Is Burneys Sweets More obligated to create Data Protection and Security Policies?
Burneys_Sweets_More Franchise · 2025 FDDAnswer from 2025 FDD Document
| (ii) Data Protection and Security Policies. Franchisee shall comply with, or, | |
|---|---|
| as applicable, adopt policies consistent with the then-current version of Franchisor’s data | |
| protection and security policies as may be described in the Brand Standards Manual (“Data | |
| Protection and Security Policies”). Such policies may govern how Franchised Business | |
| Data and Personal Information contained in such data shall be collected, used, store, | |
| processed, shared, or destroyed. Franchisor has the right, but not the obligation to create | |
| such Data Protection and Security Policies. Franchisee acknowledges that Franchisor may | |
| supplement, modify, or amend the Data Protection and Security Policies from time to time | |
| in its sole discretion, and that Franchisee shall comply with such modifications or | |
| amendments within thirty (30) days of notice from Franchisor. Franchisor may require | |
| Franchisee to institute a data privacy policy for its Shop. Franchisee shall not publish, | |
| disseminate, implement, revise, or rescind a data privacy policy without Franchisor’s prior | |
| written consent as to said policy. |
Source: Item 23 — RECEIPT (FDD pages 50–199)
What This Means (2025 FDD)
According to Burneys Sweets More's 2025 Franchise Disclosure Document, Burneys Sweets More has the right, but not the obligation, to create Data Protection and Security Policies. If Burneys Sweets More does create these policies, franchisees must comply with the then-current version as described in the Brand Standards Manual. These policies govern how franchised business data and personal information is collected, used, stored, processed, shared, or destroyed.
If Burneys Sweets More chooses to create or modify these Data Protection and Security Policies, franchisees must comply with the changes within thirty days of notice from Burneys Sweets More. Burneys Sweets More may also require franchisees to institute a data privacy policy for their shop. However, franchisees cannot publish, disseminate, implement, revise, or rescind a data privacy policy without Burneys Sweets More's prior written consent.
The franchisee is responsible for obtaining consent for the collection, use, storage, processing, and sharing of personal information from customers and employees, as required by Privacy Laws or Data Protection and Security Policies. Franchisees must retain copies of these consents and share them with Burneys Sweets More as required. Franchisees must also comply with Privacy Laws regarding a person’s rights under those laws and cooperate with Burneys Sweets More to provide information about how personal information is handled.
Franchisees must not collect, use, store, process, or share Personal Information unless permitted by the franchise agreement, Data Protection and Security Policies, Brand Standards Manual, Privacy Laws, or with written approval from Burneys Sweets More. Franchisees are restricted to using personal information only for operating the shop and are prohibited from selling or re-identifying de-identified personal information. If a franchisee uses a vendor that handles personal information, the vendor must be contractually bound to the data protection obligations required by Burneys Sweets More.