What must a Checkersrallys franchisee do if they become aware of unauthorized access to customer data?
Checkersrallys Franchise · 2025 FDDAnswer from 2025 FDD Document
this Agreement. You agree not to use, process, copy, display, publish, store or transfer the Customer Data without our approval. You agree to comply with all applicable laws with respect to Customer Data; in addition, you agree to comply with our data privacy and security requirements and to exert commercially reasonable efforts to prevent the unauthorized use, dissemination, or publication of Customer Data, subject in all instances to applicable laws. You shall promptly notify us if you become aware of any unauthorized access to the Customer Data, or if you become the subject of any governmental, regulatory, or other enforcement or private proceeding relating to your data handling practices of Customer Data.
- 9.10 Credit Cards. You agree to use the system and equipment we require for processing credit cards and any costs to do so are at your expense. You agree to abide by (i) the Payment Card Industry ("PCI") Data Security Standards enacted by the applicable Card Associations (as they may be modified at any time and from time to time or as successor standards are adopted); and (ii) all other security standards and guidelines that may be published at any time and from time to time by payment card companies and applicable to customer credit card and debit card information. If you know or suspect a security breach, you must immediately notify us. You will promptly identify and remediate the source of the compromise.
Source: Item 22 — CONTRACTS (FDD pages 91–92)
What This Means (2025 FDD)
According to Checkersrallys's 2025 Franchise Disclosure Document, franchisees have specific obligations regarding customer data and security breach protocols. If a Checkersrallys franchisee becomes aware of any unauthorized access to customer data, they must promptly notify Checkersrallys. Additionally, franchisees are responsible for identifying and fixing the source of the data breach.
Checkersrallys franchisees also assume all responsibility for providing notices of any data breach or compromise to customers of their franchised restaurant. This includes monitoring credit histories and transactions related to those customers. The FDD emphasizes that all customer data, including information, mailing lists, and databases, is the property of Checkersrallys, and franchisees are only allowed to use this data in connection with their franchised restaurant, in accordance with the franchise agreement.
Furthermore, Checkersrallys franchisees must comply with all applicable laws related to customer data, as well as Checkersrallys's own data privacy and security requirements. They are expected to make commercially reasonable efforts to prevent the unauthorized use, dissemination, or publication of customer data. Franchisees must also adhere to the Payment Card Industry (PCI) Data Security Standards and all other security standards and guidelines published by payment card companies that apply to customer credit and debit card information. If a security breach is suspected, the franchisee must immediately notify Checkersrallys.