What specific data security standards must an Aerus franchisee comply with?
Aerus Franchise · 2025 FDDAnswer from 2025 FDD Document
ng purposes in accordance with the System and Company's procedures concerning such activities. Franchisee shall not use the Customer Data, or permit the Customer Data to be used, for any purpose except the operation of the Franchised Business and all uses and purposes incidental thereto.
- C. Franchisee must comply with, and is solely responsible for ensuring that the Franchised Business complies with: (1) all applicable consumer and data privacy laws, including, without limitation, the Fair and Accurate Credit Transactions Act ("FACTA"); (2) the Payment Card Industry Data Security Standards ("PCI DSS"), as they may be revised and modified by the Payment Card Industry Security Standards Council (see www.pcisecuritystandards.org), or such successor or replacement organization as Company may specify; and (3) and such additional
guidelines relating to consumer and data privacy as Company may from time to time prescribe. Franchisee shall also periodically upgrade its computer systems to ensure Franchisee's compliance with all such laws, regulations, and guidelines.
Source: Item 23 — Receipts (FDD pages 74–305)
What This Means (2025 FDD)
According to Aerus's 2025 Franchise Disclosure Document, franchisees must adhere to certain data security standards to protect customer information and maintain the integrity of the Aerus system. Aerus owns and maintains a database of customer information, referred to as the "Customer Data." Franchisees are granted a license to use this data but are restricted from using it for any purpose outside the operation of their Aerus franchise. This means franchisees cannot sell, lease, or otherwise distribute customer data to third parties for purposes unrelated to the Aerus business.
Aerus franchisees must comply with all applicable consumer and data privacy laws, including the Fair and Accurate Credit Transactions Act. This encompasses a broad range of legal requirements related to data protection, consumer credit information, and identity theft prevention. Franchisees are solely responsible for ensuring their business adheres to these laws, which may require implementing specific security measures, providing privacy notices to customers, and establishing procedures for handling data breaches.
In addition to legal requirements, Aerus franchisees must also adhere to the standards and procedures outlined in the Aerus manuals. These manuals likely contain detailed guidelines on data security practices, including how to collect, store, and transmit customer information securely. Franchisees are also required to use any information, data, or relationship management software provided by Aerus to service and support existing customers, develop leads, and accurately record information about sales, leads, and customers in the Customer Data. This ensures that customer data is managed consistently across the Aerus system and that franchisees are using approved methods for handling sensitive information.