factual

What laws must the Bath Tune Up franchisee comply with regarding Privacy Information?

Bath_Tune_Up Franchise · 2025 FDD

Answer from 2025 FDD Document

Privacy Information includes but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household: identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license or state identification card number, passport number, signature, physical characteristics or description, telephone number, insurance policy number, bank account number, credit card number, debit card number or any other financial information, medical information or health insurance information; characteristics of protected classifications under state or federal law; commercial information, including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies; biometric information; Internet or other electronic network activity information including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement; geolocation data; audio or electronic information; professional or employment-related information; education information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 USC § 1232g; 34 CFR Part 99); and inferences drawn from any of the information identified in this subsection to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. "Personal Information" does not include publicly available information that is lawfully made available to the general public from federal, state or local government records. "Publicly available" does not mean biometric information collected by a business about a consumer without the consumer's knowledge. "Privacy Law" means any local, state or federal data privacy or data security law or regulation.

  • (b) Use of Privacy Information.

In no circumstances shall Franchisee or Franchisor ever sell the Privacy Information.

Franchisee further agrees not to access, use or process the Privacy Information, except in the furtherance of its rights and obligations under this Agreement but at all times in compliance with Privacy Law.

Franchisee shall be solely liable for any and all violations of Privacy Law that may arise from its failure to comply with this provision.

  • (c) Privacy Information Requests.

To the extent Franchisor does not have the ability to address requests made under applicable Privacy Law by individuals that are the subject of any of the Privacy Information, Franchisee shall, upon Franchisor's request, provide reasonable assistance to Franchisor in responding to such requests.

  • (d) Audits.

During the term of this Agreement, at Franchisor's request and subject to reasonable notice, Franchisee shall provide Franchisor with information sufficient to establish its compliance with the obligations set forth in this section 8.18 and the applicable Privacy Laws.

8.19. PCI DSS Compliance

Franchisee must comply with the Payment Card Industry Data Security Standards (PCI DSS) as these standards may be revised and modified by the Payment Card Industry Security Standards Council

Source: Item 22 — CONTRACTS (FDD page 52)

What This Means (2025 FDD)

According to Bath Tune Up's 2025 Franchise Disclosure Document, franchisees must comply with all local, state, and federal data privacy and security laws and regulations, referred to as "Privacy Law." This compliance is required when accessing, using, or processing Privacy Information, which includes a wide range of data that can identify or is linked to a consumer or household. Bath Tune Up franchisees are prohibited from selling Privacy Information under any circumstances.

The FDD defines Privacy Information extensively, including identifiers like names, addresses, online data, and financial details, as well as biometric, geolocation, and employment-related information. It also covers inferences drawn from this data to create consumer profiles. This broad definition means franchisees must be vigilant in protecting almost any customer data they collect.

Bath Tune Up franchisees are responsible for any violations of Privacy Law resulting from their non-compliance. Franchisees must also assist Bath Tune Up in addressing requests made by individuals under applicable Privacy Law if Bath Tune Up is unable to handle the requests directly. Furthermore, franchisees must provide Bath Tune Up with information to verify compliance with privacy obligations, as requested by Bath Tune Up, subject to reasonable notice. Franchisees must also comply with the Payment Card Industry Data Security Standards (PCI DSS) and provide an annual PCI Attestation of Compliance if requested.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Bath_Tune_Up 2025 FAQs Ask FDD Ninja