Table of Contents

1. Privacy Statement
2. Consent
3. Consent to International Data Transfers
4. Consent to Electronic Notice If there Is A Security Breach
5. Our Use Of Your Personal Information and Type of Information We May Collect
6. Information We Collect That You Provide Us
7. Internet Users - Cookies, Internet Protocol (IP) Address, Aggregate Information
8. Compliance with the Digital Advertising Alliance
9. Interest-Based/Online Behavioral Advertising
10. Children and Data Collection
11. A Note to Parents/Guardians - Additional Information About Children’s Privacy
12. Collection and Use of SUBWAY® Franchisee and Prospective Franchisee Information
13. Collection and Use of Development Agent Information
14. Mobile Information
15. Mobile Marketing Promotions and Advertising
16. Forward-to-a-Friend and Refer-a-Friend
17. Opt-Out of Email Updates
18. Sharing of Personal Information
19. Security
20. Storage, Retention and Accuracy of Personal Information
21. Access, Control and Update Information About You
22. Contact Information
23. Links to Non-DAI Web Sites and Third Parties
24. Social Media and Online Engagement
25. Your California Privacy Rights
26. Safe Harbor Compliance
27. Members of the European Union
28. International Privacy Policies
29. Changes to our Privacy Policy
30. Terms and Conditions of Website Use

1. Privacy Statement - (Top)

Your privacy is very important to us. This Privacy Policy discloses how Doctor’s Associates Inc., (“DAI”) and its affiliated companies and subsidiaries collects, protects, uses and shares personal information gathered about. Our privacy practices are consistent with:

• The European Union Data Protection Directive and the U.S. Department of Commerce Safe Harbor Program Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
• Fair information practices established by the Organization for Economic Co-operation and Development (OECD).
• The Asia Pacific Economic Cooperation forum (APEC) Privacy Framework.
• Applicable country, national, state and local data protection laws (some country’s laws require country specific information in a privacy policy.

DAI, the owner of the SUBWAY® Restaurant System is an affiliate of Franchise World Headquarters, LLC (“FWH”), which operates as a service-oriented company for and on behalf of the SUBWAY® System worldwide by providing core business related services for the following franchising entities: Subway International B.V. (“SIBV”), Subway Systems Australia Pty Ltd (“SSA”), Subway Franchise Systems of Canada, Ltd. (“SFSC”), Subway Partners Colombia C.V. (“SPCCV”), Subway Systems do Brasil Ltda. (“SSB”), Sandwich and Salad Franchises of South Africa Pty Ltd. (“SSFSA”), Subway Systems India Private Limited (“SSIPL”). DAI owns and licenses the SUBWAY® trademark and SUBWAY® Restaurant System to its affiliates in order to develop SUBWAY® restaurants. DAI, FWH, SIBV, SSA, SFSC, SPCCV, SSB, SSFSA, and SSIPL, are collectively referred to herein as the “SUBWAY® Group”.

DAI shares information, including Personal Information, with the SUBWAY® Group and the following SUBWAY® Group advertising entities: Subway Franchisee Advertising Fund Trust, Ltd. (“SFAFT”) is a Connecticut statutory trust, with a business address at 325 Bic Drive, Milford, CT 06461. Subway Franchisee Advertising Fund Trust, B.V. (“SFAFT BV”) is a Netherlands limited liability company, with a business address at Prinsengracht 13, 1015 DK Amsterdam. Subway Franchisee Advertising Fund of Australia Pty. Ltd. (“SFAFA”) is a company limited by shares, with a business address at Level 1, 42 Amelia Street, Fortitude Valley, Queensland, 4006, Australia. Subway Franchisee Advertising Fund of Canada, Inc./Le Fond De Publicité Des Franchisés Subway Du Canada Inc. (“SFAFC”) is a federal corporation, with a business address at Monarch Registries, 11210-107 Avenue NW, Main Floor, Ed Monton, AB T5H 0Y1. The FAF Group administers national and local advertising funds and activity for SUBWAY® restaurants and SUBWAY® franchisees worldwide. SFAFT, SFAFT BV, SFAFA, an SFAFC are collectively referred to herein as the “FAF Group”.All Personal Information is collected in a fair and non-intrusive manner, with your voluntary consent. Personal Information is not accessible to anyone outside the specific function for which it is collected. DAI respects the privacy of our SUBWAY® customers and other visitors to our websites who may choose to provide personal information. We recognize the need for appropriate protections and management of personal information that you provide to us. This Privacy Policy will assist you to understand what types of information we may collect, how that information may be used, and with whom the information may be shared.

This Privacy Policy explains DAI’s practices regarding the information collected online from users of the SUBWAY® Restaurant Systems website located at www.subway.com.

