What are the 7 Brew franchisee's obligations regarding laws governing the use, protection, and disclosure of Consumer Data?
7_Brew Franchise · 2025 FDDAnswer from 2025 FDD Document
You must comply with our reasonable instructions regarding the organizational, physical, administrative, and technical measures and security procedures to safeguard the confidentiality and security of the names, addresses, telephone numbers, e-mail addresses, dates of birth, demographic or related information, buying habits, preferences, credit-card information, and other personally-identifiable information of customers ("Consumer Data") and, in any event, employ reasonable means to safeguard the confidentiality and security of Consumer Data. You must comply with all Laws governing the use, protection, and disclosure of Consumer Data.
If there is a Data Security Incident at the Store, you must notify us immediately after becoming aware of the actual or suspected occurrence, specify the extent to which Consumer Data was compromised or disclosed, and comply and cooperate with our instructions for addressing the Data Security Incident in order to protect Consumer Data and the 7 BREW Store brand (including giving us or our designee access to your Computer System, whether remotely or at the Store). We (and our designated affiliates) have the right, but no obligation, to take any action or pursue any proceeding or litigation with respect to the Data Security Incident, control the direction and handling of such action, proceeding, or litigation, and control any remediation efforts.
"Data Security Incident" means any act that initiates either internally or from outside the Store's computers, point-of-sale terminals, and other technology or networked environment and violates the Law or explicit or implied security policies, including attempts (either failed or successful) to gain unauthorized access (or to exceed authorized access) to the Franchise System, 7 BREW Stores, or their Data or to view, copy, or use Consumer Data or Confidential Information without authorization or in excess of authorization; unwanted disruption or denial or service; unauthorized use of a system for processing or storage of Data; and changes to system hardware, firmware, or software characteristics without our knowledge, instruction, or consent.
If we determine that any Data Security Incident results from your failure to comply with this Agreement or any requirements for protecting the Computer System and Consumer Data, you must (a) indemnify us under Section 20.E and (b) compensate us for all other damages we incur as a result of your breach of this Agreement.
Source: Item 22 — CONTRACTS (FDD pages 82–83)
What This Means (2025 FDD)
According to 7 Brew's 2025 Franchise Disclosure Document, franchisees have specific obligations regarding consumer data. Franchisees must follow 7 Brew's instructions on organizational, physical, administrative, and technical measures, along with security procedures, to protect the confidentiality and security of customer's personal information. This information includes names, addresses, phone numbers, email addresses, birthdates, demographic data, buying habits, preferences, and credit card information. Even without specific instructions from 7 Brew, franchisees must employ reasonable means to safeguard this consumer data. Most importantly, franchisees must comply with all laws governing the use, protection, and disclosure of consumer data.
In the event of a data security incident at the 7 Brew store, the franchisee is obligated to immediately notify 7 Brew. The notification must specify the extent to which consumer data was compromised or disclosed. The franchisee must then cooperate with 7 Brew's instructions for addressing the incident to protect consumer data and the 7 Brew brand. This cooperation includes giving 7 Brew or its designee access to the franchisee's computer system, whether remotely or at the store. 7 Brew retains the right, but not the obligation, to take action, pursue legal proceedings, and control remediation efforts related to the data security incident.
The FDD defines a "Data Security Incident" as any act that starts internally or externally and violates the law or security policies. This includes unauthorized attempts to access the Franchise System, 7 Brew stores, or their data, as well as unauthorized viewing, copying, or use of consumer data or confidential information. It also covers unwanted disruption or denial of service, unauthorized use of a system for processing or storing data, and changes to system hardware, firmware, or software without 7 Brew's knowledge or consent. If a data security incident occurs due to the franchisee's failure to comply with the agreement or requirements for protecting the computer system and consumer data, the franchisee must indemnify 7 Brew and compensate them for all damages resulting from the breach.