information or materials that you requested, such as a coupon, newsletter, or certain other materials;
  • to send a notice about a promotion, or to respond to an email, request, or other type of inquiry;
  • to help us improve our web site and services, or to customise your experience at our web site.

We may combine this information to help us identify our visitors' preferences or interests with other general or publicly available information.

You can choose not to allow us to use or your Personally Identifiable Information for direct marketing purposes by indicating your preference at the time of collection, by responding to the promotional email in the manner provided for or by contacting our Privacy Officer at fafprivacyofficer@subway.com. If you have not opted-out of receiving marketing materials, we may also use your Personal Information to promote and market additional goods, services, and special offers from us and/or SFAFT BV's affiliates. Otherwise, we do not provide your information to third parties for their own direct marketing purposes. At any time you may "opt out" of future contact from SFAFT BV by un-subscribing from our contact list or contacting the Privacy Officer at fafprivacyofficer@subway.com.

We sometimes use the non-Personally Identifiable Information that we collect to improve the design and content of our site and to enable us to personalise your Internet experience. We may use this information in the aggregate (grouped with information from other users) to analyse site usage, as well as to offer you products, programs, or services.

Generally, we seek your consent for the use of your Personal Information at the time of collection. The form of consent we seek, including whether it is express or implied, will largely depend on the sensitivity of the information and the reasonable expectations of the individual in the circumstances. You may withdraw consent at any time. If you wish to withdraw consent, please contact our Privacy Officer in the manner described below.

13. Collection and Use of SUBWAY® Franchisee and Prospective Franchisee Information

If you choose to, you may submit via www.subway.co.uk an electronic application seeking consideration as a prospective SUBWAY® franchisee. By submitting an electronic application, you agree that we may disclose your personal information to our affiliates within the SUBWAY® Group, their Development Agents, other SUBWAY® Group affiliates, and third party service providers as part of their consideration to your inquiry and to help them conduct their franchise marketing efforts. Personal Information collected from prospective franchisees include, but is not limited to: name, address, telephone number, facsimile number, email address, date of birth, citisenship, educational background, criminal background, bank account information for Electronic Funds Transfer, financial statement, litigation history, and taxpayer identification number. Information on your online form will become part of an application for a franchise that you might later submit. We require our affiliates within the SUBWAY® Group and their Development Agents to respect SFAFT BV's privacy practices and not use your personal information for purposes other than to carry out our instructions.
Any potential franchisee information sent to www.subway.co.uk is stored on a server located in London. The server is managed by third party service provider, Katatomic based in Cheshire, England. Information on this server may be shared with:

  • SIBV, the franchisor of the SUBWAY® system for Europe. SIBV retains the information to have a record of all the data for Europe, based in Amsterdam, the Netherlands.
  • Subway Realty Limited, a UK corporation dedicated to leasing properties for Subway franchisees based in Cambridge, England
  • McKenna Townsend PR, in order for McKenna Townsend PR to mail requested information packets to prospective franchisees, based in Ringwood Hampshire, England.
  • FWH, which operates as a service-oriented company for and on behalf of the SUBWAY® System worldwide by providing core business related services, based in Milford, Connecticut, USA.
  • DAI, the owner and licensor of the SUBWAY® system, based in Milford, Connecticut, USA.
  • Relevant Development Agents in the UK and Ireland.

SFAFT BV and its affiliates will retain your personal information only for as long as necessary to fulfil the purpose(s) for which it was collected and to comply with applicable laws, and your consent to such purpose(s) remains valid after termination of our relationship with you.

14. Website

www.subway.co.uk is hosted on a web server provided by Rackspace Hosting Ltd., based in Middlesex, England and managed by Katatomic Limited, based in Cheshire, England. The content of www.subway.co.uk is managed by Katatomic, who facilitates the database of prospective franchisees and has the backend of the server which links to www.subway.com located in the United States, McCann London, based in London, England, which updates the consumer content, and SFAFT BV. The domain name www.subway.co.uk is owned by Doctor's Associates Inc.

