McDonald’s FIFA World Cup 2026™ Hosted Experiences Portal Privacy Policy

Last updated: November 11, 2024

I. Introduction

Welcome to McDonald’s FIFA World Cup 2026™ Market Website Privacy Policy. The purpose of the Market Website is to allow eligible individuals, such as those within the McDonald’s system (“FIFA Registrants”) to register to attend FIFA World Cup 2022™ (the “Event”). This Privacy Statement describes how McDonald’s collects, uses, protects and shares the personal information of FIFA Registrants who use the Market Website or otherwise interact with us to register for the Event. If you are not a FIFA Registrant, please do not use this Market Website. This Privacy Statement does not apply to your use of any other websites and mobile apps or when you visit our restaurants. McDonald’s Global Customer Privacy Statement applicable to customers may be found here.

II. Your Privacy Globally

The data controller of your personal information is McDonald’s Corporation (“we” or “us”).

1. Information we collect

We may collect personal information about you when you use the Market Website or otherwise interact with us to register to attend the Event (collectively, “registration services”). The information we collect falls into three categories: (a) information you provide to us (b) information we collect through automated methods; and (c) information we collect from other sources (read below).

Generally, you are under no obligation to provide your personal information. However, in certain cases, we may be unable to provide you with our registration services unless you provide your personal information.

We may combine the information you provide to us with information that we collect through automated methods, and with information we receive from other sources.

We collect information you provide to us

You may provide the following information to us, depending on how you interact with us:

personal details, such as your name, job function, postal and email addresses, phone number, birthday information and other contact information, when you register with our registration services, or contact us by phone or otherwise through our registration services;
demographic information, such as age or gender;
credit card details and transaction information, including shipping and billing addresses;
information related to your seat selection, such as disability status;
account and identification information, such as your username or password (or anything else that identifies you) used to access our registration services;
further travel and registration information that may be requested by FIFA at a later date, such as nationality, country of residence and passport/ID number. and
other personal information you choose to provide us when you interact with us.

We collect information through automated methods

We may use automated technology to collect information from your computer system or mobile device when you use our registration services. Automated technology may include cookies, local shared objects, and web beacons. There is more information below about cookies and other technologies in Section 6 (Use of Our Registration Services and Other Technology).

We may collect information about your:

internet protocol (IP) address;
computer or mobile-device operating system and browser type;
type of mobile device and its settings;
unique device identifier (UDID) or mobile equipment identifier (MEID) of your mobile device;
device and component serial numbers;
advertising identifiers (for example, an Identifier for Advertising (IDFA) on Apple devices) or similar identifiers;
referring webpage (a page that has led you to ours) or application;
online activity on other websites, applications or social media; and
activity related to how you use our registration services, such as the pages you visit on our Market Website.

Our registration services may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity. For most mobile devices and computer systems, you can disable the collection of this information by using the device or web-browser settings. If you have any questions about how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer, or your web-browser provider. Some registration services may not work properly without information about your location.

We collect information from other sources

We may collect information about you from our business partners, vendors, and other third parties who assist us in providing the registration services (e.g., FIFA).

2. How We Use the Information We Collect

We use the information we collect to register FIFA Registrants to attend the Event. Registration may include coordinating flights, stays, and other details related to the Event. We use the information we collect for the following purposes:

to register you for the Event, and other details in connection with purchasing tickets related to the Event;
to manage our relationship with you, including feedback management and for surveys;
to personalize and improve our registration services and your overall experience, in particular by improving our existing technologies and developing new products and services and employing profiling technology (unless we notify you separately thereof, this will not include automated individual decisions that have legal effects for you or similarly significantly affect you);
business analytics, including operations research, to assess the effectiveness of our registration service;
to ensure the security of our registration services, including the detection, prevention, and investigation of attacks;
to protect against, identify and prevent fraud and other crime, claims and other liabilities;
to protect the rights, safety, health, and security of our customers, our employees, our franchisees, and the general public, and to protect our property;
to anonymize your information for further internal and external use in a manner that does not identify you;
to comply with legal obligations and our Standards of Business Conduct;
to establish, exercise or defend a legal claim; and
to contact you in connection with the registration services or in response to your inquiries and requests.