In an effort to comply with the law, and our commitment to protect your personal information, we provide the following, which discloses our policies. Please note that this Privacy Policy does not govern the privacy policies and procedures of independently owned and operated SUBWAY® stores. In addition, this privacy policy does not govern the personal information handling policies and procedures of FWH or our affiliates within the SUBWAY® Group. To read the full Privacy Policy and find out more about the SUBWAY® Groups privacy practices, please see the SUBWAY® Online Privacy Notice located at: http://www.subway.com/subwayroot/PrivacyNotice.aspx.

2. Consent - (Top)

This Privacy Policy applies to all information gathered for and on behalf of DAI, whether in writing, verbally or electronically, through any website operated by or on behalf of DAI, including, but not limited to, www.subway.com, together with any and all future websites operated by or on behalf of DAI. BY SUBMITTING PERSONAL INFORMATION TO DAI, AND/OR BY ACCESSING AND USING THE WEBSITE, YOU AGREE THAT DAI MAY COLLECT, USE AND DISCLOSE SUCH PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY AND THE TERMS AND CONDITIONS AS PERMITTED OR REQUIRED BY LAW. If you have questions about this Privacy Policy or the protection of your information, please contact the Privacy Officer at privacyofficer@subway.com.

3. Consent to Share and Disclose Information, Including International Data Transfers Data Transfers - (Top)

In addition to consenting to this Privacy Policy and the Terms and Conditions, including any relevant supplemental policies, you expressly consent to DAI sharing the information that you have provided, as described herein. You agree that DAI may disclose and transfer your information worldwide, including in and outside the United States, the European Economic Area, Canada, and other jurisdictions serviced by the SUBWAY® Group, for any purpose relating to DAI’s operations and programs.

4. Consent to Electronic Notice if there is a Security Breach - (Top)

If DAI or a Recipient is required to provide notice of unauthorized access of certain security systems, you agree that DAI, or the Recipient, may do so when required or voluntarily by posting notice on the Website or sending notice to any email address DAI or the Recipient has for you, in the good faith discretion of DAI or the Recipient. You agree that notice to you will count as notice to any other individual for whom you are acting and agree to provide the notice to any such individual.

5. Our Use Of Your Personal Information And Type Of information we may collect - (Top)

We use your Personal Information to facilitate the services you request. We have tailored our Privacy Policy to adequately advise of the use of your Personal Information.

Personal Information is defined as any information concerning the personal or material circumstances of an identified or identifiable individual. An identifiable person is one who can be identified, directly or indirectly, by reference to a Social Security Number and/or Identification Number (hereinafter “SSN/I.N”) or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

Personal Information shall include but is not limited to: name (full name or first initial and last name), maiden name, nickname, email address, home address, home postal code, home telephone number, mobile phone number, date of birth, Social Security Number and/or Identification Number, financial information and employment related information such as may be found on resumes, applications, background verification information, or in employment references, photographic images (especially of face or other identifying characteristic, i.e. tattoo’s), video or voice recording.

DAI takes measures to maintain the confidentiality of your SSN/I.N to protect your SSN/I.N from unlawful disclosure, and to limit access to your SSN/I.N. DAI will not make your SSN/I.N available to the general public, print your SSN/I.N on any card, require you to provide your SSN/I.N to access any products or services, transmit your SSN/I.N over the Internet unless the connection is secure or your SSN/I.N has been encrypted, or requires the transmittal of your SSN/I.N to access our Website without requiring additional authentication.

Non-personal information is information that is already a matter of public record or knowledge. Business contact information is considered non-personal information and not subjected to special protection and it can be routinely shared with anyone inside or outside of the business. Business contact information shall include but is not limited to: business name, business address, business telephone number, and is not considered personal information in certain jurisdictions.

DAI will not collect customer Personal Information, unless the customer contacts DAI directly. In order to adequately address a customer’s concern, their Personal Information may be shared with our affiliate DAI and other affiliates within the SUBWAY® Group, the appropriate SUBWAY® Group’s area Development Agent and franchisees. The SUBWAY® Group Development Agents assist with franchise sales, site location, training, and provide operational assistance to franchisees. Failure to provide necessary information may prevent DAI from fully addressing any customer concerns.

For Instance, you may choose to communicate with us in some of the following ways:

• Subscription Services, such as, email and newsletters.
• User registration, such as access to www.subway.com, member or non-public member pages.
• Financial Transaction Information, such as, ordering from http://shop.subway.com/, operated by Franchise Shipping Center Company, Inc. (“FSC”); placing a catering order or signing up for a SUBWAY Card at: www.mysubwaycard.com, Subway Express™, www.tellsubway.com, and www.subwaycatering.com, operated by, Value Pay Services, LLC (“VPS”), a wholly owned subsidiary of Independent Purchasing Cooperative, Inc. (“IPC”).
•  Promotions and Sweepstakes.
• Surveys and/or Voting.

Upon entering your Personal Information regarding any of the above, the SUBWAY® Group, or our third party service providers, are contractually obligated to provide the same level of guarantees regarding the confidentiality and security of your Personal Information, as well as, to allow for oversight, monitoring, and auditing of the services being provided., DAI does not divulge User ID and Passwords to anyone internally or externally. Please note, when entering a Promotion or Sweepstake DAI urges you to review the Promotion or Sweepstake Official Rules and Privacy Policy specific to that Promotion or Sweepstakes.

