factual

What are the requirements for Cardholder data security and storage that Atwell Suites franchisees must comply with?

Atwell_Suites Franchise · 2025 FDD

Answer from 2025 FDD Document

ial Information belonging to or received from IHG or one of its Affiliates;

  • 6.2.2 (b) was lawfully acquired by Licensee from a third party having the legal, unconditional right to furnish same to Licensee; or
  • 6.2.3 (c) was at the time in question (whether at disclosure or thereafter) generally known by or available to the public (through no fault of Licensee).
  • 6.3 Required Disclosures. These confidentiality obligations will not restrict any disclosure required by applicable law, provided that Licensee gives prompt notice to IHG of any such legal requirement and reasonably cooperates with IHG at IHG request and expense to resist such legal requirement or to obtain a protective order.

7. Security Practices.

  • 7.1 Licensee understands that IHG and its Affiliates will have access to certain reports and information relating to the Hotel and generated through the use of the Curated Solutions, including information relating to revenues, room occupancy, and availability, as well as Personal Data. Licensee and the Hotel shall, and Licensee shall cause its Agents to, comply with:
    • 7.1.1 all applicable laws, including the Data Privacy Laws and contractual obligations, and any requirements of the credit card processing industry, including PCI DSS and any successor standard,
    • 7.1.2 all Standards, and
    • 7.1.3 all IHG policies, requirements, and requests concerning access to any Curated Solution, network connectivity, and transmission of data and reports to IHG and its Affiliates.
  • 7.2 Licensee shall be responsible for ensuring adequate security and backup procedures to avoid unauthorized access to, use of, or inadvertent loss of data and shall, in its discretion, determine appropriate security, which shall be no less than the standard of care in the industry. Without limiting Licensee's obligations set forth in subparts 7.1.1, 7.1.2 and 7.1.3 above, Licensee will comply with any additional security and data protection practice requirements that IHG will provide to Licensee in writing, which may be updated from time to time (the "Security Practices"). IHG may, in its sole discretion, amend the Security Practices at any time without prior notice (each, a "Security Practices Update"). A Security Practices Update may include additional terms and conditions, including the additional obligations of Licensee. Licensee will comply with any Security Practices Update within thirty (30) days following the date of the Security Practices Update and will comply with any changes to applicable laws, contractual obligations, and industry requirements (including PCI DSS and any successor standard) within the time period provided by such law or industry requirement.

8. PRIVACY AND DATA PROTECTION.

  • 8.1 Core Services and Optional Services. Unless otherwise stated in the Supplemental Terms, Participation Agreement, or Order Form, the privacy and data protection terms set out in Paragraph 7 of the License will apply to the Core Services and the Optional Services.
  • 8.2 Additional Required Services. Privacy and data protection terms for Additional Required Services are stated in the applicable Participation Agreement, Order Form, or Supplemental Terms.

9. REPRESENTATIONS, WARRANTIES AND COVENANTS.

9.1 By Licensee.

  • 9.1.1 Access and Use of Curated Solutions. Licensee will access and use each Curated Solution only in accordance with the License, the Supplemental Terms, and if applicable, the Participation Agreement or Order Form.
  • 9.1.2 Compliance with laws. Licensee will comply with (i) all laws applicable to Licensee and the Curated Solutions, and (ii) the policies, requirements, and procedures of IHG that are made available to Licensee from time to time.
  • 9.1.3 Licensee Responsibilities. Licensee will, and will cause its Agents to:
    • 9.1.3.a, test the Curated Solutions in Licensee's environment before use;
    • 9.1.3.b, ensure that Licensee's personnel are using the Curated Solutions correctly;
    • 9.1.3.c, enter information into the Curated Solutions accurately and completely;
    • 9.1.3.d, present information displayed by the Curated Solutions accurately; and
    • 9.1.3.e, report any actual or suspected Software errors or Service failures discovered in the course of using any Curated Solution to IHG and the applicable Service Provider.

9.2 By IHG.

Disclaimer. IHG is not the licensor or provider of any of the Curated Solutions made available to Licensee hereunder and offers no warranties on any Services. In agreeing to the Supplemental Terms or Participation Agreement (as applicable), Licensee is relying solely on the Service Provider's warranties, if any, expressly passed through to Licensee under such Supplemental Terms or Participation Agreement. IHG HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, FOR THE SERVICES, NETWORK CONNECTIVITY, AVAILABILITY, SOFTWARE, HARDWARE, OR SYSTEMS OR FOR MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR PURPOSE. EXCEPT FOR ANY PASS-THROUGH WARRANTY MADE BY A SERVICE PROVIDER OF SERVICES, ALL SERVICES, AND ALL SUPPORT MATERIALS AND OTHER DATA, SOFTWARE OR OTHER ITEMS MADE AVAILABLE BY A SERVICE PROVIDER OF SERVICES, ARE PROVIDED "AS IS" AND "WHERE IS".

