What security standards must a Dog Haus franchisee adhere to regarding cardholder data?
Dog_Haus Franchise · 2025 FDDAnswer from 2025 FDD Document
To the extent Franchisee shall store, process, transmit or otherwise access or possess cardholder data in connection with the sale of Dog Haus Authorized Products, Franchisee shall maintain the security of cardholder data and adhere to the Then-Current Payment Card Industry Data Security Standards ("PCI DSS"), currently found at www.pcisecuritystandards.org, for the protection of cardholder data throughout the Term.
Franchisee shall be and remain responsible for the security of cardholder data in the possession or control of any subcontractors Franchisee engages to process credit cards.
All subcontractors must be identified to and approved by Franchisor in writing prior to sharing cardholder data with the subcontractor.
Franchisee shall, if requested to do so by Franchisor, provide appropriate documentation to Franchisor to demonstrate compliance with applicable PCI DSS requirements by Franchisee and all identified subcontractors.
Source: Item 22 — CONTRACTS (FDD page 87)
What This Means (2025 FDD)
According to Dog Haus's 2025 Franchise Disclosure Document, franchisees must adhere to specific security standards regarding cardholder data. If a franchisee stores, processes, transmits, or accesses cardholder data related to the sale of Dog Haus products, they must maintain the security of this data. This includes adhering to the Payment Card Industry Data Security Standards (PCI DSS) throughout the term of the franchise agreement. The current PCI DSS standards can be found at www.pcisecuritystandards.org.
Furthermore, the Dog Haus franchisee is responsible for the security of cardholder data managed by any subcontractors they engage to process credit cards. These subcontractors must be approved by Dog Haus in writing before any cardholder data is shared with them. This ensures that all parties handling sensitive customer information meet the required security benchmarks.
Dog Haus retains the right to request documentation from the franchisee to demonstrate compliance with PCI DSS requirements, both for the franchisee's operations and those of their subcontractors. This allows Dog Haus to verify that franchisees are meeting their obligations to protect cardholder data. Failing to comply with these standards could result in a breach of contract and potential legal and financial repercussions for the franchisee.