factual

What might happen if an Even Hotels franchisee is determined to be non-compliant with applicable data security requirements?

Even_Hotels Franchise · 2025 FDD

Answer from 2025 FDD Document

al Information belonging to or received from IHG or one of its Affiliates;

  • 6.2.2 (b) was lawfully acquired by Licensee from a third party having the legal, unconditional right to furnish same to Licensee; or
  • 6.2.3 (c) was at the time in question (whether at disclosure or thereafter) generally known by or available to the public (through no fault of Licensee).
  • 6.3 Required Disclosures. These confidentiality obligations will not restrict any disclosure required by applicable law, provided that Licensee gives prompt notice to IHG of any such legal requirement and reasonably cooperates with IHG at IHG request and expense to resist such legal requirement or to obtain a protective order.

7. Security Practices.

  • 7.1 Licensee understands that IHG and its Affiliates will have access to certain reports and information relating to the Hotel and generated through the use of the Curated Solutions, including information relating to revenues, room occupancy, and availability, as well as Personal Data. Licensee and the Hotel shall, and Licensee shall cause its Agents to, comply with:
    • 7.1.1 all applicable laws, including the Data Privacy Laws and contractual obligations, and any requirements of the credit card processing industry, including PCI DSS and any successor standard,
    • 7.1.2 all Standards, and
    • 7.1.3 all IHG policies, requirements, and requests concerning access to any Curated Solution, network connectivity, and transmission of data and reports to IHG and its Affiliates.
  • 7.2 Licensee shall be responsible for ensuring adequate security and backup procedures to avoid unauthorized access to, use of, or inadvertent loss of data and shall, in its discretion, determine appropriate security, which shall be no less than the standard of care in the industry. Without limiting Licensee's obligations set forth in subparts 7.1.1, 7.1.2 and 7.1.3 above, Licensee will comply with any additional security and data protection practice requirements that IHG will provide to Licensee in writing, which may be updated from time to time (the "Security Practices"). IHG may, in its sole discretion, amend the Security Practices at any time without prior notice (each, a "Security Practices Update"). A Security Practices Update may include additional terms and conditions, including the additional obligations of Licensee. Licensee will comply with any Security Practices Update within thirty (30) days following the date of the Security Practices Update and will comply with any changes to applicable laws, contractual obligations, and industry requirements (including PCI DSS and any successor standard) within the time period provided by such law or industry requirement.

8. PRIVACY AND DATA PROTECTION.

  • 8.1 Core Services and Optional Services. Unless otherwise stated in the Supplemental Terms, Participation Agreement, or Order Form, the privacy and data protection terms set out in Paragraph 7 of the License will apply to the Core Services and the Optional Services.
  • 8.2 Additional Required Services.

Source: Item 23 — RECEIPTS (FDD pages 99–438)

What This Means (2025 FDD)

According to Even Hotels' 2025 Franchise Disclosure Document, franchisees must adhere to specific security practices to protect data. IHG (InterContinental Hotels Group) and its affiliates will have access to hotel reports and information generated through Curated Solutions, including revenue, occupancy, availability, and personal data. Franchisees must comply with all applicable laws, including Data Privacy Laws, credit card processing industry requirements like PCI DSS, all Standards, and all IHG policies related to network connectivity and data transmission.

Even Hotels franchisees are responsible for ensuring adequate security and backup procedures to prevent unauthorized access, use, or loss of data, meeting at least the industry standard of care. IHG may provide additional security and data protection practice requirements in writing, which may be updated periodically. Franchisees must comply with these Security Practices Updates within thirty days of their issuance and adhere to changes in applicable laws or industry requirements within the mandated timeframe.

Furthermore, if an Even Hotels franchisee fails to implement any non-hosted update when required, FreedomPay reserves the right to terminate operational support for the prior release, even if the franchisee continues to use it. The FreedomPay Solution also requires full SKU level data to be transmitted with each transaction. Failure to provide this data may result in suspension of the hotel's access to the FreedomPay Solution, unless the franchisee remedies the failure within thirty days. Additionally, franchisees are prohibited from using production data (live PANs) in testing or development, as per PCI rules.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Even_Hotels 2025 FAQs Ask FDD Ninja