How must a City Wide franchisee maintain Customer Data in confidence?
City_Wide Franchise · 2025 FDDAnswer from 2025 FDD Document
Franchisee will assist and otherwise cooperate with Franchisor to investigate any such Security Incident and will take all required steps, as determined by Franchisor, to remedy Franchisee's noncompliance with applicable Privacy Laws, this Agreement, or the Operating Manual.
For purposes of this Section 7.34.4, "Security Incident" means any actual or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data in violation of applicable Privacy Laws, this Agreement or the Operating Manual.
7.34.5 promptly provide Franchisor with the ability to delete, access or copy Customer Data in Franchisee's possession or control.
7.34.6 promptly notify Franchisor of any request regarding Customer Data received by Franchisee from a "consumer" as defined by applicable Privacy Laws.
7.34.7 adopt policies, procedures, and controls, including those set out in the Operating Manual, if any, that enable Franchisee to respond, and to cause its agents and employees to respond, promptly to any rights request made pursuant to applicable Privacy Laws, including any disclosure request, deletion request, or opt-out request.
7.34.8 adopt policies, procedures, and controls, including those set out in the Operating Manual, if any, that limit access to Customer Data to only those employees that have a need-to-know basis based on specific job function or role.
Franchisee will provide data privacy and security training to employees who have access to Customer Data or who operate or have access to system controls and will require employees to adhere to data confidentiality terms providing for the protection of Customer Data in accordance with this Agreement and the Operating Manual; and
- 7.34.9 maintain Customer Data in confidence in accordance with Section 9 of this Franchise Agreement.
Source: Item 22 — CONTRACTS (FDD page 65)
What This Means (2025 FDD)
According to City Wide's 2025 Franchise Disclosure Document, franchisees must maintain Customer Data in confidence, adhering to Section 9 of the Franchise Agreement. Customer Data includes information, records, lists, or data that may contain Personal Information, which identifies or relates to a consumer. Franchisees must comply with data protection requirements outlined in the Operating Manual and the Franchise Agreement, including all policies, procedures, and controls implemented by City Wide. They must also comply with all applicable federal, state, and local statutes, regulations, ordinances, and requirements, including the California Consumer Privacy Act, relating to data protection.
City Wide franchisees are required to assist and cooperate with City Wide to ensure compliance with Privacy Laws. They must promptly notify City Wide in writing of any Security Incident they become aware of or discover. A Security Incident includes any actual or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data in violation of applicable Privacy Laws, the Franchise Agreement, or the Operating Manual. Franchisees must also provide City Wide with the ability to delete, access, or copy Customer Data in their possession or control and promptly notify City Wide of any request regarding Customer Data received from a consumer as defined by applicable Privacy Laws.
Furthermore, City Wide franchisees must adopt policies, procedures, and controls that enable them and their agents and employees to respond promptly to any rights request made pursuant to applicable Privacy Laws, including disclosure, deletion, or opt-out requests. Access to Customer Data should be limited to employees with a need-to-know based on their specific job function or role. Franchisees are also responsible for providing data privacy and security training to employees who have access to Customer Data or system controls and must require employees to adhere to data confidentiality terms that protect Customer Data in accordance with the Franchise Agreement and the Operating Manual.
In the event of a Cyber Event, City Wide reserves the right to manage the response, including investigation, containment, resolution, and communications. Franchisees are expected to protect each Technology System against cyber events, including data breaches and identity theft. Franchisees must also stay compliant with all applicable laws regarding data privacy, data security, and security breaches, and should seek advice from their own legal and security consultants to ensure full compliance with data security safeguards.