What are the recommended 'best practices' for Byrider franchisees to ensure drop box security, as mentioned in section 5.51?
Byrider Franchise · 2025 FDDAnswer from 2025 FDD Document
- 7.18 Information Security. The Franchisee must implement all administrative, physical and technical safeguards necessary to protect any information that can be used to identify an individual, including names, addresses, telephone numbers, e-mail addresses, employee identification numbers, signatures, passwords, financial information, credit card information, biometric or health data, government-issued identification numbers and credit report information ("Personal Information") in accordance with applicable law and industry best practices. It is entirely the Franchisee's responsibility (even if the Company provides the Franchisee with any assistance or guidance in that regard) to confirm that the safeguards the Franchisee uses to protect Personal Information comply with all applicable laws and industry best practices related to the collection, access, use, storage, disposal and disclosure of Personal Information. If Franchisee becomes aware of a suspected or actual breach of security or unauthorized access involving Personal Information, the Franchisee will notify the Company immediately and specify the extent to which Personal Information was compromised or disclosed. The Franchisee also agrees to follow the Company's instructions regarding curative actions and public statements relating to the breach. The Franchisee must comply with the Company's privacy policy, as it may be amended periodically. The Franchisee further agrees to comply with any requests to return or delete Personal Information, whether requested by the Company or directly by a consumer, as required by applicable data sharing and privacy laws**.**
Source: Item 23 — Receipts (FDD pages 88–335)
What This Means (2025 FDD)
Based on the 2025 Byrider Franchise Disclosure Document, section 5.51 is not provided within the included excerpts. However, the FDD does address information security more broadly.
The Byrider franchise agreement stipulates in section 7.18 that franchisees must implement administrative, physical, and technical safeguards to protect personal information, including names, addresses, financial data, and government-issued IDs, in compliance with applicable laws and industry best practices. This responsibility falls entirely on the franchisee, even if Byrider provides assistance or guidance. Franchisees must confirm that their safeguards meet all legal requirements for the collection, access, use, storage, disposal, and disclosure of personal information.
If a franchisee suspects a security breach or unauthorized access to personal information, they must immediately notify Byrider and follow the company's instructions regarding corrective actions and public statements. Franchisees must also comply with Byrider's privacy policy, as amended, and any requests to return or delete personal information as required by data sharing and privacy laws.
Given the absence of specific details on drop box security, it is recommended that prospective Byrider franchisees ask the franchisor for detailed guidelines and best practices related to securing drop boxes, including but not limited to frequency of collection, physical security measures for the box itself, and protocols for handling collected information to ensure compliance with privacy regulations.