HanGook McDonald’s Co. Ltd (“Company”) considers the Personal Information of our customers to be important and is committed to the effective management and protection of the Personal Information. The company complies with the laws and regulations related to the protection of customers’ Personal Information including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. In accordance with the relevant laws and regulations, the Company has established this Privacy Protection Policy to protect the rights and interests of data subjects. In the event of any amendments to this Policy, the Company will provide notice through website announcements (or individual notice).
This policy is revised and will take effect from May 7, 2025.
| Processing Activity | Method | Purpose of Collection | Collected Items | Period of Retention and Use | |
|---|---|---|---|---|---|
| McDonald’s App Service | Online (Mobile) | Sign-up and provide services on McDonald’s App | Required | Name, phone number, ID (e-mail address), passwords, order history | Until the withdrawal of consent, member deregistration, or when a member has not used the service for more than a year |
| Delivery service on M Order | Required | Delivery address, building entry code | |||
| Scheduled delivery on M Order | Required | Scheduled date and delivery | |||
| My McDonald’s Reward Program (purchase amount-based point earning and coupon program), customer analysis, personalized marketing activities | Optional | Name, sex, date of birth, phone number, e-mail address, order history, app activity history | |||
| Call-in Order | Online (by phone) | Call-in order services | Required | Name, delivery address, phone number, order history | Until 5 years from the order placed |
| Recruitment and selection of franchise restaurant operators | Offline (mail submission) or online (e-mail) | Qualification screening for franchise business applicants, communication, training for selected franchise operators, supporting franchise opening, execution of franchise contracts and franchise management, reporting on franchise status to the office | Required | Name, photo, phone number, date of birth, education, occupation, business experience, financial status |
Not-selected franchise owner: Until the decision to not conclude the franchise contract
Selected franchise owner: Until the end of the franchise contract |
| Optional | Items listed in the franchise business application form | ||||
| Operation of franchise restaurant | Offline (mail submission) or online (email or e-signature) | Communication with franchise operators, training for selected franchise operators, supporting franchise opening, execution of franchise contracts and franchise management | Required | Name, photo, contact, date of birth, phone number, e-mail address, a copy of bank account, proof of identity | Until the end of the franchise agreement |
| Optional | Current and previous business experience name and relationship of McDonald's employees who are friends or family, whether you supply goods or services to McDonald's, work experience at McDonald's stores, experience in applying for a McDonald's franchise business | ||||
| Restaurant lease | Lease agreement | Lease works for existing stores | Required | Name, phone number, address information of landlord) | Until 1 year after the termination of the lease relationship |
| Online (fill out the form and send it to the designated email account) | New store development work | Required | Name, phone number, email, e-mail, information of the real estate (information on the applicants) | 2 years after the end of the qualification screening for opening a restaurant (information on those who are not under lease contract) | |
| Events | Online | Identity verification, winner selection, announcement, mobile giveaway delivery | Required | Name, phone number | Within 60 days after the end of each event (30 days after the expiration date of the coupon in the case of mobile coupon delivery) |
| Delivery of giveaways | Required | Delivery address | |||
| * However, the details may vary depending on the nature of each event. In such cases, the information provided on the respective event page takes precedence over the information herein. | |||||
The Company destroys Personal Information without delay when Personal Information becomes unnecessary, such as the expiration of the Personal Information retention period or the completion of the purpose of processing. If the Personal Information must continue to be preserved in accordance with other relevant laws and regulations even though the retention period agreed by the information subject has expired or the purpose of processing has been achieved, the Personal Information will be transferred to a separate database (DB) or stored in a different storage location. The Company permanently deletes Personal Information to be destroyed in an irretrievable manner if it is in the form of an electronic file, and shreds or incinerates other records, printed materials, written materials, and other recording media.
The Company processes the Personal Information of the data subject only within the scope specified in the purpose of processing Personal Information, and provides Personal Information to a third party only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law, and does not provide the Personal Information of the information subject to a third party otherwise. The Company provides Personal Information to third parties as follows.
| Recipient | Purpose of Use | Items of Transferred Personal Information | Period of Retention and Use |
|---|---|---|---|
| * McDonald’s franchise restaurants | To handle customers’ delivery orders | Name, phone number, e-mail address, delivery address | Until member deregistration or immediately after when a member has not used the service for more than 1 year |
| To handle customer’s complaints and inquiries | name, contact information, name of visited restaurant, e-mail address, inquiry or complaints (including any attachment by the customer) | Information regarding Black Consumer(10 years), Other Information(3 years) |
※ If Personal Information is required to be preserved under other relevant laws despite the retention and use period described above, it will be retained accordingly. Examples of retention periods required by laws are the same as those described in “1. Items of Personal Information to be collected, Purpose of Use, and Retention Period”.