15. Mobile Information

Mobile Information We Collect

  • Personally identifiable information (e.g. Name, email address) we collect consists only of what you share with us. For example, certain products may ask for this type of information so that we may contact you by phone or email at your request. You choose what, how, and when you want to share.
  • If you use any location-enabled products, you may be sending us location information. SFAFT BV does not store or use this information other than to provide the service you requested. For example, a mobile product may use GPS data to find a nearby restaurant you requested. Location-enabled features are opt-in and you have control over your participation and can turn these services off at any time.
  • Web-enabled mobile applications may use cookies or web beacons and other methods to customise your browsing experience. Please see SFAFT BV's web privacy policy for more information.
  • Some mobile applications will utilise Google Analytics (or similar tool) to help us better serve our customers through improved products, services, and revisions to the mobile applications. This collected information will not identify you to SFAFT BV. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.
  • Use of 3rd party services such as social sharing sites (e.g., Facebook and Twitter) is governed by the privacy practices of those services. SFAFT BV does not capture or store your login information or other personally identifiable information for these services; however session info or cookies may be stored.

Mobile How We Use Collected Information

  • We use the information to personalise your experience with the application and to improve your overall experience including the development of new products, services, and features. We also use the information to provide customer support, and when applicable, register and administer your account. Additionally, we may use the information you provide to contact you about updates to our service.
  • Information you provide may be used to fulfill the service(s) or carry out the transaction(s) you have requested or authorised.
  • Mobile Information sharing
  • SFAFT BV does not share any collected information with 3rd parties with the following exceptions:
  • SFAFT BV may provide some personal data to third-party partners that are providing services essential to your mobile user experience.
  • All requests are sent through your mobile carrier's network and your carrier may have access to it. Consult your carrier's privacy policies for additional information.
  • Certain mobile products and services and manufacturers allow you to interact and share your information with others. For example, you may want to Tweet or post to your Facebook page content from a SFAFT BV mobile application. Consult your mobile device manufacturer, or mobile product or application developer's privacy policies for additional information.

16. Marketing Promotions and Advertising

If you participate in any advertising or marketing promotions the information that you provide will be handled in accordance with the Privacy Policy specific to said promotion which cannot and does not apply to this Privacy Policy.

17. Forward-to-a-Friend and Refer-a-Friend

You may use a referral feature (either on a web page, in an e-mail, from a banner ad or other communication) to inform a friend about a SFAFT BV web page or promotion. SFAFT BV may use any e-mail address provided when using this referral feature to send both an initial e-mail and a subsequent e-mail to recipients about the particular promotion, product, or service in which you indicated your "friend" may have an interest.

18. Opt-Out of Email and Mobile Updates

You may have the opportunity to elect to receive email and mobile communications from SFAFT BV. SFAFT BV will only email you or send you mobile alerts if you elect to receive them. If you elect to receive email and mobile communications, SFAFT BV will send you occasional updates about new additions to the Website as well as special offers and promotions of which you can take advantage. If at any time you decide you would rather not receive these types of communications from SFAFT BV, you can opt-out by clicking the unsubscribe link at the bottom of any SFAFT BV email, update the contact preferences for your account, for mobile marketing, you may opt-out by following the instructions provided in the text messages you receive, or contact the Privacy Officer at fafprivacyofficer@subway.com.

19. Sharing of Personal Information

Except as described in this Privacy Policy, SFAFT BV will not disclose your Personal Information to a third party, unless you request or otherwise consent to such disclosure, or disclosure is required or authorised by law.

We do not sell information to third parties. We may share information with agents, affiliates or service providers who act for or on behalf of SFAFT BV in connection with the business of SFAFT BV, or for further processing the data in accordance with the purpose(s) for which the data was originally collected, e.g., third party maintenance of secure listing databases or prize fulfillment in connection with a contest or sweepstakes. We require our agents, affiliates and service providers to agree in writing to maintain the confidentiality and security of Personal Information they maintain on behalf of SFAFT BV and not to use it for any purpose other than the purpose for which we retained them. We also require any third parties we retain to protect Personal Information disclosed by us in accordance with all applicable privacy requirements and the general privacy principles described in this Privacy Policy. SFAFT BV may also share statistical or demographic information in aggregate form with service providers for marketing or research purposes. This aggregate data will not contain any information that personally identifies you.