10. TERMINATION.

  • 10.1 Termination for Convenience. IHG may terminate and/or replace this Master Technology Schedule, in whole or part, upon ninety (90) days' prior written notice to Licensee, without any liability to Licensee.
  • 10.2 Termination of a Participation Agreement. The termination of any Participation Agreement pursuant to its terms will not alone cause, or be interpreted as causing, termination of this Master Technology Schedule.
  • 10.3 Other Remedies. If Licensee is in default pursuant to paragraphs 11.B. or 11.C. under the License or in default of any of its obligations to IHG with respect to any Curated Solution, IHG may, in addition to or in lieu of exercising its termination or other, legal, equitable, or contractual rights, limit, reduce, suspend, or terminate Licensee's use of or access to any or all of the Curated Solutions.

11. DAMAGES.

  • 11.1 IN NO EVENT SHALL IHG BE LIABLE FOR THE FOLLOWING, REGARDLESS OF CAUSATION: INDIRECT, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING LOST BUSINESS, LOST PROFITS, INTEREST, PENALTIES OR ASSESSMENTS IMPOSED UNDER APPLICABLE LAW OR OTHERWISE, THIRD PARTY CLAIMS BY AFFILIATES, PARTNERS OR CUSTOMERS OF LICENSEE OR OTHERWISE, OR DAMAGES WITH RESPECT TO WHICH LICENSEE CONTRIBUTED OR ACTED AS AN INTERVENING CAUSE, WHETHER FORESEEABLE OR NOT, EVEN IF IHG HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • 11.2 IHG shall not be liable for any loss, cost, expense (including attorney fees), liability, damage, or claim (including strict liability in tort) (a) related to or arising from the Curated Solutions;

Source: Item 23 — Receipts (FDD pages 99–486)

What This Means (2025 FDD)

According to Atwell Suites' 2025 Franchise Disclosure Document, franchisees must adhere to several requirements regarding cardholder data security. As part of compliance with Card Organization Rules, franchisees are required to comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS compliance focuses on Merchant Systems where cardholder data can be accessed, processed, stored, or transmitted, including external connections into the network, connections to and from the authorization and settlement environment, and data repositories outside of the authorization and settlement environment. Franchisees are also responsible for ensuring that all Merchant Providers, Merchant Systems, Third Parties, Third Party Services, equipment, and software used in connection with Card transactions comply with Card Organization Rules, including PCI DSS. Information about PCI DSS can be found at www.pcisecuritystandards.org.

Atwell Suites franchisees must ensure adequate security and backup procedures to avoid unauthorized access to, use of, or inadvertent loss of data and shall, in its discretion, determine appropriate security, which shall be no less than the standard of care in the industry. Franchisees must comply with all applicable laws, including Data Privacy Laws and contractual obligations, and any requirements of the credit card processing industry, including PCI DSS and any successor standard. Franchisees must also comply with all Standards, and all IHG policies, requirements, and requests concerning access to any Curated Solution, network connectivity, and transmission of data and reports to IHG and its Affiliates.

If Transaction Data is known or suspected of having been accessed or retrieved by any unauthorized Third Party, the franchisee must contact Atwell Suites immediately, and in no event more than 24 hours after becoming aware of such activity. If a Compromised Data Event occurs or is suspected to have occurred, the franchisee must, at its own expense, perform an independent investigation, including a forensics analysis performed by a certified forensic vendor acceptable to Atwell Suites and the Card Organizations in accordance with Card Organization standards, of any data security breach of Cardholder data or Transaction Data. The franchisee must provide a copy of the certified forensic vendor's final report regarding the incident to Atwell Suites and the Card Organizations, perform any remedial actions recommended by any such investigation, and cooperate with Atwell Suites in the investigation and resolution of any security breach.

Non-compliance with data security requirements can result in fines, penalties, or restrictions from accepting cards, imposed by Card Organizations or Atwell Suites. Atwell Suites may suspend services if they reasonably believe a data security compromise has occurred, and may terminate the agreement if the compromise creates liability exposure for them. Franchisees are responsible for all expenses, claims, assessments, fines, losses, costs, penalties, and Issuer reimbursements imposed by the Card Organizations against Atwell Suites resulting from any loss, disclosure, theft, or compromise of Cardholder data, regardless of the franchisee's belief of compliance.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Atwell_Suites 2025 FAQs Ask FDD Ninja