7. Internet Users - Cookies, Internet Protocol (IP) Address, Aggregate Information - (Top)

Internet Users - Cookies, Internet Protocol (IP) Address, Aggregate Information Cookies - In addition to Personal Information, we use data collection devices such as "cookies" on certain web pages to help analyze our web page flow and measure promotional effectiveness. A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer's hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the 'lifetime' of the cookie, and a value, usually a randomly generated unique number. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services.

A few important things you should know about cookies are that:

• We offer certain features that are available only through the use of cookies.
• We use cookies to help identify you and maintain your signed-in status.
• Most cookies are "session cookies," meaning that they are automatically deleted from your hard drive at the end of a session.
•  You may encounter cookies from third parties on certain pages of the sites that we do not control. (For example, if you view a web page created by another user, there may be a cookie placed by that web page.) For detailed information about cookies and how they are used on our website, please see our Cookie Policy located at: http://www.subway.com/cookiepolicy/cpeng.us.pdf. Disabling/enabling cookies - You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled. For further information about disabling or blocking cookies, please see our Cookie Policy located at: http://www.subway.com/cookiepolicy/cpeng.us.pdf.

Web Beacon - Also called a Web bug or a pixel tag or a clear GIF. We use pixels tags or transparent GIF files, to help manage our online advertising and promotions. These tags collect anonymous (not personally identifiable) information about which advertisements and promotions bring users to our website. With both cookie and tag technology, the information that we collect and share is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, which is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.

Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser's cookies will prevent Web beacons from tracking the user's activity. The Web beacon will still account for an anonymous visit, but the user's unique information will not be recorded.

Internet Protocol (IP) Address - an Internet Protocol (IP) Address is associated with your computer's connection to the internet. DAI may use your IP address to help diagnose problems with DAI’s server, to administer the Website and to maintain contact with you as you navigate through the Website. Your computer's IP address also may be used to provide you with information based upon your navigation through the Website. DAI does not link IP addresses to any Personal Information.

Aggregate Information – is used to measure the visitors’ interest in, and use of, various areas of the Website and the various programs that DAI administers, DAI will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, DAI may undertake statistical and other summary analyses of the visitors' behaviors and characteristics. Although DAI may share this aggregate information with third parties, none of this information will allow anyone to identify you, or to determine anything else personal about you.

8. Compliance with the Digital Advertising Alliance - (Top)

The SUBWAY® Group uses the Evidon assurance platform to comply with the cross-industry Self-Regulatory Program for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA) (http:///aboutads.info). As part of this service, The SUBWAY® Group’s online advertisements and Web sites are sometimes delivered with icons that help consumers understand how their data is being used and provide choice options to consumers that want more control. The list of our advertising partners may be updated from time to time. To opt-out of internet-based advertising by all DAA-participating companies, please visit http://www.aboutads.info/choices/.

On some pages of our site we may allow third-party advertising partners to set web tracking tools (e.g., cookies and web beacons) to collect anonymous, non-personally identifiable information regarding your activities on those pages (e.g., your IP address, page(s) visited, time of day). We may also share such information we have collected with third-party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering future targeted advertisements to you when you visit other (non-SUBWAY®) sites within their networks. This practice is commonly referred to as "interest-based advertising" or "online behavioral advertising." Pages of our website that collect information that may be used by such advertising partners for interest-based advertising purposes may be identified by a link to AdChoices on the page.

Opting out (site pages). If you do not want your browsing while on such pages to be used for interest-based advertising purposes, you may click on the AdChoices link to opt-out of such uses by the listed advertising partner(s). Even if you opt-out through this service, we may still collect non-personally identifiable information regarding your site activities and use it for non-interest-based advertising purposes as described in this privacy statement.

Opting out (advertisements). Advertisements on third-party sites that contain the AdChoices link and that link to this privacy policy may have been directed to you based on anonymous, non-personally identifiable information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt-out of the advertising partners' use of this information for interest-based advertising purposes. Even if you opt-out through this service, we may still collect and use information from the advertisements for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.

At DAI, children’s privacy is important to us. DAI adheres to the federal privacy protection standards as stated in the Children's Online Privacy Protection Act (“COPPA”). We will not knowingly allow anyone under thirteen (13) to provide us any personally identifying information. Children under thirteen (13) years of age are required to obtain the express permission of a parent or guardian before submitting any Personal Information about themselves (such as their names, e-mail address, and phone number) over the Internet. If a child has provided us with personally-identifiable information without the consent of a parent or guardian, the parent or guardian of that child should contact the Privacy Officer immediately at privacyofficer@subway.com. We will use reasonable efforts to promptly delete the child's information from our servers.

