What laws and standards is a Cinnabon franchisee responsible for complying with regarding privacy and electronic payments?
Cinnabon Franchise · 2025 FDDAnswer from 2025 FDD Document
12.2 Compliance with Privacy Requirements and Electronic Payment Standards.
You must abide by: (a) the Payment Card Industry Data Security Standards ("PCI-DSS") enacted by the applicable Card Associations (as they may be modified from time to time or as successor standards are adopted) and all Laws, standards, or any equivalent thereof relating to the collection, use, and security of personal information; (b) the FACTA; (c) all other Laws, standards, or any equivalent thereof applicable to electronic payments that may be published from time to time by payment card companies and applicable to electronic payments; and (d) any privacy policies or data protection and breach response policies we periodically may establish, including those set forth in Section 12.3 (Data Breach Notification) (collectively, "Privacy Requirements").
Source: Item 23 — Receipts (FDD pages 114–399)
What This Means (2025 FDD)
According to Cinnabon's 2025 Franchise Disclosure Document, franchisees must adhere to specific laws and standards related to privacy and electronic payments. These obligations are in addition to other obligations outlined in the Franchise Agreement.
Specifically, Cinnabon franchisees must comply with the Payment Card Industry Data Security Standards (PCI-DSS) as enacted by applicable Card Associations, including any modifications or successor standards. They are also required to follow all laws, standards, and equivalents related to the collection, use, and security of personal information, as well as the Fair and Accurate Credit Transactions Act (FACTA).
Furthermore, franchisees must adhere to all other laws, standards, or their equivalents applicable to electronic payments that may be published by payment card companies. Cinnabon may also establish privacy policies or data protection and breach response policies that franchisees must follow. These collective requirements are termed "Privacy Requirements" within the agreement. It is the franchisee's responsibility to stay updated on these evolving standards and ensure their business operations comply with them.