* Check the list of McDonald’s franchise restaurants >> Click
In order to provide better services, the Company may entrust the processing of Personal Information of information subjects on external specialized agencies and continuously post and disclose the contents of entrusted works and the Entrusted Company in the Company's Privacy Policy so that the Entrusted Company can be easily checked at any time. The Company entrusts the processing of Personal Information as follows for smooth Personal Information processing.
| Entrusted Company | Entrusted Works | Period of Retention and Use |
|---|---|---|
| Revolution Communications (Re-entrustment: Betree Co., Ltd.) |
1) Website and related system development, maintenance and repair 2) Selection of winners, guidance, and overall work necessary for the event | Until termination of entrustment contract |
| CNTTECH (Re-entrustment: Peloton) |
Call center and customer center operation, order reception, complaint handling, customer information management, storage | Until termination of entrustment contract |
| VROONG (Re-entrustment: Delivery service agency (Link), transcosmos Korea Inc.) |
Product delivery service | Until termination of entrustment contract |
| Barogo (Re-entrustment: Delivery service hub (Link), Vada Korea, The One International) |
Until termination of entrustment contract | |
| Logiall (Senggakdaero) (Re-entrustment: Branches of Senggakdaero (Link)) |
Until termination of entrustment contract | |
| CONNECT 9 Inc. (Re-entrustment: Delivery service agency (Link)) |
Until termination of entrustment contract | |
| The M Company | Credit card payment authorization | Until termination of entrustment contract |
| NICE Information & Telecommunication, Inc. | Until termination of entrustment contract | |
| KIS Information & Communication, Inc. | Until termination of entrustment contract | |
| COOP Marketing, Inc. (Re-entrustment: LG U Plus, Hyosung ITX) |
1) Mobile menu coupon transaction 2) Deliver and manage event giveaways |
Until termination of entrustment contract |
| Korea Pay’s Service, Inc. (Re-entrustment: COOP Marketing) |
Until termination of entrustment contract | |
| Modu Sign, Inc | Electronic contract service | Until termination of entrustment contract |
| MILVUS, Inc (Re-entrustment: LG U Plus, Kakao Enterprise) |
1) Sending advertising information such as promotions and benefits and overall operation of various promotions 2) Handling of customer complaints 3) Customer analysis and reporting based on gender, order information, phone number, e-mail, purchase history, and app usage history provided by customers when signing up for McDonald's mobile app membership and placing an order. |
Until termination of entrustment contract |
| S-1 Corporation | Install and maintain purchased or rental CCTV system | Until termination of entrustment contract |
| Foodtech Co., Ltd. | Order agency, system maintenance and repairment | Until termination of entrustment contract |
| KFSC | Transaction of non-food items | Until termination of entrustment contract |
| Shin Myung F&B Co., Ltd. (Re-entrustment: PLAN-S) |
Deliver giveaways and event benefits to customers (Re-entrustment) | Until termination of entrustment contract |
| NHN KCP | McDonald’s app payment service provider | Until termination of entrustment contract |
※ When signing a entrustment contract, the Company specifies in documents such as contracts matters related to responsibilities such as prohibition of processing Personal Information other than for the purpose of performing entrusted works, technical and administrative protection measures, restriction on re-entrusting, management and supervision of the outsourcer, and compensation for damages , as well as supervises the handling of Personal Information by the Entrusted Company. If the details of the entrusted work or the Entrusted Company are changed, the Company will disclose them through this privacy policy without delay.
※ The Company transfers Personal Information to overseas corporations to provide McDonald’s app services and call-in order services, and the entrusted works are as follows. In the process of entrustment, the Company transfers the prosomal information overseas based on Article 28-8, Paragrah1, Subparagraph 3 of the Personal Information Protection Act (Outsource the processing of, or store Personal Information overseas).
