factual

How can Carls Jr. use the Consumer Information it owns?

Carls_Jr Franchise · 2025 FDD

Answer from 2025 FDD Document

such instructions and restrictions as CJR may from time to time impose and in compliance with all data privacy, security and other applicable laws. "Consumer Information" means any identifiers (including name, address, phone numbers, usernames, birthdates and e-mail addresses), sales, transaction, loyalty and payment history, and all other information about or related to any customer or prospective customer, including any information deemed "personal information" or "personal data" under applicable law. As used in this Agreement, the term "customer" refers to any person or entity (i) whose information is collected by any CJR system or application or included in any consumer or customer database, file or system owned or controlled by CJR, its parent, subsidiary or affiliate companies; (ii) who is included on any marketing or customer lists Franchisee develops or uses or any customer information generally collected and saved for any reason; (iii) who has purchased, purchases or intends to purchase products or services online, through an CJR application, or at the Franchised Restaurant; or (iv) who has been solicited to purchase any products or services at the Franchised Restaurant. CJR may use the Consumer Information as CJR deems appropriate, including sharing it with CJR's affiliates.

CJR owns all Consumer Information and may use the Consumer Information as it deems appropriate (subject to applicable law), including disclosing it to vendors or sharing it with its affiliates for cross-marketing or other purposes. Franchisee may only use Consumer Information for the purpose of operating the Franchised Restaurant to the extent permitted under this Agreement, including the OPM, during the term hereof and subject to such restrictions as CJR may from time to time impose and in compliance with all data privacy, security and other applicable laws. Without limiting the foregoing, Franchisee agrees to comply with applicable law in connection with Franchisee's collection, processing, storage and use of such Consumer Information, including, if required under applicable law, obtaining consents from individuals for CJR's and its affiliates' use of the Consumer Information. Franchisee must comply with all laws and regulations relating to data protection, privacy and security, including data breach response requirements ("Privacy Law(s)"), as well as data privacy and security policies, procedures and other requirements CJR may periodically establish. Franchisee must maintain reasonable, appropriate, and effective security controls to preserve the security, integrity, availability, confidentiality, and resilience of Consumer Information. Franchisee must notify CJR immediately of any suspected data breach at or in connection with the Franchised Restaurant or the business operated at the Franchised Restaurant. Franchisee must fully cooperate with CJR and its counsel in determining the most effective way to meet CJR's standards and policies pertaining to Privacy Laws, including those governing notification of a data breach. Franchisee is responsible for any financial losses it incurs or remedial actions that it must take as a result of breach of security or unauthorized access to Consumer Information in Franchisee's control or possession.

Without limiting the foregoing, Franchisee represents, warrants, and covenants that:

  • (1) Franchisee will not "sell" or "share" (as defined under any Privacy Law) any Consumer Information or make Consumer Information available to any third party for valuable consideration;
  • (2) Franchisee will retain, use, or disclose Consumer Information only for the specific business purposes specified in this Agreement, and not for any other commercial or noncommercial purpose;
  • (3) Franchisee will not retain, use, or disclose Consumer Information outside of the direct business relationship between Franchisee and CJR;

  • (4) Franchisee will not combine Consumer Information received from or on behalf of CJR with personal information received from another source or collected from Franchisee's interactions with a consumer outside the operation of the Franchised Restaurant, except as specifically allowed under applicable Privacy Law;

Source: Item 22 — CONTRACTS (FDD pages 75–76)

What This Means (2025 FDD)

According to the 2025 Carls Jr. Franchise Disclosure Document, Carls Jr. owns all Consumer Information and has broad discretion in how it uses this data. This includes the right to disclose it to vendors or share it with its affiliates for cross-marketing or other purposes. Consumer Information includes identifiers such as names, addresses, phone numbers, usernames, birthdates, e-mail addresses, sales, transaction, loyalty and payment history, and all other information about or related to any customer or prospective customer, including any information deemed "personal information" or "personal data" under applicable law. The term "customer" refers to any person or entity (i) whose information is collected by any CJR system or application or included in any consumer or customer database, file or system owned or controlled by CJR, its parent, subsidiary or affiliate companies; (ii) who is included on any marketing or customer lists Franchisee develops or uses or any customer information generally collected and saved for any reason; (iii) who has purchased, purchases or intends to purchase products or services online, through an CJR application, or at the Franchised Restaurant; or (iv) who has been solicited to purchase any products or services at the Franchised Restaurant.

This means that Carls Jr. can leverage customer data collected through various channels, including online orders, mobile apps, and in-restaurant transactions, to improve its marketing efforts and understand customer preferences. This data can be used for targeted advertising campaigns, loyalty programs, and other initiatives aimed at increasing sales and customer engagement across the entire Carls Jr. system. Franchisees are obligated to comply with data privacy and security laws and must obtain consent from individuals for Carls Jr.'s and its affiliates' use of Consumer Information if required by applicable law.

For a Carls Jr. franchisee, this highlights the importance of adhering to Carls Jr.'s data privacy and security policies. While franchisees collect some customer information, Carls Jr. retains ownership and control over its use. Franchisees are limited in how they can use this information, primarily to operate their franchised restaurant. They cannot sell or share Consumer Information with third parties for valuable consideration or use it for purposes outside the scope of the franchise agreement. Franchisees must also implement and maintain reasonable security controls to protect Consumer Information and promptly report any suspected data breaches to Carls Jr.

In summary, Carls Jr. maintains significant control over Consumer Information and can utilize it for various business purposes, while franchisees have limited usage rights and must comply with strict data protection requirements. This arrangement allows Carls Jr. to maintain a consistent brand image and marketing strategy across its franchise network while ensuring compliance with data privacy regulations.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Carls_Jr 2025 FAQs Ask FDD Ninja