With whom must a Circle K franchisee cooperate in the event of a data breach?
Circle_K Franchise · 2025 FDDAnswer from 2025 FDD Document
hisee is responsible for obtaining appropriate Customer consent to ensure Franchisee and Franchisor may process Customer Information as outlined in this Agreement. Franchisee must notify Franchisor immediately of any suspected data breach at or in connection with the Store. Franchisee must fully cooperate with Franchisor and its counsel in determining the most effective way to meet Franchisor's standards and policies pertaining to Privacy Laws within the bounds of applicable law. Franchisee is responsible for any financial losses it incurs or remedial actions that it must take as a result of breach of security or unauthorized access to Customer Information in Franchisee's control or possession.
(c) If any federal or state Privacy Law, including the California Consumer Privacy Act, as revised by the California Consumer Privacy Rights Act , Cal. Civ. Code § 1798.100, et seq. (collectively, "CCPA") and any related regulations, applies to the operation of the Store, whenever and to the extent Franchisee operates as a "Service Provider" or "Contractor" under the CCPA, a data processor, or in a similar capacity under any federal or state Privacy Law, Franchisee represents and warrants that:
- (1) Except for the purpose of operating the Store and in accordance with the Business Systems Manuals, Franchisee will not retain, use, combine or disclose any Customer Information;
(2) Franchisee will not sell, share, make available or otherwise disclose any Customer Information to any third party for valuable consideration or for the purpose of performing cross-context behavioral advertising;
(3) Franchisee will not retain, use, or disclose Customer Information outside of the direct business relationship between Franchisee and Franchisor;
Source: Item 22 — CONTRACTS (FDD page 100)
What This Means (2025 FDD)
According to Circle K's 2025 Franchise Disclosure Document, a franchisee must fully cooperate with Circle K and its counsel to determine the most effective way to meet Circle K's standards and policies pertaining to Privacy Laws within the bounds of applicable law. This means that in the event of a data breach or any issue related to customer information privacy, the franchisee is obligated to work closely with Circle K and their legal advisors.
The franchisee is responsible for any financial losses incurred or remedial actions required due to a security breach or unauthorized access to customer information under their control. This highlights the importance of franchisees implementing robust security measures to protect customer data and adhering to Circle K's privacy standards.
Furthermore, if a franchisee receives a customer information data request directly from a consumer, they must inform Circle K of that request within one business day and cooperate with Circle K to ensure the consumer receives an appropriate and timely acknowledgement and response. This ensures that Circle K maintains control over how customer data requests are handled and that responses are consistent with legal requirements and Circle K's policies. The franchisee must also implement reasonable security procedures and practices appropriate to the Customer Information it collects, retains, uses or discloses, in order to protect it from unauthorized or illegal access, including following minimum requirements that may be set forth in the Business Systems Manuals.