We may use the information we collect about you in other ways, which we will tell you about at the time we collect it or before we begin using it for those other purposes.

If we are established in the EU or the European Economic Area (“EEA”) or are otherwise subject to the General Data Protection Regulation (“GDPR”), we process your personal information on the basis of

the necessity to perform a contract we have concluded with you or the necessity to take steps at your request prior to entering into such a contract (Article 6(1)(b) GDPR);
our prevailing legitimate interest to personalize and improve your overall experience and achieve the purposes set out above (Article 6(1)(f) GDPR);
the necessity to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR); or in some cases,
your consent for which we may ask you in a separate process (Article 6(1)(a) GDPR).

3. How We Share the Information We Collect

We do not sell your personal information and only share your information as described in this Privacy Statement or as otherwise communicated to you at the time we collect your information.

We may share your personal information with:

members of the McDonald's Family: The McDonald's Family consists of McDonald’s Corporation and McDonald’s Global Markets LLC, and their affiliates, and subsidiaries (“McDonald’s Entities”), and franchisees of McDonald’s Entities;
vendors who help us operate our business (including information technology service providers as well as those who use the information to detect or prevent fraud for us, and who may use the information to provide fraud detection and prevention services to others);
public authority and courts;
buyers or other parties involved in a corporate transaction if we decide to sell or transfer all or part of our business;
our professional advisers such as our legal representatives, auditors and insurance brokers; and
business partners, vendors, and other third parties who assist us in providing the registration services (e.g., FIFA or payment processors).

4. Children's Privacy Notice

The registration services are not intended to be used by children. We urge parents to regularly monitor and supervise their children's online activities.

5. Your Choices and Rights

Marketing Communications

If you are subscribed to our marketing communications, you can later opt out by following the opt-out instructions in the marketing communications we send you. You can also generally find your communication preferences with instructions on how to opt out in the profile section of the online services that you use. You may also have the ability to change your communication preferences using your device settings. You can also opt out by contacting us at our Global or Local Data Protection Office using the contact information provided below. If you are contacting a Local Data Protection Office, please choose the office in the country in which you are a customer.

If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions, any accounts you have with us, and any contests, competitions, prize draws or sweepstakes you have entered. Opting out of one form of communication does not mean you have opted out of other forms as well. For example, if you opt out of receiving marketing emails, you may still receive marketing text messages if you have opted in to receiving them. Please note that if you are receiving communications from a McDonald’s franchisee, then you will need to opt out from them directly.

We do not share personal information with third parties for their own direct marketing purposes, unless you give us permission to do so. When we give you notice, and you consent, we will share your personal information as you direct us to.

Your Personal Information Rights

Under applicable law, you may have the rights (under the conditions and to the extent set out in applicable law):

to check whether and what kind of personal information we hold about you and to access or to request copies of such data;
to request correction, supplementation, anonymization, blocking or deletion of information about you that is inaccurate, incomplete, outdated, unnecessary, excessive or processed in non-compliance with applicable requirements;
to request the restriction of the collection, processing or use of information about you;
in certain circumstances, to object for legitimate reasons to the processing of your information or to revoke consent previously granted for the processing while the latter does not affect the lawfulness of processing before the revocation;
to request data portability; and
to lodge a complaint with the competent authority.

For more information regarding these rights, please contact: [email protected]

6. Use of Our Registration Services and Other Technology

We and our vendors may use cookies, web beacons and other similar technologies on our registration services to collect information and provide you with registration services in connection with the Event.

Cookies and other technologies

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user.

A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. They are also sometimes referred to as pixels and tags.

Please note the following:

You might be assigned a cookie when using our registration services.
We offer certain features that are available only through the use of cookies and other similar technologies.
We may use both session (for the duration of your visit) and persistent (for the duration of a fixed period of time) cookies and other tracking technologies.
Our registration services and other areas related to our business may have web beacons.

Both we and selected third parties (such as our analytics networks) may use these technologies to collect information about your online activities, over time and across third-party websites and devices, and when using our registration services to further personalize your experience with us.