| Entrusted Company | Entrusted Works | |
|---|---|---|
| McDonald’s Corporation(McDonald’s Global Markets LLC) | Personal Information Item | Name, phone number, e-mail address, password, delivery address, order history |
| Markets LLC) (Global Markets LLC) | Country | USA (1035 W Randolph St, Chicago, IL, 60607) |
| Entrustment Date and Method | Send encrypted data when signing up and using membership | |
| Entrusted Company (Person in charge of information management) |
McDonald’s Corporation (contact.privacy@us.mcd.com) |
|
| Entrusted Works | Handle system maintenance and operation | |
| Period of Retention and Use | Until withdrawal of membership or termination of entrustment contract | |
| AWS | Personal Information Item | Name, phone number, e-mail address, password, delivery address, order history |
| Country | Singapore (27 Tampines Street 92, Singapore 528878) | |
| Entrustment Date and Method | Send encrypted data when signing up and using membership | |
| Entrusted Company (Person in charge of information management) |
Amazon Web Service Inc. (aws-korea-privacy@amazon.com) | |
| Entrusted Works | Handle server hosting for delivery orders | |
| Period of Retention and Use | Until withdrawal of membership or termination of entrustment contract | |
| Capgemini | Personal Information Item | Name, phone number, e-mail address, password, delivery address, order history |
| Country | USA (79 Fifth Avenue, 3rd Floor, New York, New York 10003) | |
| Entrustment Date and Method | Send encrypted data when signing up and using membership | |
| Entrusted Company (Person in charge of information management) |
Capgemini America, Inc. (dataprivacyoffice.nar@capgemini.com) |
|
| Entrusted Works | Handle website and system development, maintenance and repair | |
| Period of Retention and Use | Until withdrawal of membership or termination of entrustment contract | |
| Microsoft Azure | Personal Information Item | Name, phone number, e-mail address, password, order history |
| Country | Netherland (Agriport 601, Middenmeer), Ireland (Leopardstown, Dublin) | |
| Entrustment Date and Method | Send encrypted data when signing up and using membership | |
| Entrusted Company (Person in charge of information management) |
azuresupport@microsoft.com | |
| Entrusted Works | Handle server hosting | |
| Period of Retention and Use | Until withdrawal of membership or termination of entrustment contract | |
| Plexure | Personal Information Item | Name, phone number, e-mail address, password, order history |
| Country | USA (2021 Midwest Road Suite 200 Oak Brook Chicago, IL) | |
| Entrustment Date and Method | Send encrypted data when signing up and using membership | |
| Entrusted Company (Person in charge of information management) |
datacompliance@plexure.com | |
| Entrusted Works | Implement customized app services and send ads | |
| Period of Retention and Use | Until the withdrawal of membership or within 30 days from termination of entrustment contract | |
※ In principle, the entire data should be backed up(archived) for recovery in the event of data loss due to disaster or crisis, so you will not be able to use the service if you choose not to transfer data overseas. If you do not want to transfer data overseas, you can withdraw you membership by following the withdrawal process provided in the McDonald’s app (More- My Page – Withdrawal) or request membership withdrawal through the customer center.
Information subject (Customer inquiry submitter) should comply with other information protection and Personal Information-related laws such as the Personal Information Protetion Act, and request to access, revise, or delete Personal Information at any time, or request to suspend the processing of Personal Information and withdraw consent to the collection, use, or provision of Personal Information. The request to access Personal Information and suspension of processing may be restricted by Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act. In addition. Requests for correction or deletion of Personal Information cannot be requested if the Personal Information is specified as the subject of collection in other applicable laws and regulations.
The following departments are in charge of access, correction, suspending processing, and receiving and processing requests for Personal Information.
| Department in charge of access/correction/suspending of processing/receiving and handling relevant requests |
|
|---|---|
| Request to | Legal Team |
| DataPrivacy@kr.mcd.com | |
| Contact | 080-208-1588 |
If the information subject request correction of errors in Personal Information, the Company will not use or provide the Personal Information until the correction is completed. In addition, if incorrect information has already been provided to a third party, the Company will notify the third party of the result of the correction without delay so that the correction can be made. The Company should terminate or delete Personal Information at the request of the information subject in accordance with the policy “1. Items of Personal Information to be collected, Purpose of Use, and Retention Period”, and prohibits it from being accessed or used for other purposes. The exercise of the above rights may be performed through the legal representative of the information subject or an agent such as a delegated person. In this case, you need to submit a power of attorney in accordance with the attachment No.11 form in the “Notice on Personal Information Processing Process”, and the Company will confirm whether the person who made the requests such as access is the person himself/herself or his or her legitimate representative.
The Company has designated the person in charge of Personal Information protection to protect the Personal Information on the data subjects and address relevant complaints.
The data subject may contact any kind of Personal Information protection related inquiry to the person in charge of Personal Information Protection. The Company will address and answer the inquiry without delay.