What are the 'Privacy Requirements' that Cinnabon franchisees must abide by?

According to Cinnabon's 2025 Franchise Disclosure Document, franchisees must adhere to specific 'Privacy Requirements' related to data security and electronic payment standards. These requirements include compliance with the Payment Card Industry Data Security Standards (PCI-DSS) as enacted by applicable Card Associations, which may be modified over time. Franchisees must also comply with the Fair and Accurate Credit Transactions Act (FACTA).

In addition to PCI-DSS and FACTA, Cinnabon franchisees must follow all other laws, standards, or their equivalents applicable to electronic payments that payment card companies may publish. These standards apply to electronic payments and may be updated periodically. Franchisees are also obligated to adhere to any privacy policies or data protection and breach response policies that Cinnabon may establish, including those detailed in Section 12.3 regarding data breach notification.

These 'Privacy Requirements' ensure that franchisees handle personal information and electronic payments securely and in compliance with current regulations. This is crucial for maintaining customer trust and protecting the Cinnabon brand's reputation. Failure to comply with these requirements could result in legal and financial repercussions for the franchisee.

Prospective Cinnabon franchisees should carefully review Section 12.3 and any other related documents provided by Cinnabon to fully understand their obligations regarding data protection and privacy. It is also advisable to consult with legal and IT professionals to ensure full compliance with all applicable laws and standards.