Although we make every effort to preserve user privacy, we may need to disclose Personally Identifiable Information in certain limited circumstances, specifically: to comply with a judicial proceeding, a court order, or subpoena, or as otherwise may be required by law, to enforce our policies or contracts, or to collect amounts owed to us, to protect users of our sites and our sites from fraudulent or abusive use, to protect SFAFT BV's rights or property (including without limitation in the event of a bankruptcy, merger, acquisition, or transfer of control or assets or other business venture involving SFAFT BV, or any of the business or assets of SFAFT BV, during emergencies when safety is at risk, as determined by SFAFT BV, or otherwise where necessary for the establishment, exercise or defense of legal claims. The Personally Identifiable Information you provide is considered a company asset and may be included among transferred assets if SFAFT BV or any or all of their subsidiaries or affiliates or any of their assets is ever acquired by a third party. In addition, from time to time, server logs may be reviewed for security purposes; for example, to detect unauthorised activity on the web site. In such cases, server log data, containing IP addresses, would be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorised activities.

20. Security

We endeavor to protect your Personal Information using physical, electronic or procedural security measures appropriate to the sensitivity of the information in our control. These measures include safeguards to protect Personal Information against loss or theft, as well as unauthorised access, disclosure, copying, use and modification.

We safeguard your Personal Information on the Internet by using industry-standard practices. Although "guaranteed security" does not exist either on or off the Internet, we make commercially reasonable efforts to make the collection and security of such information consistent with our Privacy Policy and all applicable laws and regulations. We maintain physical, electronic and procedural safeguards as appropriate to safeguard your Personal Information.

Currently, our website utilises a variety of different security measures designed to protect Personal Information by users both inside and outside SFAFT BV, including the use of encryption mechanisms (e.g., Secure Socket Layers or SSLs), password protection, and other security measures to help prevent unauthorised access to your personally identifiable information. This helps maintain the confidentiality, privacy, and integrity of your transactions, and helps to protect your confidential information - such as credit card numbers, online forms and financial data, from loss, misuse, interception and hacking.


21. Phishing

Identity theft and the practice currently known as "phishing" are of great concern to SFAFT BV. Accordingly, safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password, and Social Security Number or National Identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission's website.

22. Storage, Retention and Accuracy of Personal Information

SFAFT BV ensures that Personal Information is safeguarded against loss, access, use, modification, disclosure or other misuse. All reasonable steps are taken to prevent unauthorised use or disclosure of your Personal Information.

SFAFT BV will retain your Personal Information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws.

We take all reasonable steps to ensure that your Personal Information is accurate, up-to-date, complete, relevant and not misleading.

23. Access, Control and Update Information About You

We want to be sure that we keep only the most accurate and up-to-date Personal Information in our records. Therefore, whenever you believe that your Personal Information needs to be updated, you can email us at fafprivacyofficer@subway.com to update your contact information. You may choose at any time to remove your name, telephone numbers, and postal and email addresses from the lists we use to send notices or updates and elect not to receive correspondence from us by sending us an email at fafprivacyofficer@subway.com.

To protect your privacy, we will take reasonable steps to help verify your identity before granting access or making changes.

24. Contact Information

You may contact the Privacy Officer to access, correct or delete your Personal Information. If necessary, the Privacy Officer will contact another employee to assist in completing your requested task

If you have any questions or complaints, please contact the Privacy Officer. The SFAFT BV Privacy Officer can be reached by telephone at: 0044 1223 550 820; by Facsimile at: 01223 844884; by email at: fafprivacyofficer@subway.com; or by mail at SFAFT BV Privacy Officer, In Care of, Subway® Realty LTD, Chaston House, Mill Court, Hinton Way, Great Shelford, Cambridge, CB22 5LD. The Privacy Officer for FWH and its affiliates, the SUBWAY® Group can be reached by telephone at: (203) 877-4281 or 1-800-888-4848; by Facsimile at: (203) 783-7479; by email at: privacyofficer@subway.com; or by mail at Franchise World Headquarters, LLC, 325 Bic Drive, Milford, CT, 06461, USA. We will address your concern and attempt to resolve any problem. We will address your concern and attempt to resolve any problem. Download Privacy Information Request Form here: http://www.subway.com/subwayroot/InfoRequestForm.pdf.

