factual

What laws must a Crowne Plaza Hotel comply with regarding the Next-Gen Payments Solution?

Crowne_Plaza Franchise · 2025 FDD

Answer from 2025 FDD Document

"Privacy Laws" means (a) the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"); (b) Gramm-Leach-Bliley Act of 1999, as amended ("GLB"); (c) all applicable Laws and non-governmental standards protecting Personal Data (including Payment Card Industry Data Security Standard ("PCI-DSS") and Payment Application Data Security Standard ("PA-DSS")) in effect from time to time; (d) all Laws concerning the protection, transport, storage, use and processing of data (including the General Data Protection Regulation ((EU) 2016/679), as amended ("GDPR") and any national implementing Laws, regulations and secondary legislation, as amended from time to time, and any successor legislation to the GDPR in effect from time to time); and (e) all applicable Laws in effect from time to time similar to those Laws listed in subsections (a) through (d) above or otherwise governing the transmission, storage, distribution, sale, or other use of Personal Data.

Hotel shall comply with the terms and conditions set forth in Attachment 1 (Third Party Terms – FreedomPay) and Attachment 2 (Third Party Terms – HPFS) to this Agreement (collectively, the "Third Party Terms").

Source: Item 23 — Receipts (FDD pages 100–424)

What This Means (2025 FDD)

According to Crowne Plaza's 2025 Franchise Disclosure Document, the hotel must comply with all applicable laws and non-governmental standards protecting Personal Data in effect from time to time. These laws, referred to as "Privacy Laws," include several key pieces of legislation and standards related to data protection and privacy.

Specifically, Crowne Plaza hotels must adhere to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and the Gramm-Leach-Bliley Act of 1999 (GLB), as amended. Additionally, compliance extends to the Payment Card Industry Data Security Standard (PCI-DSS) and the Payment Application Data Security Standard (PA-DSS). The hotel must also follow all laws concerning the protection, transport, storage, use, and processing of data, including the General Data Protection Regulation ((EU) 2016/679) (GDPR), as amended, along with any national implementing laws, regulations, and secondary legislation, including any successor legislation to the GDPR.

Furthermore, Crowne Plaza hotels are obligated to comply with all applicable laws similar to those listed above or otherwise governing the transmission, storage, distribution, sale, or other use of Personal Data. This encompasses a broad range of legal and regulatory requirements aimed at safeguarding personal and financial information processed through the Next-Gen Payments Solution. This also includes compliance with the Third Party Terms set forth in Attachment 1 (Third Party Terms – FreedomPay) and Attachment 2 (Third Party Terms – HPFS) to the agreement.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Crowne_Plaza 2025 FAQs Ask FDD Ninja