What must a Beauty Bungalows franchisee do if there is an actual or suspected data breach?
Beauty_Bungalows Franchise · 2025 FDDAnswer from 2025 FDD Document
- 11.04 Data Security and Privacy. Franchisee must comply with all applicable federal, state, and local laws, rules, and regulations regarding data security, protection, and privacy, including, without limitation and if applicable, the California Consumer Privacy Act ("CCPA"), Cal. Civ. Code § 1798.100, et seq. Franchisee must comply with any privacy policies, data protection polices, and breach response policies that Franchisor periodically may establish. Franchisee must notify Franchisor immediately regarding any actual or suspected data breach at or in connection with your Franchise or Business. Further, whenever and to the extent Franchisee operates as a "Service Provider" under the CCPA or in a similar capacity under any other applicable federal, state, or local privacy law, Franchisee represents, warrants, and covenants that:
- a. Franchisee will not sell, make available or otherwise disclose any customer's "Personal Information" (as defined in the CCPA) to any third party for valuable consideration;
- b. Franchisee will retain, use, or disclose Personal Information only for the specific purpose of performing the services specified in this Agreement, and not any commercial or noncommercial purpose other than providing the services specified in this Agreement;
- c. Franchisee will not retain, use, or disclose Personal Information outside of the direct business relationship between Franchisee and Franchisor;
- d. Franchisee will delete any Personal Information upon Franchisor's request unless Franchisee can prove that such request is subject to an exception under applicable law; and
- e. Franchisee certifies that it understands and will fully comply with the restrictions of this Section 11.04. Franchisee also acknowledges and agrees that Franchisor may modify the restrictions by written notice to Franchisee, including adding other similar privacy restrictions that may be required under other federal, state, or local privacy laws.
Source: Item 22 — CONTRACTS (FDD pages 47–48)
What This Means (2025 FDD)
According to Beauty Bungalows' 2025 Franchise Disclosure Document, a franchisee must immediately notify Beauty Bungalows of any actual or suspected data breach at or in connection with their franchise or business. Additionally, the franchisee must comply with all applicable federal, state, and local laws, rules, and regulations regarding data security, protection, and privacy. This includes adherence to any privacy policies, data protection policies, and breach response policies that Beauty Bungalows may periodically establish.
Furthermore, if the franchisee operates as a "Service Provider" under the California Consumer Privacy Act (CCPA) or in a similar capacity under any other applicable privacy law, they must adhere to specific restrictions regarding the handling of customer's Personal Information. These restrictions include not selling or disclosing personal information to third parties for valuable consideration, using personal information only for the services specified in the Franchise Agreement, and deleting personal information upon Beauty Bungalows' request unless an exception applies under applicable law.
These requirements ensure that Beauty Bungalows franchisees take data security seriously and act swiftly to mitigate any potential harm from data breaches. By mandating immediate notification and compliance with privacy laws, Beauty Bungalows aims to protect customer data and maintain the integrity of the brand. Prospective franchisees should carefully review these obligations to understand their responsibilities regarding data security and privacy.