Is a Belocal franchisee required to indemnify the franchisor for losses related to a Security Breach?
Belocal Franchise · 2025 FDDAnswer from 2025 FDD Document
. Franchisee Indemnifying Parties agree to hold harmless, defend and indemnify Indemnitees from and against any and all losses, expenses, judgments, claims, attorney fees and damages arising out of or in connection with any claim or cause of action in which Indemnitees shall be a named defendant and which arises, directly or indirectly, out of the operation of, or in connection with a Security Breach or Franchisee Indemnifying Parties' violation of any Privacy Law, Data Protection and Security Policies, consumer protection-related law or regulation, email marketing and other marketing laws and regulations, and the PCI-DSS.
- (6) Personal Information Consent and Requests. Franchisee is responsible for obtaining any required consent to the collection, use, storage, processing, and sharing of Personal Information from all parties from which it is required to obtain consent under the Privacy Laws or Data Protection and Security Policies. Franchisee shall retain copies of all such consents and store them and share them with Franchisor in the manner Franchisor requires. Franchisee shall fully comply with Data
Protection and Security Policies and Privacy Laws as they relate to any person's exercise of his or her rights under the Privacy Laws. If any person contacts Franchisee seeking to exercise any right under law pertaining to Personal Information, Franchisee shall comply with such request in accordance with the terms of this Agreement, including the Data Protection and Security Policies, the Franchise Brand Standards Manual, the Privacy Laws, and as otherwise instructed by Franchisor. If requested by Franchisor, Franchisee must cooperate or coordinate with Franchisor to provide information about the way that Franchisee has collected, used, stored, processed, and shared Personal Information.
- (7) Use of Personal Information. Franchisee represents, warrants, and covenants that it shall not collect, use, store, process, or share Personal Information unless such action is permitted by (i) the terms of this Agreement, (ii) the terms of the Data Protection and Security Policies, (iii) the standards in the Franchise Brand Standards Manual, (iv) Privacy Laws, and if, applicable, (v) written approval of Franchisor. Franchisee shall collect, use, store, process, and share Personal Information only for purposes of operating the Franchised Business. Franchisee shall not sell Personal Information. Franchisee shall not re-identify any Personal Information that has been de-identified.
Source: Item 22 — CONTRACTS (FDD page 71)
What This Means (2025 FDD)
According to Belocal's 2025 Franchise Disclosure Document, a franchisee is required to indemnify Belocal for losses, expenses, judgments, claims, attorney fees, and damages arising from a security breach. This indemnification applies to any claim or cause of action where Belocal is named as a defendant and the claim arises directly or indirectly from the operation of the franchise or in connection with a security breach. It also extends to the franchisee's violation of any Privacy Law, Data Protection and Security Policies, consumer protection-related law or regulation, email marketing and other marketing laws and regulations, and the PCI-DSS.
Specifically, the franchisee must reimburse Belocal for all reasonable Notification and Remediation Related Costs incurred by Belocal that arise from a security breach directly or indirectly caused by the franchisee, its principals, and its independent staff. These costs include internal and external expenses associated with addressing and responding to the security breach. Examples of these costs are preparing and sending legally required notifications, establishing call centers, engaging IT consultants and public relations firms, and covering legal and accounting fees related to the investigation and response to the breach.
This means that if a Belocal franchisee's actions or inactions lead to a security breach that harms Belocal, the franchisee is financially responsible for covering Belocal's costs to rectify the situation. This could potentially involve significant expenses, depending on the scale and impact of the breach. Franchisees are also responsible for obtaining any required consent to the collection, use, storage, processing, and sharing of Personal Information from all parties from which it is required to obtain consent under the Privacy Laws or Data Protection and Security Policies. Franchisees must also cooperate with Belocal in any audit or inspection that Belocal may conduct relating to the franchisee's processing of Personal Information.