Are Carvel franchisees required to comply with privacy policies or data protection and breach response policies established by the franchisor?
Carvel Franchise · 2025 FDDAnswer from 2025 FDD Document
You also must comply with all applicable federal and state laws and regulations relating to the
collection, use, and security of personal information and comply with any privacy policies or data protection and breach response policies we periodically may establish.
Source: Item 1 — The Franchisor and any Parents, Predecessors, and Affiliates (FDD pages 9–24)
What This Means (2025 FDD)
According to Carvel's 2025 Franchise Disclosure Document, franchisees must adhere to privacy and data protection standards. Specifically, Carvel franchisees are required to comply with all applicable federal and state laws and regulations relating to the collection, use, and security of personal information.
In addition to legal requirements, Carvel franchisees must also comply with any privacy policies or data protection and breach response policies that Carvel may periodically establish. This means that Carvel has the right to create and modify policies related to data handling, and franchisees are obligated to follow them.
This requirement ensures that all Carvel locations maintain consistent standards for protecting customer data and responding to data breaches. For a prospective franchisee, this means being prepared to implement and maintain systems and procedures that comply with both legal requirements and Carvel's specific policies, which may evolve over time.