For Dq Treat franchisees, what is Punchh permitted to do with deidentified data under applicable laws?
Dq_Treat Franchise · 2025 FDDAnswer from 2025 FDD Document
- 9.2 Non-personally Identifiable Data. To the extent permitted under Applicable Laws, Punchh may collect and use Deidentified Data (as defined in the DPA) regarding Data Subjects for any lawful business purpose.
Source: Item 17 — The following paragraph is added to the end of Item 17 of the Disclosure Document: (FDD pages 70–378)
What This Means (2025 FDD)
According to the 2025 Dq Treat FDD, Punchh may collect and use deidentified data regarding data subjects for any lawful business purpose, to the extent permitted under applicable laws. This data is defined in the Data Processing Agreement (DPA). Dq Treat franchisees should note that this agreement allows Punchh to utilize data stripped of personally identifiable information for various business activities, as long as these activities comply with existing laws.
This clause means that while Dq Treat franchisees retain ownership of personal data, Punchh has the right to use anonymized data for its own purposes. These purposes could include market analysis, improving services, or developing new products. The FDD stipulates that the specifics of what constitutes "deidentified data" are further detailed in the DPA, which is attached as an exhibit.
For a prospective Dq Treat franchisee, it's important to understand the scope of data that Punchh can use and how it might impact their business. Franchisees should carefully review the Data Processing Agreement (Exhibit B) to fully understand what data is considered "deidentified" and how Punchh intends to use it. Additionally, franchisees should ensure they understand and comply with all applicable laws related to data privacy and usage to avoid any potential legal issues.