What is the scope of the Receiving Party's responsibility to ensure Representatives comply with the confidentiality agreement for Camp Margaritaville?
Camp_Margaritaville Franchise · 2025 FDDAnswer from 2025 FDD Document
Customer shall be responsible for, and remain liable to, Margaritaville for the actions and omissions of all employees, contractors or other representatives who are engaged by Customer concerning the treatment of Guest Information and Reservation Data as if they were Customer's s own actions and omissions.
Customer shall notify Margaritaville of (i) any act or omission that compromises either the security, confidentiality or integrity of Guest Information and Reservation Data collected from end users in connection with these CRS Terms of Use or (ii) a breach or alleged breach of these CRS Terms of Use relating to the privacy practices of Customer in accordance with the terms of the Branding Agreement.
Customer shall likewise promptly notify Margaritaville any suspicious or malicious activity, potential vulnerabilities, or security weaknesses of which it becomes aware by emailing
Margaritaville contact and in accordance with the terms of the Branding Agreement. Customer shall cooperate with Margaritaville as reasonably requested to investigate any security breach, and Customer shall use best efforts to remedy any security breach attributable to Customer as soon as commercially possible and prevent any further security breach at Customer's expense in accordance with applicable privacy rights, laws, regulations, and standards. In the event of any unauthorized access to and acquisition of Guest Information and Reservation Data by a third party while in the possession of Customer or in transit from Customer, which materially compromises the security, confidentiality or integrity of such Guest Information and Reservation Data ("Data Security Breach"), Customer shall promptly investigate the cause of such Data Security Breach and shall at its sole expense take all reasonable steps to: (i) mitigate any harm caused to affected individuals, (ii) prevent any future reoccurrence, and (iii) comply at its sole expense with applicable data breach notification laws.
Source: Item 23 — RECEIPTS (FDD pages 72–406)
What This Means (2025 FDD)
According to Camp Margaritaville's 2025 Franchise Disclosure Document, the customer, acting as the Receiving Party, is responsible and liable to Margaritaville for the actions and omissions of its employees, contractors, or other representatives concerning the treatment of Guest Information and Reservation Data. This responsibility extends as if these actions and omissions were the customer's own. This means Camp Margaritaville franchisees must ensure that anyone they engage concerning guest information and reservation data adheres to the same standards the franchisee is bound by. This includes but is not limited to, any data privacy or data security compliance programs, any payment card industry data security standards, together with any related audit or certification requirements, and all other applicable data protection and privacy laws and regulations.
The franchisee must notify Margaritaville of any act or omission that compromises the security, confidentiality, or integrity of Guest Information and Reservation Data collected from end users or any breach of the CRS Terms of Use relating to the privacy practices of the franchisee. The franchisee must also promptly notify Margaritaville of any suspicious or malicious activity, potential vulnerabilities, or security weaknesses they become aware of. This notification should be done by emailing the designated Margaritaville contact and following the terms of the Branding Agreement.
The franchisee is obligated to cooperate with Margaritaville in investigating any security breach and must use their best efforts to remedy any security breach attributable to them as soon as commercially possible. They are also responsible for preventing any further security breaches at their own expense, in accordance with applicable privacy rights, laws, regulations, and standards. In the event of any unauthorized access to and acquisition of Guest Information and Reservation Data by a third party while in the possession of the franchisee, which materially compromises the security, confidentiality, or integrity of such data (a "Data Security Breach"), the franchisee must promptly investigate the cause of the breach and take all reasonable steps to mitigate harm, prevent recurrence, and comply with applicable data breach notification laws at their sole expense.