Who is responsible for the security of the Anago Software, collected data, and Related Materials from outside intrusion?
Anago Franchise · 2025 FDDAnswer from 2025 FDD Document
Subfranchisor must implement all administrative, physical and technical safeguards necessary to protect any information that can be used to identify an individual, including names, addresses, telephone numbers, e-mail addresses, employee identification numbers, signatures, passwords, financial information, credit card information, biometric or health data, governmentissued identification numbers and credit report information ("Personal Information") in accordance with applicable law and industry best practices. It is entirely Subfranchisor's responsibility (even if Franchisor provides Subfranchisor any assistance or guidance in that regard) to confirm that the safeguards Subfranchisor uses to protect Personal Information comply with all applicable laws and industry best practices related to the collection, access, use, storage, disposal and disclosure of Personal Information. If Subfranchisor becomes aware of a suspected or actual breach of security or unauthorized access involving Personal Information, Subfranchisor will notify Franchisor immediately and specify the extent to which Personal Information was compromised or disclosed.
Source: Item 23 — RECEIPTS (FDD pages 62–298)
What This Means (2025 FDD)
According to Anago's 2025 Franchise Disclosure Document, the Subfranchisor is responsible for implementing security measures to protect personal information. Specifically, Section 3.9 states that the Subfranchisor must implement all necessary administrative, physical, and technical safeguards to protect any information that can be used to identify an individual. This includes names, addresses, telephone numbers, email addresses, employee identification numbers, signatures, passwords, financial information, credit card information, biometric or health data, government-issued identification numbers, and credit report information.
This responsibility falls entirely on the Subfranchisor, even if Anago provides assistance or guidance. The Subfranchisor must ensure that these safeguards comply with all applicable laws and industry best practices related to the collection, access, use, storage, disposal, and disclosure of Personal Information.
Furthermore, the Subfranchisor is obligated to immediately notify Anago if they become aware of any suspected or actual breach of security or unauthorized access involving Personal Information. This notification must specify the extent to which Personal Information was compromised or disclosed. This places a significant burden on the subfranchisor to maintain robust security protocols and stay informed about potential threats and vulnerabilities.