What administrative, physical, and technical safeguards must an Anago subfranchisor implement to protect Personal Information?
Anago Franchise · 2025 FDDAnswer from 2025 FDD Document
Subfranchisor must implement all administrative, physical and technical safeguards necessary to protect any information that can be used to identify an individual, including names, addresses, telephone numbers, e-mail addresses, employee identification numbers, signatures, passwords, financial information, credit card information, biometric or health data, governmentissued identification numbers and credit report information ("Personal Information") in accordance with applicable law and industry best practices. It is entirely Subfranchisor's responsibility (even if Franchisor provides Subfranchisor any assistance or guidance in that regard) to confirm that the safeguards Subfranchisor uses to protect Personal Information comply with all applicable laws and industry best practices related to the collection, access, use, storage, disposal and disclosure of Personal Information. If Subfranchisor becomes aware of a suspected or actual breach of security or unauthorized access involving Personal Information, Subfranchisor will notify Franchisor immediately and specify the extent to which Personal Information was compromised or disclosed.
Source: Item 23 — RECEIPTS (FDD pages 62–298)
What This Means (2025 FDD)
According to Anago's 2025 Franchise Disclosure Document, a subfranchisor must implement all administrative, physical, and technical safeguards necessary to protect Personal Information. This includes any information that can be used to identify an individual, such as names, addresses, telephone numbers, e-mail addresses, employee identification numbers, signatures, passwords, financial information, credit card information, biometric or health data, government-issued identification numbers, and credit report information.
It is the subfranchisor's responsibility to ensure that these safeguards comply with all applicable laws and industry best practices related to the collection, access, use, storage, disposal, and disclosure of Personal Information. This responsibility remains with the subfranchisor even if Anago provides assistance or guidance.
Furthermore, the subfranchisor is obligated to notify Anago immediately if they become aware of any suspected or actual breach of security or unauthorized access involving Personal Information. The notification must specify the extent to which Personal Information was compromised or disclosed. This requirement ensures that Anago is promptly informed of any potential data breaches and can take appropriate action to mitigate the impact.