factual

What are the 'Privacy Laws' that a Del Taco franchisee must abide by?

Del_Taco Franchise · 2025 FDD

Answer from 2025 FDD Document

and others all consents and authorizations, and provide them all disclosures, that applicable law requires to transmit the Customer Data to Del Taco and its affiliates and for Del Taco and its affiliates to use that Customer Data in the manner that this Agreement contemplates.

  • 5.17 Processing of Personal Information. Franchisee agrees that may collect, receive, or otherwise process Personal Information, as a result of agreements between Franchisee and Del Taco (or its subsidiaries or affiliates), including this Agreement. Franchisee agrees to abide by this section 5.17 with regard to such Personal Information. For purposes of this Section 5.17, "Personal Information" means any information that is received from Del Taco, or collected on Del Taco's behalf, that alone or in combination with other data or information, identifies, relates to, describes, is capable of being associated

with, or is linked or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person or household. Personal information includes all information or data defined by any of the Privacy Laws as constituting "personal data," "personal information" "protected health information," "individually identifiable information," "personally identifiable information," or any substantially similar term.

  • 5.17.1 Franchisee agrees to abide by all applicable laws and regulations pertaining to the processing, privacy, security, or protection of consumer, employee, transactional and Personal Information, including all laws and regulations regarding unauthorized access to or disclosure of Personal Information ("Privacy Laws").
  • 5.17.2 Franchisee agrees to comply with Del Taco's standards and policies pertaining to Privacy Laws. If there is a conflict between Del Taco's standards and policies pertaining to Privacy Laws and actual applicable law, Franchisee shall: (i) comply with the requirements of applicable law; (ii) immediately give Del Taco written notice of said conflict; and (iii) promptly and fully cooperate with Del Taco and its counsel in determining the most effective way, if possible, to meet its standards and policies pertaining to Privacy Laws within the bounds of applicable law.
  • 5.17.3 Franchisee agrees not to publish, disseminate, implement, revise, or rescind any policy, rule, notice or other disclosure that describes the processing of Personal Information from or about individuals (including all such documents labeled as a "Privacy Policy," "Privacy Notice" or any equivalent) without Del Taco's prior written consent.
  • 5.17.4 With regard to Personal Information that Franchisee may collect, receive, or otherwise process as a result of any agreements between Franchisee and Del Taco (or its subsidiaries or affiliates), including this Agreement, Franchisee agrees that Del Taco is the sole owner and controller of the Personal Information and that Franchisee is a service-provider or processor for such information.
  • 5.17.5 With regard to Personal Information that Franchisee may collect, receive, or otherwise process as a result of any agreements between Franchisee and Del Taco (or its subsidiaries or affiliates), including this Agreement, Franchisee agrees and certifies that it will:
  • 5.17.5.1 Process Personal Information only for the limited and specified purposes of providing services requested by Del Taco, including operating the Restaurant, or as otherwise expressly permitted by Privacy Laws.
  • 5.17.5.2 Notify Del Taco, and provide Del Taco with the ability to object, before transmitting Personal Information to a service provider, sub-processor, subcontractor, or other vendor.
  • 5.17.5.3 Require any service provider, sub-processor, subcontractor, or other vendor that receives Personal Information to contractually agree to provisions materially similar to those found within this Section 5.17 and to comply with all Privacy Laws.
  • 5.17.5.4 Cooperate and assist Del Taco with responding to any request from an individual to exercise their rights under any Privacy Laws, including their right to access, delete, correct, or limit the processing of Personal Information.
  • 5.17.5.5 Notify Del Taco immediately if it believes that it can no longer meet the obligations of this Section 5.17.

  • 5.17.5.6 Implement and maintain reasonable and appropriate security procedures and practices designed to protect the Personal Information from unauthorized access, destruction, use, modification, or disclosure. These procedures and practices must provide the same level of privacy protection as required of Del Taco under any applicable Privacy Laws.
  • 5.17.5.7 Notify Del Taco immediately after becoming aware of any actual or reasonably suspected loss, unauthorized, or unlawful processing, destruction, damage, alteration, or unauthorized disclosure of, or access to, the Personal Information (a "Security Breach"), and cooperate with Del Taco in the event of a Security Breach, including by sharing all information relevant to the Security Breach that is requested by Del Taco.
  • 5.17.5.8 Allow and contribute to reasonable audits by Del Taco, including inspections by Del Taco or its auditor, to verify Franchisee's compliance with data processing and security obligations and applicable data protection statutes and regulations.

Source: Item 22 — CONTRACTS (FDD pages 58–59)

What This Means (2025 FDD)

According to Del Taco's 2025 Franchise Disclosure Document, franchisees must adhere to specific 'Privacy Laws' related to the processing, privacy, security, and protection of consumer, employee, transactional, and personal information. This includes all laws and regulations regarding unauthorized access to or disclosure of Personal Information. Del Taco considers 'Personal Information' to be any data received from them or collected on their behalf that can identify an individual or household, including data defined as 'personal data,' 'personal information,' or similar terms under Privacy Laws.

Del Taco franchisees must comply with Del Taco's standards and policies on Privacy Laws, giving written notice to Del Taco of any conflicts between these standards and applicable law and cooperating to find a compliant solution. Franchisees cannot publish or change any policy related to processing Personal Information without Del Taco's written consent. When franchisees collect Personal Information through agreements with Del Taco, Del Taco is considered the sole owner and controller of this information, with the franchisee acting as a service provider or processor.

Franchisees are obligated to process Personal Information only for providing services requested by Del Taco or as permitted by Privacy Laws. They must notify Del Taco before sharing Personal Information with any service provider and ensure these providers comply with similar privacy provisions and all Privacy Laws. Franchisees must also cooperate with Del Taco in responding to individual requests to exercise their rights under Privacy Laws, such as accessing, deleting, or correcting their information. Furthermore, franchisees are required to maintain reasonable security measures to protect Personal Information from unauthorized access or disclosure, and to notify Del Taco immediately of any Security Breach.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Del_Taco 2025 FAQs Ask FDD Ninja