Use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive a cookie. Select the “Help” section of your browser to learn how to change your cookie preferences. If you disable all cookies, you may not be able to take advantage of all the features available on a website.

Some newer web browsers may have a "Do Not Track" preference that transmits a "Do Not Track" header to the websites you visit with information indicating that you do not want your activity to be tracked. McDonald’s does not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.

Please see below for examples of Cookies that are used on this Website:

Cookie name	Type	Purpose
.AspxAnonymous	Permanent	Identifies entities that are not authenticated when authorisation is required
LastPageId	Session	Identifies the last page the user visited (authenticated users only)
Language	Session	The language the user has selected (defaults to English)
.DOTNETNUKE	Session	The authentication token of the logged in user.
dnn_IsMobile	Session	Whether to display the mobile device friendly version of the site or not

Targeted advertising

When you use our registration services, we (and our vendors) may collect information about your activities so that we can provide you with advertising tailored to your interests.

Because we utilize advertising (“ad”) networks, you may see certain ads on other websites. Ad networks allow us to target the information we send you based on your interests, other information related to you, and contextual means. These ad networks track your online activities over time by collecting information through use of cookies, web beacons, and other technologies. The ad networks use this information to show you advertisements that may be of particular interest to you. The ad networks we utilize may collect information about your visits to websites that also take part in the relevant ad network, such as the pages or advertisements you view and how you use the websites. We use this information, both on our online services and on third-party websites that take part in the ad networks, to provide you with advertising tailored to you, and to help us assess how effective our marketing is.

You can opt out of targeted advertising by visiting the Digital Advertising Alliance website or the Network Advertising Initiative website . If you choose to opt out, you will continue to receive advertisements but they will not be tailored to your interests. Please refer to a cookie preferences section of the Market Website for further information on your choices concerning target advertising. Moreover, depending on the type and version of the operating system of your mobile device, you may also be asked whether to enable targeted advertising.

7. Links to Third-Party Websites and Social Media

Our registration services may offer links to websites that are not run by us but by third parties. If you visit one of these linked websites, you should read the website’s privacy policy, terms and conditions, and their other policies. We are not responsible for the policies and practices of third parties. Any information you give to those organizations is dealt with under their privacy policy, terms and conditions, and other policies.

We may also have providers of other apps, tools, widgets and plug-ins (“Plug-Ins”) on our online services, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organizations may use your information in line with their own privacy policies. Please refer to the country-specific addendum for further information on your choices concerning such Plug-Ins.

8. Information Security

We are committed to taking appropriate measures designed to keep your personal information secure. Our technical, organizational and physical measures are designed to protect personal information from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the internet or any other public network can be guaranteed to be 100% secure.

9. Retention

We keep your information for the length of time needed to carry out the purposes outlined in this Privacy Statement [JP1] and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Statement.

10. International Data Transfers

The McDonald’s Family is global in nature with business processes, management structures and technical systems that cross borders. As such, we may share information about you within the McDonald’s Family and transfer it to countries in the world where our vendors or members of the McDonald’s Family are established. Any international data transfers will be in accordance with this Privacy Statement and in compliance with applicable laws.

If we are established in Switzerland or in the EU/EEA[JP2] or are otherwise subject to the GDPR or similar laws, we only transfer your personal information to countries that are considered by those laws to provide an adequate level of protection or otherwise where we have established or confirmed that all data recipients will provide an adequate level of data protection, in particular by way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (e.g., Commission Implementing Decision (EU) 2021/914) and other suitable measures, which are accessible from us upon request.

McDonald’s Corporation and McDonald’s Global Markets LLC’s participation in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

On 16 July 2020, the European Court of Justice ruled that the Commission Implementing Decision (EU) 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield is invalid.

Notwithstanding the above, McDonald’s Corporation and McDonald’s Global Markets LLC, a wholly-owned subsidiary, participate in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) administered by the U.S. Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland. For purposes of this Privacy Shield section only, McDonald’s Corporation and McDonald’s Global Markets LLC are each individually and collectively referred to as “McDonald’s Global”. McDonald’s Global’s participation in the Privacy Shield subjects it to the investigatory and enforcement power of the Federal Trade Commission. You can view a complete list of all Privacy Shield participants, including McDonald’s Global, at the Privacy Shield participant's page.

