What must Camp Margaritaville notify Margaritaville of regarding security or privacy breaches?
Camp_Margaritaville Franchise · 2025 FDDAnswer from 2025 FDD Document
Customer shall notify Margaritaville of (i) any act or omission that compromises either the security, confidentiality or integrity of Privacy Information collected from end users in connection with these CRM Terms of Use or (ii) a breach or alleged breach of these CRM Terms of Use relating to the privacy practices of Customer in accordance with the terms of the Branding Agreement.
Customer shall likewise promptly notify Margaritaville of any suspicious or malicious activity, potential vulnerabilities, or security weaknesses of which it becomes aware in accordance with the terms of the Branding Agreement.
- (iii) The written notice to the Franchisor required in the previous sentence must be sent to legal@margaritaville.com and shall include, at a minimum (if known, and to Franchisee's knowledge as of the time of the notice): (i) the type of Guest Profile Data or Confidential Information that may have been accessed, acquired, disclosed, or used as a result of the Security Incident, (ii) if any Personal Data may have been accessed, acquired, disclosed, or used, the type of personally identifiable data and the names and contact information of all individuals whose personally identifiable data may have been impacted by the Security Incident, (iii) Franchisee's plan for corrective actions to respond to the Security Incident; and (iv) steps taken to secure Guest Profile Data or Confidential Information and preserve information for any necessary investigation.
Franchisee shall not unreasonably delay its notification to Franchisor.
Additionally, Franchisee shall provide regular updates to Franchisor regarding the Security Incident and shall notify Franchisor promptly as new information becomes known, until the Security Incident is fully remediated to Franchisor's reasonable satisfaction.
Source: Item 23 — RECEIPTS (FDD pages 72–406)
What This Means (2025 FDD)
According to Camp Margaritaville's 2025 Franchise Disclosure Document, franchisees, referred to as 'Customers' in this context, have specific notification responsibilities to Margaritaville regarding security and privacy. Specifically, the franchisee must notify Margaritaville of any act or omission that compromises the security, confidentiality, or integrity of Privacy Information collected from end users. This includes any breach or alleged breach of the CRM Terms of Use relating to the privacy practices of the franchisee, in accordance with the terms of the Branding Agreement. The franchisee must also promptly notify Margaritaville of any suspicious or malicious activity, potential vulnerabilities, or security weaknesses they become aware of, again in accordance with the Branding Agreement.
In the event of a Security Incident, the franchisee must provide written notice to legal@margaritaville.com. This notice must include, at a minimum, details such as the type of Guest Profile Data or Confidential Information that may have been accessed, acquired, disclosed, or used, and if any Personal Data may have been compromised, the type of personally identifiable data and the contact information of affected individuals. The notification should also include the franchisee's plan for corrective actions and the steps taken to secure Guest Profile Data or Confidential Information and preserve information for any necessary investigation. The franchisee must not unreasonably delay this notification and must provide regular updates to Margaritaville until the Security Incident is fully resolved to Margaritaville's satisfaction.
These requirements highlight the importance Camp Margaritaville places on data protection and privacy. Franchisees must be vigilant in protecting guest information and responsive in reporting any incidents that could compromise data security. Furthermore, franchisees are expected to cooperate with Margaritaville in investigating and remediating any security breaches, and they are responsible for covering the costs associated with these efforts. This includes complying with applicable data breach notification laws and taking steps to mitigate harm to affected individuals and prevent future occurrences. Franchisees are also required to obtain cyber security insurance in amounts required by Camp Margaritaville, naming Camp Margaritaville as an additional insured.