What is the Ella Cafe franchisee's responsibility regarding PCI DSS compliance?
Ella_Cafe Franchise · 2024 FDDAnswer from 2024 FDD Document
Franchisee must at all times comply with payment card industry data security standards (PCI-DSS).
Further Franchisee will acquire and install all necessary hardware and/or software used in connection with these non-cash payment systems and pay the costs associated therewith.
The parties acknowledge and agree that protection of customer privacy and credit card information is necessary to protect the goodwill of businesses operating under the Marks and System.
Accordingly, Franchisee agrees that Franchisee will cause the Coffee House to meet or exceed, at all times, all applicable security standards developed by the Payment Card Industry Data Security Standards (PCI DSS) council or its successor and other regulations and industry standards applicable to the protection of customer privacy and credit card information, including but not limited to the Fair and Accurate Credit Transaction Act (FACTA), and all other data security requirements Franchisor prescribes.
Franchisee is solely responsible for educating itself as to these regulations and standards and for achieving and maintaining applicable compliance certifications.
(c) Notify Franchisor in writing within 72 hours of the commencement of any investigation, action, suit, or proceeding or the issuance of any order, writ, injunction, award, or decree of any court, agency, or other government instrumentality, which may adversely affect the operation or financial condition of the Coffee House.
(b) Accept debit cards, credit cards, stored value cards, or other non-cash payment systems and methods that Franchisor specifies periodically and participate in Franchisor's required payment procedures and collection of funds relating thereto.
Further Franchisee will acquire and install all necessary hardware and/or software used in connection with these non-cash payment systems and pay the costs associated therewith.
- 10.1.5 All of Franchisee's Computer Systems must be compliant with all applicable laws, regulations, and commonly accepted industry standards, including without limitation those laws, regulations, and commonly accepted industry standards relating to privacy, data security, and the processing and protection of confidential personal information, including without limitation the
Source: Item 22 — CONTRACTS (FDD page 50)
What This Means (2024 FDD)
According to Ella Cafe's 2024 Franchise Disclosure Document, franchisees must comply with payment card industry data security standards (PCI-DSS) at all times. This requirement is part of accepting payments from customers in various forms designated by Ella Cafe, such as cash, credit/debit cards, gift cards, electronic fund transfers, and mobile payment systems. Franchisees are responsible for purchasing or leasing the necessary equipment and establishing business relationships to facilitate these payment methods.
Ella Cafe emphasizes the importance of protecting customer privacy and credit card information to maintain the goodwill associated with the brand. Franchisees must ensure their coffee house meets or exceeds all security standards developed by the PCI DSS council, along with other applicable regulations and industry standards, including the Fair and Accurate Credit Transaction Act (FACTA) and any other data security requirements prescribed by Ella Cafe.
Furthermore, franchisees are solely responsible for educating themselves about these regulations and standards and for achieving and maintaining the necessary compliance certifications. This includes acquiring and installing all necessary hardware and software for non-cash payment systems and covering the associated costs. Franchisees must also notify Ella Cafe in writing within 72 hours of any investigation, action, suit, or proceeding that may adversely affect the coffee house's operation or financial condition. All computer systems must be compliant with all applicable laws, regulations, and commonly accepted industry standards, including those relating to privacy, data security, and the processing and protection of confidential personal information.