Where are the data protection and security policies for Burneys Sweets More described?
Burneys_Sweets_More Franchise · 2025 FDDAnswer from 2025 FDD Document
(ii) Data Protection and Security Policies. Franchisee shall comply with, or, as applicable, adopt policies consistent with the then-current version of Franchisor's data protection and security policies as may be described in the Brand Standards Manual ("Data Protection and Security Policies"). Such policies may govern how Franchised Business Data and Personal Information contained in such data shall be collected, used, store, processed, shared, or destroyed. Franchisor has the right, but not the obligation to create such Data Protection and Security Policies. Franchisee acknowledges that Franchisor may supplement, modify, or amend the Data Protection and Security Policies from time to time in its sole discretion, and that Franchisee shall comply with such modifications or amendments within thirty (30) days of notice from Franchisor. Franchisor may require Franchisee to institute a data privacy policy for its Shop. Franchisee shall not publish, disseminate, implement, revise, or rescind a data privacy policy without Franchisor's prior written consent as to said policy.
(iii) Privacy Laws.
Franchisee warrants and represents and covenants that it shall comply with (i) applicable prevailing industry standards concerning privacy, data protection, confidentiality and information security, including, without limitation, the thencurrent Payment Card Industry Data Security Standard of the PCI Security Standards Council ("PCI-DSS"), (ii) those mandatory Data Protection and Security Policies, if any, and (iii) all applicable international, federal, state, and local laws, rules, and regulations, as the same may be amended or supplemented from time to time, pertaining in any way to the privacy, confidentiality, security, management, disclosure, reporting, and any other obligations related to the possession or use of Personal Information, including the Children's Online Privacy Protection Act (collectively, "Privacy Laws").
Source: Item 22 — CONTRACTS (FDD page 50)
What This Means (2025 FDD)
According to Burneys Sweets More's 2025 Franchise Disclosure Document, the data protection and security policies are described in the Brand Standards Manual. Specifically, the franchisee is required to comply with the franchisor's data protection and security policies, or adopt policies consistent with them, as outlined in the Brand Standards Manual. These policies govern how Franchised Business Data and Personal Information are collected, used, stored, processed, shared, or destroyed.
Burneys Sweets More has the right, but not the obligation, to create these Data Protection and Security Policies, and may modify or amend them at its discretion. Franchisees must comply with these changes within 30 days of notice from Burneys Sweets More. Furthermore, Burneys Sweets More may require franchisees to institute a data privacy policy for their shop, but the franchisee cannot publish, disseminate, implement, revise, or rescind a data privacy policy without the franchisor's prior written consent.
In addition to adhering to the Brand Standards Manual, Burneys Sweets More franchisees must comply with prevailing industry standards concerning privacy, data protection, confidentiality, and information security, including the Payment Card Industry Data Security Standard (PCI-DSS). They must also adhere to all applicable international, federal, state, and local laws, rules, and regulations pertaining to the privacy, confidentiality, security, management, disclosure, and reporting of Personal Information, including the Children's Online Privacy Protection Act.