Is a Buona franchisee required to defend and indemnify the franchisor against losses resulting from failure to comply with Payment Card Industry Data Security Standards or data privacy laws?
Buona Franchise · 2025 FDDAnswer from 2025 FDD Document
- (e) Franchisee shall make arrangements for and accept payments systems which Franchisee designates from time to time, as part of the operation of the Franchised Business, including but not limited to credit card payments through Visa, MasterCard, and other credit card and debit card issuers and sponsors, check verification services, electronic funds transfer systems, mobile payment systems, and system-wide gift card programs. Franchisee's point-of-sale system and related payment processing systems must be compliant with current Payment Card Industry Data Security standards, all applicable data privacy laws, and any procedures required by the Manuals to prevent credit card fraud. Franchisee shall defend at its own cost and indemnify and hold harmless Franchisor, its shareholders, directors, officers, employees and agents, from and against any and all loss, costs, expenses (including attorneys' fees), taxes, damages and liabilities, however caused, resulting directly or indirectly from Franchisee's failure to comply with Payment Credit Industry Data Security Standards or data privacy laws.
Source: Item 22 — CONTRACTS (FDD page 78)
What This Means (2025 FDD)
According to Buona's 2025 Franchise Disclosure Document, franchisees are required to defend and indemnify Buona against losses resulting from failure to comply with Payment Card Industry Data Security Standards or data privacy laws. The franchisee's point-of-sale system and related payment processing systems must comply with these standards, all applicable data privacy laws, and any procedures in the manuals to prevent credit card fraud.
This means that the franchisee is responsible for any losses, costs, expenses (including attorney's fees), taxes, damages, and liabilities that Buona incurs due to the franchisee's failure to comply with these security standards and data privacy laws. This requirement places a significant financial burden on the franchisee, as they are responsible for ensuring their systems are secure and compliant.
It is important for prospective Buona franchisees to understand the implications of this indemnification clause. They should ensure they have adequate systems and procedures in place to comply with Payment Card Industry Data Security Standards and data privacy laws. Franchisees should also consult with legal and IT professionals to ensure they fully understand their obligations and liabilities in this area. This type of clause is relatively common in franchise agreements where the franchisee handles sensitive customer data.