Must an Even Hotels franchisee comply with additional security requirements provided by HotelKey or IHG?
Even_Hotels Franchise · 2025 FDDAnswer from 2025 FDD Document
Hotel will comply with any additional security requirements that HotelKey or IHG provides to Hotel in writing, which may be updated from time to time.
Hotel shall be solely responsible for any and all Claims and Losses (as each such term is defined below) relating to an unauthorized third party access to the PMS Solution and/or PMS Data that results or arises out of breach of the foregoing.
Hotel will implement and maintain commercially reasonable and industrystandard measures, safeguards, and other controls to prevent a breach of or unauthorised access to the PMS Solution.
Hotel will ensure all Designated Users comply with industry best practices to implement secure passwords, regularly change such passwords, and protect the security and privacy of their user logins and the PMS Data.
HotelKey will notify IHG and Hotel immediately and in any case within forty-eight (48) hours of becoming aware of the actual occurrence or the substantial likelihood of the occurrence of any loss, misuse, unauthorized access, unauthorized acquisition, unauthorized use of any Hotel Personal Data (a "Security Incident").
HotelKey shall cooperate with IHG and Hotel, to the extent requested by IHG and/or Hotel, in relation to any notifications following a Security Incident.
HotelKey will permit IHG and Hotel exclusive control over the content of such notices related to a Security Incident.
HotelKey must not issue or make available a statement, press release, or other communications that mentions IHG or Hotel that concerns a Security Incident without IHG's prior written approval.
Source: Item 23 — RECEIPTS (FDD pages 99–438)
What This Means (2025 FDD)
According to the 2025 Even Hotels Franchise Disclosure Document, an Even Hotels franchisee must comply with additional security requirements that HotelKey or IHG provide in writing, which may be updated periodically. The franchisee is responsible for any claims or losses resulting from unauthorized third-party access to the PMS (Property Management System) solution or PMS data due to a breach of these security obligations.
The franchisee must ensure that all designated users follow industry best practices for secure passwords, regular password changes, and protection of user logins and PMS data. HotelKey owns all intellectual property rights related to the PMS solution and documentation. The franchisee may provide feedback to HotelKey or IHG regarding the PMS solution, which HotelKey and IHG can use without any obligation to compensate the franchisee.
Furthermore, the Even Hotels franchisee is obligated to implement and maintain commercially reasonable and industry-standard measures to prevent unauthorized access to the PMS solution. This includes ensuring that all designated users comply with industry best practices for password management and data protection. The hotel is solely responsible for any claims or losses arising from unauthorized access to the PMS solution or data resulting from a failure to meet these security obligations.
HotelKey is required to notify IHG and the franchisee within 48 hours of any security incident involving Hotel Personal Data. HotelKey must cooperate with IHG and the franchisee regarding notifications following a security incident and must allow IHG and the franchisee exclusive control over the content of such notices. HotelKey is also prohibited from issuing any public statements about a security incident that mentions IHG or the franchisee without IHG's prior written approval.