A Note to Parents/Guardians—Additional Information about Children’s Privacy The Children's Online Privacy Protection Act ("COPPA") requires that we inform parents and legal guardians about how we collect, use, and disclose personal information from children under thirteen (13) years of age; and that we obtain the consent of parents and guardians in order for children under thirteen (13) years of age to use certain features of our website. Also, when we use the term "parent", we mean to include legal guardians.

Children can participate in many of our features without providing personally identifiable information. However, to enable their participation in certain interactive features, we may ask children to provide us with personally identifiable information. The types of information we may request include first name as well as the child’s and parent’s email addresses. We use a child’s email address to respond to a specific request to participate in an activity (e.g., participate in a contest or sweepstakes, respond to their question, enable them to subscribe to a newsletter). We use parents’ e-mail addresses to obtain their consent or notify them of their child's online activities and enable the parent to unsubscribe the child from a newsletter or other similar activity.

Sometimes, we use third party service providers to help us conduct contests or sweepstakes, send prizes to winners, or provide customer service related to activities on the website. These third party service providers are contractually obligated to adhere to this Privacy Policy. As such, these third party service providers are required to keep the information confidential and to use it only for the specific services they are performing on our behalf.

At any time parents can refuse to permit us to collect further personal information from their child and can request that any personal information we have collected be deleted from our records.

We will provide parents notice by e-mail of any material changes in the way we intend to collect, use, and/or share their child’s personal information. Please note that, at all times, parents should update their personal information to provide us a current email address.

If you would like to review any personally identifiable information that we have collected online from your child, have this information deleted, and/or request that there be no further collection or use of your child's information, or if you have questions about these information practices, you may contact our Privacy Officer:

If you choose to, you may submit via www.subway.com an electronic application seeking consideration as a prospective SUBWAY® franchisee. By submitting an electronic application, you agree that we may disclose your personal information to our affiliates within the SUBWAY® Group, their Development Agents, other SUBWAY® Group affiliates, and third party service providers as part of their consideration to your inquiry and to help them conduct their franchise marketing efforts. Information on your online form will become part of any application for a franchise that you might later submit. We require our affiliates within the SUBWAY® Group and their Development Agents to respect DAI’s privacy practices and not use your personal information for purposes other than to carry out our instructions.

By applying to become a SUBWAY® franchisee, a prospective franchisee consents to the collection, use, and disclosure of Personal Information in accordance with the this Privacy Policy. We collect and use Personal Information in order to assist a prospective franchisee in applying to become a SUBWAY® restaurant franchisee and to assist our affiliates within the SUBWAY® Group in selecting franchisee candidates.

Personal Information collected from prospective franchisees include, but is not limited to: name, address, telephone number, facsimile number, email address, date of birth, citizenship, educational background, criminal background, bank account information for Electronic Funds Transfer, financial statement, litigation history, and taxpayer identification number. Failure to provide requested Personal Information may negatively impact a prospective franchisee’s ability to become a franchisee. Once a prospective SUBWAY® restaurant franchisee becomes a franchisee, they may then reference themselves by their Franchise Agreement Number. In order to better service franchisees, a franchisee’s Personal Information may be shared between DAI and its affiliates within the SUBWAY® Group, pursuant to the service contracts between them.

In order to effectively implement the SUBWAY® Gift Card Program, and to provide purchasing services to members, a franchisee’s Personal Information may be shared with an independent purchasing cooperative or other independent third party. The Personal Information shared with the independent purchasing cooperative shall include, but will not be limited to: name, address, credit card information, and other related information necessary for billing purposes, such as a mailing address for credit card validation, and bank account information, you provided to DAI to establish your pre-authorized account for the payment of royalties, advertising fees, and other charges. Subject to a franchisee’s agreement with the independent purchasing cooperative, the independent purchasing cooperative may bill a franchisee’s bank account for fees and other costs associated with the SUBWAY® Gift Card Program. If a franchisee does not wish to disclose this information, they must notify the Privacy Officer in writing as described in the section titled “Contact Information” below.

A franchisee and/or prospective franchisee’s information may be shared with the SUBWAY® DAI Development Agent in their area. A Development Agent is an independent contractor of DAI. The Development Agents assist with franchise sales, site location, service franchisee leasing needs, provide operational assistance and related administrative functions, training to the franchisee. Development Agents also make recommendations as to whether a prospective franchisee in their territory should be granted a franchise. The Development Agent may use this information to: address a franchisee’s concerns in a customer complaint, respond to a franchisee’s inquiries for franchise sales, franchisee Personal Information may be shared during store transfers, and any other inquiry which may require a response. Franchisee Personal Information may also be shared with Subway Franchisee Advertising Fund Trust (“SFAFT”) in order to provide advertising services to member stores.

Finally, upon becoming a SUBWAY® franchisee you consent to DAI disclosing former or past franchisee contact information including Personal Information in its Disclosure Document for one (1) year after leaving the system, as required by law, unless you advise otherwise. Contact our Privacy Officer in writing, either by email or regular mail received, of your desire to not have your details or contact information disclosed, corrected or changed when you sell or transfer your SUBWAY® store, or exit the SUBWAY® system (whether by termination or otherwise). To contact the Privacy Officer, please see the section provided below entitled “Contact Information”.

