Is a 7 Brew franchisee responsible for complying with laws governing the use, disclosure, and protection of Consumer Data?
7_Brew Franchise · 2025 FDDAnswer from 2025 FDD Document
e before we gave you access to it (directly or indirectly). If we include any matter in
Confidential Information, anyone claiming it is not Confidential Information must prove that the exclusion in this paragraph applies.
10. Consumer Data
You must comply with our reasonable instructions regarding the organizational, physical, administrative, and technical measures and security procedures to safeguard the confidentiality and security of the names, addresses, telephone numbers, e-mail addresses, dates of birth, demographic or related information, buying habits, preferences, credit-card information, and other personally-identifiable information of customers ("Consumer Data") and, in any event, employ reasonable means to safeguard the confidentiality and security of Consumer Data. You must comply with all Laws governing the use, protection, and disclosure of Consumer Data.
If there is a Data Security Incident at the Store, you must notify us immediately after becoming aware of the actual or suspected occurrence, specify the extent to which Consumer Data was compromised or disclosed, and comply and cooperate with our instructions for addressing the Data Security Incident in order to protect Consumer Data and the 7 BREW Store brand (including giving us or our designee access to your Computer System, whether remotely or at the Store). We (and our designated affiliates) have the right, but no obligation, to take any action or pursue any proceeding or litigation with respect to the Data Security Incident, control the direction and handling of such action, proceeding, or litigation, and control any remediation efforts.
Source: Item 22 — CONTRACTS (FDD pages 82–83)
What This Means (2025 FDD)
According to 7 Brew's 2025 Franchise Disclosure Document, franchisees are responsible for complying with all laws governing the use, protection, and disclosure of consumer data. Consumer data includes names, addresses, telephone numbers, email addresses, dates of birth, demographic information, buying habits, preferences, and credit card information of customers. Franchisees must also follow 7 Brew's instructions for organizational, physical, administrative, and technical measures to safeguard this data.
In the event of a data security incident at the store, the franchisee must immediately notify 7 Brew, specifying the extent to which consumer data was compromised. The franchisee is then required to cooperate with 7 Brew's instructions for addressing the incident to protect consumer data and the 7 Brew brand. This includes providing 7 Brew or its designee access to the franchisee's computer system, whether remotely or at the store.
7 Brew retains the right, but not the obligation, to take action or pursue legal proceedings regarding a data security incident, controlling the handling of such actions and any remediation efforts. If a data security incident results from the franchisee's failure to comply with the franchise agreement or requirements for protecting the computer system and consumer data, the franchisee must indemnify 7 Brew and compensate them for all damages incurred as a result of the breach.