Does the Cinnabon Support Services Agreement reduce or diminish the franchisee's obligations regarding privacy and electronic payment laws?
Cinnabon Franchise · 2025 FDDAnswer from 2025 FDD Document
12.1 Compliance with Laws. You will operate the Franchised Business in compliance with all applicable Laws, including all Laws related to labor, health, and safety. It is your sole and absolute obligation to research all applicable Laws governing the operation of your business and to ensure that such operation does not violate any applicable Laws. For example, there are various federal laws that could affect your business and that you must comply with such as the ADA, the CAN-SPAM Act, the TCPA, the Telemarketing Sales Rule (TSR), the Fair and Accurate Credit Transactions Act ("FACTA"), and other federal and state anti-solicitation laws regulating marketing phone calls; and federal and state laws that regulate data security and privacy (including but not limited to the use, storage, transmission, and disposal of data regardless of media type). You should investigate these laws to understand your potential legal obligations. You will promptly furnish to us copies of all fire, health, or other inspection reports, warnings, certificates, and ratings issued by any government agency, and must immediately provide us with any such items that assert any failure to comply strictly with any Law. If required by the jurisdiction
where the Franchised Business is located, you will file for and maintain a Certificate of Fictitious Name that includes the Primary Mark.
- 12.2 Compliance with Privacy Requirements and Electronic Payment Standards.
You must abide by: (a) the Payment Card Industry Data Security Standards ("PCI-DSS") enacted by the applicable Card Associations (as they may be modified from time to time or as successor standards are adopted) and all Laws, standards, or any equivalent thereof relating to the collection, use, and security of personal information; (b) the FACTA; (c) all other Laws, standards, or any equivalent thereof applicable to electronic payments that may be published from time to time by payment card companies and applicable to electronic payments; and (d) any privacy policies or data protection and breach response policies we periodically may establish, including those set forth in Section 12.3 (Data Breach Notification) (collectively, "Privacy Requirements").
Source: Item 23 — Receipts (FDD pages 114–399)
What This Means (2025 FDD)
According to the 2025 Cinnabon Franchise Disclosure Document, the Support Services Agreement does not reduce or diminish a franchisee's obligations regarding privacy and electronic payment laws. Instead, the franchisee is explicitly responsible for operating their Cinnabon business in compliance with all applicable laws. This includes, but is not limited to, laws related to labor, health, safety, and data security and privacy.
The franchisee is solely responsible for researching and understanding all laws applicable to their business operations, ensuring they do not violate any laws. Examples of federal laws that could affect the franchisee's business include the ADA, the CAN-SPAM Act, the TCPA, the Telemarketing Sales Rule (TSR), and the Fair and Accurate Credit Transactions Act (FACTA), as well as other federal and state anti-solicitation laws regulating marketing phone calls.
Furthermore, the franchisee must comply with the Payment Card Industry Data Security Standards (PCI-DSS) enacted by applicable Card Associations, FACTA, and all other laws and standards applicable to electronic payments. They must also adhere to any privacy policies or data protection and breach response policies that Cinnabon may periodically establish. This comprehensive list of obligations underscores that the Support Services Agreement does not relieve the franchisee of their legal responsibilities but rather reinforces their duty to comply with all relevant regulations.