25. Links to Non-SFAFT BV Web Sites and Third Parties

Please note that SFAFT BV or SUBWAY® web sites may contain links to other web sites for your convenience and information. SFAFT BV does not control those sites or their privacy practices, which may differ from www.subway.co.uk. SFAFT BV's privacy policy cannot and does not apply to external Web areas. We do not endorse or make any representations about third party web sites. The personal data you choose to give to unrelated third parties is not covered by the SFAFT BV privacy policy. We encourage you to review the privacy policy of any company or website before submitting your Personal Information. Some third parties may choose to share their personal data with SFAFT BV; that sharing is governed by that third party's privacy policy.

26. Social Media and Online Engagement

SFAFT BV uses a variety of new technologies and social media options to communicate and interact with consumers. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, SFAFT BV uses several third-party platforms including, but not limited to, Facebook, Twitter, and YouTube. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by SFAFT BV. When interacting with the SFAFT BV presence on those websites, you may reveal certain personal information to SFAFT BV or to third parties. Except when used by SFAFT BV employee's for the purpose of responding to a specific message or request, SFAFT BV will not use, share, or retain your personal information.

At this time, SFAFT BV has two Social Media Accounts, http://www.facebook.com/SUBWAY.UK.Ireland, and http://twitter.com/#!/SUBWAYUKIreland.

Facebook: On the Facebook.com/subway Facebook page, SFAFT BV staff posts news and other items of interest to individuals. If you have a Facebook account or 'Like' Facebook.com/subway Facebook page, you can post comments or click on the 'like' option for individual entries. If you comment or click on the 'like' button, personally identifying information will be visible to SFAFT BV staff and other Facebook site visitors. The amount of visible personal information will depend on your own Facebook privacy settings. You can completely avoid displaying any personally identifiable information by not creating an account, not posting comments and not clicking on the 'like' options in Facebook. SFAFT BV staff does not collect, use or disclose any information about visitors who comment or 'like' the SFAFT BV Facebook site. Facebook collects and reports on non-personally identifiable information about activities on Facebook pages. This information is password protected and only available to SFAFT BV employees, members of the SUBWAY® Communications and Web Teams, and other designated staff who require this information to perform their duties. The Facebook privacy policy is available at: http://www.facebook.com/about/privacy/.

Twitter: SFAFT BV uses Twitter to send short messages (up to 140 characters) or 'Tweets' to share information about SUBWAY® Restaurants with visitors and respond to comments and inquiries sent via Twitter to SFAFT BV. While visitors may read the SFAFT BV Twitter feeds without subscribing to them, visitors who want to subscribe to (or follow) SFAFT BV Twitter feeds must create a Twitter account at www.twitter.com. To create an account, you must provide some personal information, such as name, user name, password and email address. Visitors have the option to provide additional personal information including a short biography, location or a picture. Most information you provide for a Twitter account is available to the public, but you can modify how much of your information is visible by changing your privacy settings at the Twitter.com Web site. SFAFT BV staff members monitor the number of subscribers and respond to comments and queries via Twitter, but the staff never takes possession of the personal information belonging to Twitter followers. SFAFT BV does not collect, maintain, disclose or share any information about people who follow SFAFT BV on Twitter. The Twitter privacy policy is available at: http://twitter.com/privacy.
SUBWAY® Franchisees may sponsor their own Facebook Pages, Twitter Accounts, and Youtube Accounts. The privacy policies for the SUBWAY® Franchisees Social Media pages are located on the individual SUBWAY® Franchisees websites. This privacy policy does not govern the personal information handling policies and procedures of individual SUBWAY® Franchisees Social Media pages and their individual websites.

