What standards must a Body20 franchisee comply with regarding the security of the Technology System?
Body20 Franchise · 2025 FDDAnswer from 2025 FDD Document
You also must comply with all laws and payment card provider standards relating to the security of the Technology System, including, without limitation, the Payment Card Industry Data Security Standards.
You are responsible for any and all consequences that may arise if the system is not properly operated, maintained and upgraded or if the Technology System (or any of its components) fails to operate on a continuous basis or as we or you expect.
10.3 Customer Information.
(a) Protection of Customer Information. You must comply with our System Standards, other directions from us, and all Applicable Laws regarding the organizational, physical, administrative and technical measures and security procedures to safeguard the confidentiality and security of Customer Information on your Technology System or otherwise in your possession or control and, in any event, employ reasonable means to safeguard the confidentiality and security of Customer Information. "Customer Information" means names,
contact information, financial information and other personal information of or relating to the Studio's customers and prospective customers. If there is a suspected or actual breach of security or unauthorized access involving your Customer Information, you must notify us immediately after becoming aware of such actual or suspected occurrence and specify the extent to which Customer Information was compromised or disclosed. You are responsible for any financial losses you incur or remedial actions that you must take as a result of a breach of security or unauthorized access to Customer Information in your control or possession.
Source: Item 23 — RECEIPT (FDD pages 74–251)
What This Means (2025 FDD)
According to Body20's 2025 Franchise Disclosure Document, franchisees must adhere to specific standards to ensure the security of the Technology System. This includes compliance with all laws and payment card provider standards, such as the Payment Card Industry Data Security Standards. The Technology System encompasses the point-of-sale system, customer relationship management system, online reservation system, and other designated technology systems.
Body20 franchisees are responsible for the consequences of failing to properly operate, maintain, and upgrade the Technology System. This responsibility extends to any failures of the system or its components to operate continuously or as expected. Franchisees must also comply with Body20's System Standards, directions, and all Applicable Laws regarding organizational, physical, administrative, and technical measures to protect Customer Information. Customer Information includes names, contact information, financial information, and other personal information of customers and prospective customers.
Furthermore, Body20 requires franchisees to employ reasonable means to safeguard the confidentiality and security of Customer Information. In the event of a suspected or actual breach of security or unauthorized access to Customer Information, franchisees must immediately notify Body20 and specify the extent of the compromise or disclosure. The franchisee is financially responsible for any losses incurred or remedial actions required due to such breaches or unauthorized access. Franchisees must also implement any systems, procedures, or training programs that Body20 requires to protect Proprietary Information from unauthorized use or disclosure.
These requirements highlight the importance Body20 places on data security and the protection of customer information. Prospective franchisees should understand that maintaining a secure Technology System and adhering to data protection standards are critical aspects of operating a Body20 franchise. Failure to comply with these standards could result in financial liabilities and damage to the brand's reputation.