Does Carls Jr. own all Consumer Information collected?
Carls Franchise · 2024 FDDAnswer from 2024 FDD Document
CJR owns all Consumer Information and may use the Consumer Information as it deems appropriate (subject to applicable law), including disclosing it to vendors or sharing it with its affiliates for cross-marketing or other purposes. Franchisee may only use Consumer Information for the purpose of operating the Franchised Restaurant to the extent permitted under this Agreement, including the OPM, during the term hereof and subject to such restrictions as CJR may from time to time impose and in compliance with all data privacy, security and other applicable laws. Without limiting the foregoing, Franchisee agrees to comply with applicable law in connection with Franchisee's collection, processing, storage and use of such Consumer Information, including, if required under applicable law, obtaining consents from individuals for CJR's and its affiliates' use of the Consumer Information. Franchisee must comply with all laws and regulations relating to data protection, privacy and security, including data breach response requirements ("Privacy Law(s)"), as well as data privacy and security policies, procedures and other requirements CJR may periodically establish. Franchisee must maintain reasonable, appropriate, and effective security controls to preserve the security, integrity, availability, confidentiality, and resilience of Consumer Information. Franchisee must notify CJR immediately of any suspected data breach at or in connection with the Franchised Restaurant or the business operated at the Franchised Restaurant. Franchisee must fully cooperate with CJR and its counsel in determining the most effective way to meet CJR's standards and policies pertaining to Privacy Laws, including those governing notification of a data breach. Franchisee is responsible for any financial losses it incurs or remedial actions that it must take as a result of breach of security or unauthorized access to Consumer Information in Franchisee's control or possession.
Source: Item 22 — CONTRACTS (FDD page 80)
What This Means (2024 FDD)
According to the 2024 FDD, Carls owns all Consumer Information collected. This includes any identifiers like names, addresses, phone numbers, birthdates, and email addresses, as well as sales, transaction, loyalty, and payment history related to customers or prospective customers. This information can be used by Carls as it deems appropriate, subject to applicable law, including disclosing it to vendors or sharing it with its affiliates for cross-marketing or other purposes.
As a franchisee, you are only allowed to use Consumer Information to operate your franchised restaurant, following the guidelines set by Carls and adhering to all data privacy and security laws. This includes getting consent from individuals, if required by law, for Carls and its affiliates to use their Consumer Information. You must also follow Carls's data privacy and security policies and take reasonable steps to protect the security of this information.
Furthermore, as a Carls franchisee, you are obligated to inform Carls immediately if you suspect any data breach at your restaurant. You are also responsible for any financial losses or remedial actions needed because of a security breach or unauthorized access to Consumer Information under your control. This underscores the importance of maintaining strict data protection measures and complying with all applicable laws and Carls's policies to avoid potential liabilities.