By applying to become a SUBWAY® Development Agent via www.subway.com, an applicant consents to the collection, use, and disclosure of Personal Information in accordance with the following terms and conditions. We collect and use Personal Information in order to assist you in applying, and evaluating you to become a SUBWAY® Development Agent. Personal Information is collected to assist FWH and its affiliates within the SUBWAY® Group in selecting Development Agent candidates and for the purpose of operating a development territory.

Personal Information collected includes, but is not limited to: name, home address, home telephone number, facsimile number, email address, date of birth, bank account information for Electronic Funds Transfer, financial statement, resume, taxpayer identification number and background checks. Once a Development Agent candidate becomes a Development Agent, they may then reference themselves by their Development Agent Number. Failure to provide necessary information may negatively impact your ability to become a Development Agent.

 Finally, as a Development Agent within the SUBWAY® Group certain business information with respect to stores within your territory may be shared in the aggregate amongst your DA community. Such business information may include, but is not limited to, 3 year DA Performance Report, Emerging Market Developing Activity Report, Developed Market Report, Subway Compared to other QSR Report, and the Weekly Same Store AUV and Units Report.

You may submit Personal Information via your cell phone, smartphone, and tablet. If you use any location-enabled products, you may be sending us location information. DAI does not store or use this information other than to provide the service you requested. For example, a mobile product may use GPS data to find a nearby restaurant you requested. Location-enabled features are opt-in and you have control over your participation and can turn these services off at any time.

DAI uses a variety of new technologies and social media options to communicate and interact with consumers. These websites and mobile applications include popular social networking and media sites, such as, Twitter and Facebook. If you post updates to or receive updates from www.twitter.com , www.facebook.com , and other social networking websites, during the Promotion Period via SMS from your wireless phone, your wireless-service provider may charge you for each text message you send and receive. You must consult your wireless service provider regarding its pricing plans, as rates may vary. Use of third party social networking websites, such as, Twitter and Facebook, are governed by the privacy practices of those websites. DAI does not capture or store your login information or any other personally identifiable information for Twitter, Facebook, and other social networks, however, session information or cookies may be stored on your wireless phone, by their websites.

Mobile Information We Collect

• Web-enabled mobile applications may use cookies or web beacons and other methods to customize your browsing experience. Please see DAI's website Privacy Policy for more information.
• Some mobile applications will utilize Google Analytics (or similar tool) to help us better serve our customers through improved products, services, and revisions to the mobile applications. This collected information will not identify you to DAI. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.
• Use of 3rd party services such as social sharing sites (e.g., Facebook and Twitter) is governed by the privacy practices of those services. DAI does not capture or store your login information or other personally identifiable information for these services, however session info or cookies may be stored.

Mobile Information Sharing

• DAI does not share any collected information with 3rd parties with the following exceptions:
• DAI may provide some personal data to third-party partners that are providing services essential to your mobile user experience.
• All requests are sent through your mobile carrier's network and your carrier may have access to it. Consult your carrier's privacy policies for additional information.
• Certain mobile products and services and manufacturers allow you to interact and share your information with others. For example, you may want to Tweet or post to your Facebook page content from a DAI mobile application. Consult your mobile device manufacturer, or mobile product or application developer's privacy policies for additional information.

15. Mobile Marketing Promotions and Advertising - (Top)

If you participate in any advertising or marketing promotions the information that you provide will be handled in accordance with the Privacy Policy specific to said promotion which cannot and does not apply to this Privacy Policy.

Wireless Promotional Opportunities - DAI may provide users and viewers with the opportunity to register for special promotions via mobile text messaging and other wireless devices. Users are required to provide their consent to receive such information from DAI, either by registering on our website or via your wireless device. Promotional opportunities may be provided by the SUBWAY® Group, the FAF Group, and/or DAI’s third party service providers. The Information requested as part of the online registration process may include, but is not limited to, a user's telephone number or a wireless email address (only if specifically requested), and your mobile carrier's name.

Please note that most wireless transmissions are not secured and there is a greater risk of an unknown third party's interception of messages or a user's Personal Information when using a wireless communications device. Users that register for DAI's wireless services acknowledge, understand and agree that they may be charged by the user's wireless carrier for all messages between DAI and the user. Standard messaging rates will apply, unless noted otherwise. Under no circumstances will our website, DAI, the SUBWAY® Group, or its affiliates be held responsible for any wireless email or text messaging charges incurred by a user or by a person that has access to a user's wireless device, telephone number, or email address.