As a Privacy Shield participant, McDonald’s Global is committed to and has certified that it adheres to the Privacy Shield Principles for all personal information received from the European Union and Switzerland in reliance on the Privacy Shield. Please note the following:

McDonald’s Global may share personal information that is subject to the Privacy Shield Principles with vendors who provide services to it, as described above in Section 3. McDonald’s Global may be liable under the Privacy Shield if these vendors process such personal information in a manner inconsistent with the Privacy Shield and McDonald’s Global is responsible for the event giving rise to the damage.
McDonald’s Global may disclose personal information received in reliance on the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You have the right to request access to personal information received by McDonald’s Global in reliance on the Privacy Shield, and to exercise choice in limiting McDonald’s Global use and disclosure of such information. If you are interested in exercising your right and choice, please contact McDonald’s Global at the address, phone number or email address below.

McDonald’s Global privacy practices are provided in this Privacy Statement. McDonald’s Global encourages you to contact it at any time with questions, concerns or complaints about its privacy practices and participation in the Privacy Shield; simply use the address, phone number or email address provided below. You may also refer a complaint to your local data protection authority and McDonald’s Global will work with them to resolve your concern.

If McDonald’s Global is unable to resolve your concern regarding your personal information received by McDonald’s Global under the Privacy Shield, you have the right to direct your unresolved concern to JAMS, an independent dispute resolution service based in the United States, to provide recourse at no charge to you. To seek recourse for an unresolved concern, visit JAMS' Privacy Shield Dispute Resolution page . If JAMS is unable to resolve your concern, you may have the right to invoke binding arbitration under certain conditions. To learn more about this option, visit the Privacy Shield "How to Submit a Complaint" page.

Please note that the foregoing processes apply only to the resolution of disputes regarding personal information received by McDonald’s Global under the Privacy Shield. All other disputes that you may have with McDonald’s Global or any other members of the McDonald’s Family, or any agents, representatives, agencies, officers, directors, or employees, must be resolved in accordance with the terms and conditions of any applicable websites, mobile apps, email newsletters, email subscriptions or other digital properties owned or controlled by a member of the McDonald’s Family.

For more information about the Privacy Shield program, and to view McDonald’s Global certification, please visit the Privacy Shield website.

11. Changes To Our Privacy Statement

This Privacy Statement is in effect as of the date noted at the top of the statement. We may change this Privacy Statement from time to time. If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement and/or contact you directly where we deem appropriate to do so under applicable law. You should check here regularly for the most up-to-date version of the statement.

12. How To Contact Us

In line with our Standards of Business Conduct, we hold ourselves to ethical standards when it comes to data privacy and protection and we welcome any feedback or questions you may have concerning the collection and processing of your personal data. Our contact details and those of our Data Protection Office as well as the contact details of our data protection officer, if appointed, can be found below To exercise your rights under the GDPR, please email [email protected]

The McDonald’s Global Data Protection Office can be reached at
Attention: Global Data Protection Office
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
[email protected]

McDonald’s Corporation has appointed a data protection officer who can be reached at:
Attention: Data Protection Officer
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
[email protected]

13. United States

Last updated: November 11, 2024

McDonald’s USA is committed to protecting the information of our FIFA Registrants. The below is meant to provide additional information regarding our privacy practices in the United States.

Children’s Privacy Notice

We do not knowingly collect personal information through our registration services from children under the age of 13.

We urge parents to regularly monitor and supervise their children's online activities. If you have any questions about our children’s privacy practices, please contact us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
[email protected]

Disability Accessibility

If you are a user with a disability, or an individual assisting a user with a disability, and have difficulty accessing or navigating our digital channels – including this Privacy Statement – please contact us at [email protected]. You can also review our Accessibility Statement.

Do Not Track

Please note that our Web sites and mobile apps are not designed to respond to "do not track" requests from Web browsers.

How to Contact McDonald’s USA

If you have privacy questions specific to McDonald’s USA, you can reach us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
[email protected]