What is the Circle K franchisee's responsibility to represent and warrant that they will not retain, use, or disclose Customer Information outside of the direct business relationship between Franchisee and Franchisor?
Circle_K Franchise · 2025 FDDAnswer from 2025 FDD Document
- (c) If any federal or state Privacy Law, including the California Consumer Privacy Act, as revised by the California Consumer Privacy Rights Act , Cal.
Civ.
Code § 1798.100, et seq. (collectively, "CCPA") and any related regulations, applies to the operation of the Store, whenever and to the extent Franchisee operates as a "Service Provider" or "Contractor" under the CCPA, a data processor, or in a similar capacity under any federal or state Privacy Law, Franchisee represents and warrants that:
- (3) Franchisee will not retain, use, or disclose Customer Information outside of the direct business relationship between Franchisee and Franchisor;
Source: Item 22 — CONTRACTS (FDD page 100)
What This Means (2025 FDD)
According to Circle K's 2025 Franchise Disclosure Document, if any federal or state Privacy Law applies to the operation of the store, and the franchisee operates as a "Service Provider" or "Contractor" under the CCPA, a data processor, or in a similar capacity under any federal or state Privacy Law, the franchisee must represent and warrant several conditions. One of these conditions is that the franchisee will not retain, use, or disclose Customer Information outside of the direct business relationship between the franchisee and Circle K. This means the franchisee's use of customer data must be strictly limited to activities directly related to operating the Circle K store as defined by the franchise agreement and Circle K's business systems.
This requirement ensures that Circle K maintains control over customer data and that franchisees do not misuse or mishandle sensitive information. Customer Information includes any contact information (including name, address, phone and fax numbers, and e-mail addresses), sales and payment history, and all other information about any customer, including any personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
For a prospective franchisee, this means understanding and adhering to strict data privacy protocols. Failure to comply with these requirements could result in legal and financial repercussions, as the franchisee is responsible for any financial losses incurred due to security breaches or unauthorized access to customer information under their control. Franchisees must also implement reasonable security procedures to protect customer information from unauthorized access, following any minimum requirements outlined in the Business Systems Manuals.