Termination of Wireless Services by User - Users may revoke their consent to receive mobile messages for marketing promotions from DAI and/or its affiliates by the following procedure:

A user may cancel one or more services via his/her wireless device at any time by using the unsubscribe mechanism provided by DAI at the time the message is sent, or by sending a text message that says "STOP", "END", "CANCEL", "REMOVE", "UNSUBSCRIBE" or "QUIT". DAI will terminate the user's registration for the most recent wireless service sent to the user. Any of these words followed by the word "ALL" in the user's termination request will cancel all of the user's registered wireless services with DAI. If the user unsubscribes from one or all of DAI service(s) via his or her wireless device, the service(s) will be terminated immediately and will cancel the user's previous opt-in.

Use of Information - DAI will not use a wireless telephone number, wireless or conventional internet email address, or other Information submitted for its wireless marketing promotions for any other purpose than to provide the services requested, unless we provide to you advance notice of any other use. We will not share any Personal Information with third party service providers unless you opt-in for such disclosure.

You may use a referral feature (either on a web page, in an e-mail, from a banner ad or other communication) to inform a friend about a Southwest web page or promotion. DAI may use any e-mail address provided when using this referral feature to send both an initial e-mail and a subsequent e-mail to recipients about the particular promotion, product, or service in which you indicated your "friend" may have an interest.

You may have the opportunity to elect to receive email communications from DAI. DAI will only email you alerts if you elect to receive them. If you elect to receive email communications, DAI will send you occasional updates about new additions to the Website as well as special offers and promotions of which you can take advantage. If at any time you decide you would rather not receive these types of communications from DAI, you can opt-out by clicking the unsubscribe link at the bottom of any DAI email, update the contact preferences for your account, or contact the Privacy Officer at privacyofficer@subway.com.

DAI does not sell Personal Information to third parties. We may share Personal Information with our service providers, consultants and affiliates for our internal business purposes. Except as described in this Privacy Policy, DAI will not share Personal Information with a third party, unless a customer requests, consents to such disclosure, or disclosure is required or authorized by law.

We may share your Personal Information with agents, affiliates or service providers who act for or on behalf of DAI in connection with the business of DAI, or for further processing the data in accordance with the purpose(s) for which the data was originally collected, e.g., third party maintenance of secure listing databases. We require our agents, affiliates and service providers to agree in writing to maintain the confidentiality and security of Personal Information they maintain on behalf of DAI and not to use it for any purpose other than the purpose for which we retained them. We also require any third parties we retain to protect Personal Information disclosed by us in accordance with all applicable privacy requirements and the general privacy principles described in this Privacy Policy.

The Personal Information you provide DAI is considered a company asset and may be disclosed and/or transferred to a third party in the event of a proposed or actual purchase, sale, lease, merger, amalgamation or any other type of acquisition, disposal, or financing of all or any portion of DAI or of any of the business assets or shares of DAI or a division thereof, in order for a customer to continue to receive the same products and services from the third party.

Although we make every effort to preserve user privacy, we reserve the right to disclose Personally Identifiable Information to a third party in certain limited circumstances, specifically: to comply with a law, regulation, search warrant, subpoena, judicial proceeding, a court order, or as otherwise may be required by law, to enforce our policies or contracts, to collect amounts owed to us, to protect users of our sites from fraudulent or abusive use, during emergencies when safety is at risk, as determined by DAI, or otherwise where necessary for the establishment, exercise or defense of legal claims. In addition, from time to time, server logs may be reviewed for security purposes; for example, to detect unauthorized activity on the web site. In such cases, server log data, containing IP addresses, would be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities. As described above, DAI, its affiliates within the SUBWAY® Group, third party service providers, and SUBWAY® Development Agents may share and exchange Personal Information in order to process franchisee applications, administer the SUBWAY® franchise system, and protect the integrity of the SUBWAY® franchise system and trademarks. Personal Information may be provided to a courier or freight forwarder to fulfill an order, which may have been requested from us.

SUBWAY® Development Agents and other service providers are prohibited from using Personal Information for any purpose other than to provide assistance to DAI and its affiliates within the SUBWAY® Group. Development Agents are required to protect Personal Information disclosed by us and to comply with the general privacy principles described in this Privacy Policy.

We endeavor to protect your Personal Information using physical, electronic or procedural security measures appropriate to the sensitivity of the information in our control. We safeguard your Personal Information on the Internet by using industry-standard practices. Although "guaranteed security" does not exist either on or off the Internet, we make commercially reasonable efforts to make the collection and security of such information consistent with our Privacy Policy and all applicable laws and regulations. Currently, our website utilizes a variety of different security measures designed to protect Personal Information of users both inside and outside SIBV, including the use of encryption mechanisms (e.g., Secure Socket Layers or SSLs), password protection, and other security measures to help prevent unauthorized access to your personally identifiable information. This helps maintain the confidentiality, privacy, and integrity of your transactions, and helps to protect your confidential information - such as credit card numbers, online forms, and financial data from loss, misuse, interception and hacking.

Phishing-Identity theft and the practice currently known as “phishing” are of great concern to DAI. Accordingly, safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password, Social Security Number or National Identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.

