Is Belocal franchisee required to comply with the Franchisor's Data Protection and Security Policies?
Belocal Franchise · 2025 FDDAnswer from 2025 FDD Document
- (2) Data Protection and Security Policies. Franchisee shall comply with, or, as applicable, adopt policies consistent with the then-current version of Franchisor's data protection and security policies as may be described in the Franchise Brand Standards Manual ("Data Protection and Security Policies"). Such policies may govern how Franchised Business Data and Personal Information contained in such data shall be collected, used, store, processed, shared, or destroyed. Franchisor has the right, but not the obligation, to create such Data Protection and Security Policies. Franchisee acknowledges that Franchisor may supplement, modify, or amend the Data Protection and Security Policies from time to time in its sole discretion, and that Franchisee shall comply with such modifications or amendments within thirty (30) days of notice from Franchisor. Franchisor may require Franchisee to institute a data privacy policy for its Franchised Business. Franchisee shall not publish, disseminate, implement, revise, or rescind any data privacy policy without Franchisor's prior written consent.
- (3) Privacy Laws. Franchisee represents, warrants, and covenants that it shall comply with (i) all applicable prevailing industry standards concerning privacy, data protection, confidentiality and
Source: Item 22 — CONTRACTS (FDD page 71)
What This Means (2025 FDD)
According to Belocal's 2025 Franchise Disclosure Document, franchisees are required to comply with the franchisor's data protection and security policies. Specifically, the franchisee must adhere to the then-current version of Belocal's data protection and security policies, which may be described in the Franchise Brand Standards Manual. These policies govern how Franchised Business Data and Personal Information are collected, used, stored, processed, shared, or destroyed. Belocal retains the right to create, supplement, modify, or amend these Data Protection and Security Policies, and franchisees must comply with these changes within 30 days of notice from Belocal.
Belocal may also require franchisees to institute a data privacy policy for their franchised business; however, franchisees cannot publish, disseminate, implement, revise, or rescind any data privacy policy without Belocal's prior written consent. Franchisees must also comply with all applicable prevailing industry standards concerning privacy, data protection, confidentiality, and information security, including the Payment Card Industry Data Security Standard (PCI-DSS), mandatory Data Protection and Security Policies, and all applicable international, federal, state, and local laws, rules, and regulations pertaining to Personal Information.
Furthermore, Belocal franchisees are responsible for obtaining any required consent for the collection, use, storage, processing, and sharing of Personal Information under Privacy Laws or Data Protection and Security Policies. Franchisees must retain copies of all such consents and share them with Belocal as required. They must also fully comply with Data Protection and Security Policies and Privacy Laws regarding any person's exercise of their rights under Privacy Laws. If a person seeks to exercise any right under law pertaining to Personal Information, the franchisee must comply with such requests according to the terms of the agreement, including the Data Protection and Security Policies, the Franchise Brand Standards Manual, the Privacy Laws, and as instructed by Belocal. Franchisees must cooperate with Belocal to provide information about how they have collected, used, stored, processed, and shared Personal Information if requested.