What is PCI-DSS, as it relates to a Belocal franchise?

According to Belocal's 2025 Franchise Disclosure Document, PCI-DSS refers to the Payment Card Industry Data Security Standard of the PCI Security Standards Council. As a Belocal franchisee, you must comply with the current version of PCI-DSS, as well as all applicable industry standards concerning privacy, data protection, confidentiality, and information security. You must also adhere to any mandatory Data Protection and Security Policies established by Belocal, and all relevant international, federal, state, and local laws related to personal information.

Compliance with PCI-DSS is crucial because it involves handling sensitive payment card information. A failure to comply and a subsequent security breach could lead to significant financial and reputational repercussions for both the franchisee and Belocal. The franchisee is responsible for obtaining consent for the collection, use, storage, processing, and sharing of personal information as required by privacy laws and data protection policies.

Furthermore, the Franchise Agreement stipulates that the franchisee is responsible for reimbursing Belocal for all reasonable Notification and Remediation Related Costs if a security breach is directly or indirectly caused by the franchisee, its principals, or its independent staff. These costs can include expenses related to notifying affected individuals, engaging IT consultants and PR firms, and covering legal and accounting fees. The franchisee also agrees to indemnify Belocal against any losses, expenses, judgments, claims, attorney fees, and damages arising from a security breach or violation of privacy laws, data protection policies, or PCI-DSS.

In summary, Belocal franchisees must prioritize data security and privacy to protect personal information and maintain compliance with PCI-DSS and other applicable regulations. Failure to do so can result in substantial financial liabilities and damage to the franchise's reputation.