All reasonable steps are taken to safeguard your Personal Information against loss; unauthorized access, use, modification, disclosure; or any other misuse. We take all reasonable steps to insure that your Personal Information is accurate, up-to-date, complete, relevant and not misleading. DAI will retain your Personal Information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws and your consent to such purpose(s) remains valid after termination of our relationship with you.

You may contact the Privacy Officer to access, correct or delete your Personal Information. If necessary, the Privacy Officer will contact another individual to assist in completing your requested task. We want to be sure that we keep only the most accurate and up-to-date Personal Information in our records. You can email us at privacyofficer@subway.com to update your contact information. To protect your privacy, we will take reasonable steps to help verify your identity before granting access or making changes.

If you have any questions or concerns, please contact:

DAI Privacy Officer
Franchise World Headquarters LLC
325 Bic Drive
Milford, CT 06461
USA
Telephone Number: (203) 877-4281 or Toll Free: 1-800-888-4848
Facsimile: (203) 876-6690
Email Address: privacyofficer@subway.com

We will address your concern and attempt to resolve any problem. Download Privacy Information Request Form here: http://www.subway.com/subwayroot/InfoRequestForm.pdf.

23. Links to Non-DAI Web Sites and Third Parties - (Top)

Please note that www.subway.com websites may contain links to other websites for your convenience and information. DAI does not control those websites or their privacy practices, which may differ from www.subway.com. DAI’s Privacy Policy cannot and does not apply to external websites. We do not endorse or make any representations about third party websites. The personal data you choose to give to unrelated third parties is not covered by the DAI Privacy Policy. We encourage you to review the Privacy Policy of any company or website before submitting your Personal Information. Some third parties may choose to share their personal data with DAI; that sharing is governed by that third party company’s privacy policy, not, DAI’s Privacy Policy.

DAI and the SUBWAY® Group, uses a variety of new technologies and social media options to communicate and interact with consumers. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, the SUBWAY® Group uses several third-party platforms including, but not limited to, Facebook, Twitter, and YouTube. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by the SUBWAY® Group. When interacting with the SUBWAY® Group’s presence on those websites, you may reveal certain personal information to the SUBWAY® Group or to third parties. Except when used by the SUBWAY® Group’s employee’s for the purpose of responding to a specific message or request, the SUBWAY® Group will not use, share, or retain your personal information.

At this time, the SUBWAY® Group has three Social Media Accounts, Facebook.com/subway, Twitter.com/subwayfreshbuzz (we also own and in the near future will be migrating our Twitter Account to twitter.com/subway), and Youtube.com/subway.

Facebook: On the Facebook.com/subway Facebook page, the SUBWAY® Group’s staff posts news and other items of interest to individuals. If you have a Facebook account or 'Like' Facebook.com/subway Facebook page, you can post comments or click on the 'like' option for individual entries. If you comment or click on the 'like' button, personally identifying information will be visible to the SUBWAY® Group’s staff and other Facebook site visitors. The amount of visible personal information will depend on your own Facebook privacy settings. You can completely avoid displaying any personally identifiable information by not creating an account, not posting comments and not clicking on the 'like' options in Facebook. The SUBWAY® Group’s staff does not collect, use or disclose any information about visitors who comment or 'like' the SUBWAY® Group’s Facebook site. Facebook collects and reports on non-personally identifiable information about activities on Facebook pages. This information is password protected and only available to the SUBWAY® Group’s employees, members of the SUBWAY® Communications and Web Teams, and other designated staff who require this information to perform their duties. The Facebook privacy policy is available at: http://www.facebook.com/about/privacy/. Twitter: The SUBWAY® Group uses Twitter to send short messages (up to 140 characters) or 'Tweets' to share information about SUBWAY® Restaurants with visitors and respond to comments and inquiries sent via Twitter to the SUBWAY® Group. While visitors may read the SUBWAY® Group’s Twitter feeds without subscribing to them, visitors who want to subscribe to (or follow) The SUBWAY® Group’s Twitter feeds must create a Twitter account at www.twitter.com. To create an account, you must provide some personal information, such as name, user name, password and email address. Visitors have the option to provide additional personal information including a short biography, location or a picture. Most information you provide for a Twitter account is available to the public, but you can modify how much of your information is visible by changing your privacy settings at the Twitter.com Web site. The SUBWAY® Group’s staff members monitor the number of subscribers and respond to comments and queries via Twitter, but the staff never takes possession of the personal information belonging to Twitter followers. The SUBWAY® Group does not collect, maintain, disclose or share any information about people who follow The SUBWAY® Group on Twitter. The Twitter privacy policy is available at: http://twitter.com/privacy.

