Must a Belocal franchisee comply with all applicable Privacy Laws?
Belocal Franchise · 2025 FDDAnswer from 2025 FDD Document
[Item 22: CONTRACTS]
- (3) Privacy Laws. Franchisee represents, warrants, and covenants that it shall comply with (i) all applicable prevailing industry standards concerning privacy, data protection, confidentiality and
information security, including, without limitation, the then-current Payment Card Industry Data Security Standard of the PCI Security Standards Council ("PCI-DSS"); (ii) those mandatory Data Protection and Security Policies, if any; and (iii) all applicable international, federal, state, and local laws, rules, and regulations, as the same may be amended or supplemented from time to time, pertaining in any way to the privacy, confidentiality, security, management, disclosure, reporting, and any other obligations related to the possession or use of Personal Information (collectively, "Privacy Laws").
- (6) Personal Information Consent and Requests.
Franchisee is responsible for obtaining any required consent to the collection, use, storage, processing, and sharing of Personal Information from all parties from which it is required to obtain consent under the Privacy Laws or Data Protection and Security Policies.
Franchisee shall fully comply with Data
Protection and Security Policies and Privacy Laws as they relate to any person's exercise of his or her rights under the Privacy Laws.
Franchisee shall cooperate with Franchisor in any audit or inspection that Franchisor may conduct from time to time relating to Franchisee's processing of Personal Information.
Franchisee shall reimburse Franchisor for all reasonable Notification and Remediation Related Costs (as defined below) incurred by Franchisor arising out of or in connection with any such Security Breach that is directly or indirectly caused by Franchisee, its Principals, and its Independent Staff.
Franchisee Indemnifying Parties agree to hold harmless, defend and indemnify Indemnitees from and against any and all losses, expenses, judgments, claims, attorney fees and damages arising out of or in connection with any claim or cause of action in which Indemnitees shall be a named defendant and which arises, directly or indirectly, out of the operation of, or in connection with a Security Breach or Franchisee Indemnifying Parties' violation of any Privacy Law, Data Protection and Security Policies, consumer protection-related law or regulation, email marketing and other marketing laws and regulations, and the PCI-DSS.
Franchisee shall be solely responsible for compliance with all laws pertaining to emails, including, but not limited to, the U.S.
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ("CAN-SPAM Act of 2003"), and to use of automatic dialing systems, SMS text messages, and artificial or prerecorded voice messages, including but not limited to the Telephone Consumer Protection Act of 1991 ("TCPA"), as amended from time to time.
It is Franchisee's sole responsibility to apprise itself of the existence and requirements of all such laws, rules, regulations, ordinances, and orders and to adhere to them at all times during the Term of this Agreement.
Source: Item 22 — CONTRACTS (FDD page 71)
What This Means (2025 FDD)
According to Belocal's 2025 Franchise Disclosure Document, franchisees must comply with all applicable Privacy Laws. Belocal defines "Privacy Laws" as all applicable international, federal, state, and local laws, rules, and regulations, as they may be amended, pertaining to privacy, confidentiality, security, management, disclosure, reporting, and any other obligations related to the possession or use of Personal Information. "Personal Information" includes any data that can identify, locate, or contact an individual or household, including the franchisee's staff, advertisers, and publication recipients, as well as any information defined as protected under Privacy Laws.
Belocal franchisees must also adhere to prevailing industry standards concerning privacy, data protection, confidentiality, and information security, including the Payment Card Industry Data Security Standard (PCI-DSS). Franchisees are responsible for obtaining consent for the collection, use, storage, processing, and sharing of Personal Information as required by Privacy Laws and Belocal's Data Protection and Security Policies. They must retain copies of these consents and share them with Belocal as instructed.
Franchisees must also comply with laws pertaining to emails, including the CAN-SPAM Act of 2003, and the use of automatic dialing systems, SMS text messages, and artificial or prerecorded voice messages, including the Telephone Consumer Protection Act of 1991 (TCPA). Franchisees are responsible for staying informed about and adhering to all applicable laws, rules, regulations, ordinances, and orders throughout the term of the Franchise Agreement. Failure to comply with Privacy Laws or related data protection policies could lead to legal repercussions and potential termination of the franchise agreement.
Belocal franchisees are also responsible for notifying Belocal immediately of any Security Breach, defined as unauthorized access, processing, loss, use, disclosure, alteration, destruction, transfer, or other compromise of Personal Information. Franchisees must cooperate with Belocal to investigate and remedy any such breach. Franchisees are liable for reimbursing Belocal for all reasonable Notification and Remediation Related Costs incurred by Belocal arising out of or in connection with any Security Breach that is directly or indirectly caused by the franchisee, its Principals, and its Independent Staff.