What is the Circle K franchisee's responsibility for obtaining customer consent to process Customer Information?

According to the 2025 Circle K Franchise Disclosure Document, the franchisee is responsible for complying with all laws applicable to the EPOS system or other technology used in the operation of the Circle K store. This includes all data protection, privacy or security laws.

This means that Circle K franchisees must ensure they are up-to-date and compliant with all relevant data protection and privacy laws, such as GDPR or CCPA, which may require obtaining explicit consent from customers before collecting, processing, or storing their personal information. The franchisee is responsible for implementing and maintaining systems and procedures that adhere to these legal requirements.

The Franchise Agreement states that Circle K owns all Customer Information and may use it as it deems appropriate (subject to applicable law), including disclosing it to vendors. However, the franchisee is responsible for making sure that they are in compliance with all laws that are applicable to the EPOS System or other technology used in the operation of Franchisee's Store, including all data protection, privacy or security laws as well as payment card industry (PCI) and Europay, MasterCard and Visa (EMV) compliance. This means that the franchisee is responsible for obtaining customer consent to process Customer Information.