Does Belocal require franchisees to institute a data privacy policy for their Franchised Business?

. Franchisor may require Franchisee to institute a data privacy policy for its Franchised Business. Franchisee shall not publish, disseminate, implement, revise, or rescind any data privacy policy without Franchisor's prior written consent.

• (3) Privacy Laws. Franchisee represents, warrants, and covenants that it shall comply with (i) all applicable prevailing industry standards concerning privacy, data protection, confidentiality and

information security, including, without limitation, the then-current Payment Card Industry Data Security Standard of the PCI Security Standards Council ("PCI-DSS"); (ii) those mandatory Data Protection and Security Policies, if any; and (iii) all applicable international, federal, state, and local laws, rules, and regulations, as the same may be amended or supplemented from time to time, pertaining in any way to the privacy, confidentiality, security, management, disclosure, reporting, and any other obligations related to the possession or use of Personal Information (collectively, "Privacy Laws").

• (4) Marketing; Consumer Protection. Franchisee shall be solely responsible for compliance with all laws pertaining to emails, including, but not limited to, the U.S. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ("CAN-SPAM Act of 2003"), and to use of automatic dialing systems, SMS text messages, and artificial or prerecorded voice messages, including but not limited to the Telephone Consumer Protection Act of 1991 ("TCPA"), as amended from time to time. Franchisee must comply with other applicable consumer protection laws and regulations.
• (5) Security Breach. Franchisee shall cooperate with Franchisor in any audit or inspection that Franchisor may conduct from time to time relating to Franchisee's processing of Personal Information.

Source: Item 22 — CONTRACTS (FDD page 71)