YouTube: The SUBWAY® Group posts videos on YouTube to make them available to all SUBWAY® Group visitors. You do not need to register with either YouTube or Google (YouTube owner) to watch The SUBWAY® Group’s videos. When visitors watch videos, YouTube may record non-personally identifiable information about its site usage, such as channels used, videos watched, and data transfer details to improve its services. If you log on to the YouTube site before watching The SUBWAY® Group’s videos, YouTube may associate information about your site use with your YouTube account. If you log on to YouTube and comment on a SUBWAY® Group’s video, any personal information you included when registering for your account will be visible to visitors who click on the comment. If you do not log in before watching the SUBWAY® Group’s videos posted on YouTube, your site use will not be associated with you or a YouTube account. The YouTube privacy policy is available at: http://www.youtube.com/t/privacy.

SUBWAY® Franchisees may have the opportunity to sponsor their own Facebook Pages, Twitter Accounts, and Youtube Accounts. Please note the Privacy Policies of the SUBWAY® Franchisees Social Media pages are located on the individual SUBWAY® Franchisees websites. This privacy policy does not govern the personal information handling practices and procedures of individual SUBWAY® Franchisees Social Media pages and their individual websites.

25. Your California Privacy Rights - (Top)

A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes ("California customer") is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties' direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed. However, under the law, a business is not required to provide the above-described lists if the business adopts and discloses to the public (in its privacy policy) a policy of not disclosing customer's personal information to third parties for their direct marketing purposes unless the customer first affirmatively agrees to the disclosure, as long as the business maintains and discloses this policy. Rather, the business may comply with the law by notifying the customer of his or her right to prevent disclosure of personal information and providing a cost free means to exercise that right.

DAI is in compliance with the U.S. Department of Commerce Safe Harbor requirements regarding the transfer of personal information from the European Economic Area (“EEA”) or Switzerland to the United States. DAI has been Self-Certified under the Safe Harbor privacy frameworks as set forth by the U.S. Department of Commerce, European Commission and Switzerland regarding the collection, storage, use, transfer and other processing of personal data transferred from the European Economic Area or Switzerland to the U.S., in accordance with the EU Directive on Personal Data Protection. The principles of Safe Harbor compliance are:

• Notice - Individuals must be informed that their data is being collected and about how it will be used;
• Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties;
• Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles;
• Security - Reasonable efforts must be made to prevent loss of collected information;
• Data Integrity - Data must be relevant and reliable for the purpose for which it was collected;
• Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate;
• Enforcement - There must be effective means of enforcing these rules. We may transfer the personal information we collect about you to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy. Further information regarding the Safe Harbor principles and certification process can be found at www.export.gov/safeharbor.

In addition, the U.S. Department of Commerce maintains a list of all compliant organizations, which can be accessed at http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list.

If you are a resident of the European Economic Area (“EEA”) or Switzerland and have any concerns or complaints, please first address these issues to the Privacy Officer. Doctor’s Associates Inc. is located in the United States, as are the servers that make our websites available. All matters relating to privacy issues and websites are governed by the laws of the United States and the State of Connecticut. If the Privacy Officer does not satisfactorily address a complaint within thirty (30) days, any dispute, controversy or claim shall be settled by an arbitration administered by an arbitration agency, such as the American Arbitration Association (“AAA”). All arbitrations will be conducted in English. Judgment rendered by the arbitrator may be entered in any court having jurisdiction. The costs of the arbitration will be borne equally by the parties. Connecticut, U.S.A. shall be the site of all hearings, and such hearings shall be before a single arbitrator. You may also submit complaints to the Federal Trade Commission at http://www.ftc.gov/ftc/complaint.htm or via telephone at (202)382-4537.

DAI, an affiliate of the SUBWAY® Group, encourages you to view your country’s Privacy Policy at www.subway.com. To view your country’s Privacy Policy please go to www.subway.com. At the top of the page, please click on CHANGE COUNTRY or REGION, and then EXPLORE OUR WORLD by clicking on your country. Go to the very bottom of your country’s page and click PRIVACY POLICY to view your country’s specific Privacy Policy.

 DAI will update this Privacy Policy occasionally. When DAI posts changes to this Privacy Policy, we will also revise the "Last Updated" date below on DAI’s Privacy Policy. If there are material changes to this Privacy Policy, DAI will notify you by email, or by means of a notice on our home page. DAI encourages you to review this Privacy Policy periodically to be informed of how DAI is protecting your information and to be aware of any changes to the Privacy Policy. Your continued use of the site after the posting of any amended Privacy Policy shall constitute your agreement to be bound by any such changes. This Privacy Policy is incorporated into any Terms and Conditions governing the various websites and any programs or services operated or managed on or behalf of DAI. Any changes to this Privacy Policy are effective immediately after being posted by DAI.

The Terms and Conditions governing your use of this Website located at: http://www.subway.com/subwayroot/legalDisclaimer.aspx contains important provisions disclaiming and excluding the liability of DAI and the SUBWAY® Group regarding your use of our Website and provisions determining the applicable law and exclusive jurisdiction for the resolution of any disputes regarding your use of this Website. Each of these provisions applies to any disputes that may arise in relation to this privacy policy and the collection, use and disclosure of your personal information, and are of the same force and effect as if they had been reproduced directly in this Privacy Policy.

LAST UPDATED: 03/26/13