27. Your California Privacy Rights

Under California's "Shine the Light" law, California residents have the right to request in writing from businesses with whom they have an established business relationship (1) a list of the categories of personal information, such as name, address, e-mail address, and the type of services provided to that customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes, and (2) the names and addresses of all such third parties. To request the above information, please email the Privacy Officer at fafprivacyofficer@subway.com or write to us at:

SFAFT BV Privacy Officer
In Care of
Subway® Realty LTD
Chaston House
Mill Court
Hinton Way
Great Shelford
Cambridge
CB22 5LD
Attention: California Disclosure Information

We will respond to such written requests within 30 days following receipt at the mailing address above. We reserve the right not to respond to requests submitted other than to the address specified above or otherwise exempted by law. Please note that we are required only to respond to each customer once per calendar year.

28. Safe Harbor Compliance

SFAFT, an affiliate of SFAFT BV, is in compliance with the U.S. Department of Commerce Safe Harbor requirements regarding the transfer of personal information from the European Economic Area ("EEA") or Switzerland to the United States. SFAFT has been Self-Certified under the Safe Harbor privacy frameworks as set forth by the U.S. Department of Commerce, European Commission and Switzerland regarding the collection, storage, use, transfer and other processing of personal data transferred from the European Economic Area or Switzerland to the U.S., in accordance with the EU Directive on Personal Data Protection. The principles of Safe Harbor compliance are:

  • Notice - Individuals must be informed that their data is being collected and about how it will be used;
  • Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties;
  • Onward Transfer - Transfers of data to third parties may only occur to other organisations that follow adequate data protection principles;
  • Security - Reasonable efforts must be made to prevent loss of collected information;
  • Data Integrity - Data must be relevant and reliable for the purpose for which it was collected;
  • Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate;
  • Enforcement - There must be effective means of enforcing these rules.

We may transfer the personal information we collect about you to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy.

Further information regarding the Safe Harbor principles and certification process can be found at www.export.gov/safeharbor.

In addition, the U.S. Department of Commerce maintains a list of all compliant organisations, which can be accessed at http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list.

29. Members of the European Union

If you are a resident of the European Economic Area ("EEA") or Switzerland and have any concerns or complaints, please first address these issues to the Privacy Officer. FWH, a member of the SUBWAY® Group, is located in the United States, as are the servers that make their site available. All matters relating to privacy issues and this website are governed by the laws of the United States and the State of Connecticut. If the Privacy Officer does not satisfactorily address a complaint within thirty (30) days, any dispute, controversy or claim shall be settled by an arbitration administered by an arbitration agency, such as the American Arbitration Association ("AAA"). All arbitrations will be conducted in English. Judgment rendered by the arbitrator may be entered in any court having jurisdiction. The costs of the arbitration will be borne equally by the parties. Connecticut, U.S.A. shall be the site of all hearings, and such hearings shall be before a single arbitrator. You may also submit complaints to the Federal Trade Commission at http://www.ftc.gov/ftc/complaint.htm or via phone at (202) 382-4357.

30. Changes to our Privacy Policy

SFAFT BV will update this Privacy Policy occasionally. When SFAFT BV posts changes to this Privacy Policy, we will also revise the "Last Updated" date below on SFAFT BV's Privacy Policy. If there are material changes to this Privacy Policy, SFAFT BV will notify you by email, or by means of a notice on our home page. SFAFT BV encourages you to review this Privacy Policy periodically to be informed of how SFAFT BV is protecting your information and to be aware of any changes to the Privacy Policy. Your continued use of the site after the posting of any amended Privacy Policy shall constitute your agreement to be bound by any such changes. This Privacy Policy is incorporated into any Terms and Conditions governing the various web sites and any programs or services operated or managed on or behalf of SFAFT BV. Any changes to this Privacy Policy are effective immediately after being posted by SFAFT BV.

31. Terms and Conditions of Website Use

The Terms and Conditions governing your use of this Website located at: http://www.subway.com/subwayroot/TermsOfUse.aspx contains important provisions disclaiming and excluding the liability of FWH, the SUBWAY® Group, and its advertising entities, the FAF Group, regarding your use of our Website and provisions determining the applicable law and exclusive jurisdiction for the resolution of any disputes regarding your use of this Website. Each of these provisions applies to any disputes that may arise in relation to this privacy policy and the collection, use and disclosure of your personal information, and are of the same force and effect as if they had been reproduced directly in this Privacy Policy.


LAST UPDATED: 05-21-12