Who is responsible for securing customer data at an Azal Coffee franchise?
Azal_Coffee Franchise · 2024 FDDAnswer from 2024 FDD Document
8.12 Data Security Requirements.
You are responsible for securing the data of your customers. You must comply with industry standards and all applicable laws relating to the protection of Customer Information (defined in Section 10.6) and other personal information. You will be solely responsible for any liability, damages or claims caused by any data breaches or your failure to comply with these industry standards and laws. You must comply with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures and other applicable payment card industry requirements ("PCI Requirements") in connection with the Franchise Business. It is recommended that you also comply with the ISO/IEC 27000-series information security standards (or other comparable third-party information security standards) ("Information Security Standards") in connection with the Franchise Business. It is your responsibility to research and understand the PCI Requirements and Information Security Standards, other industry standards, and applicable laws and to ensure that your business policies and practices comply with these requirements. Although we may provide advice and/or specify or provide Franchise Technology, we do not represent or warrant that the Franchise Technology complies with the PCI Requirements or Information Security Standards, other industry standards, and applicable laws and it will be your sole responsibility to ensure that your business practices comply with these requirements. You must periodically participate in audits of your information technology systems and data security policies by third party auditors as specified by us.
If you detect or are notified of a data breach involving the data of your customers ("Data Breach"), you must immediately notify us of the Data Breach. You must cooperate with us in investigating and halting the Data Breach, including giving us access to your information technology systems. We will have the right to name legal counsel to deal with the Data Breach and to control media communications relating to the Data Breach. You must not make any public statements about the Data Breach without our approval. You must indemnify us and hold us harmless for all claims and costs, including attorneys' fees, incurred by us as a result of any Data Breach that is your responsibility.
Source: Item 22 — CONTRACTS (FDD page 51)
What This Means (2024 FDD)
According to Azal Coffee's 2024 Franchise Disclosure Document, the franchisee is responsible for securing customer data. The franchisee must adhere to industry standards and all relevant laws concerning the protection of customer information and other personal data.
The Azal Coffee franchisee is solely liable for any damages, claims, or liabilities resulting from data breaches or failure to comply with industry standards and laws. This includes compliance with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures, as well as other payment card industry requirements. While adherence to ISO/IEC 27000-series information security standards is recommended, it's not mandatory.
Although Azal Coffee may offer advice or specify Franchise Technology, the document explicitly states that Azal Coffee does not guarantee that this technology complies with data security standards and applicable laws. The franchisee bears the ultimate responsibility for ensuring their business practices meet these requirements. Franchisees must also participate in periodic audits of their information technology systems and data security policies by third-party auditors, as specified by Azal Coffee.
In the event of a data breach, the franchisee must immediately notify Azal Coffee and cooperate in the investigation, including providing access to their IT systems. Azal Coffee reserves the right to appoint legal counsel and control media communications related to the breach. The franchisee is prohibited from making public statements about the breach without Azal Coffee's approval and must indemnify Azal Coffee for all claims and costs resulting from any data breach that is the franchisee's responsibility.