Can IHG sublicense the Licensee Personal Data obtained from Even Hotels franchisees?

According to Even Hotels' 2025 Franchise Disclosure Document, IHG and its affiliates receive a non-exclusive, worldwide, perpetual, and royalty-free license to use Licensee Personal Data, with the right to sublicense it. This license extends to using the data for IHG's obligations under the franchise agreement, including transferring the data across national borders and to third parties. However, this excludes sensitive personal data, government-assigned identifiers, health/medical data, and vehicle/parking data, which are termed "Excluded Personal Data".

This means that Even Hotels franchisees must transfer certain personal data they collect to IHG, who then has broad rights to use and share this data. The franchisee grants IHG a license to use (including the right to sublicense) the Licensee Personal Data free of charge. IHG can also retain a copy of Licensee Personal Data even after the franchise agreement terminates or expires.

For a prospective Even Hotels franchisee, this has significant implications for data privacy and compliance. Franchisees must ensure they collect, retain, use, and transmit personal data in compliance with all applicable data privacy laws. They also need to be aware of what constitutes "Licensee Personal Data" versus "Excluded Personal Data," as the rights and obligations differ. The franchisee should seek clarity from IHG regarding the specific purposes for which Licensee Personal Data will be used and sublicensed, and what measures are in place to protect the data.

It is also important for the franchisee to understand their obligations to report data breaches and to comply with IHG's security practices, which may be updated from time to time. Franchisees should ensure they have adequate security and backup procedures in place to protect personal data, and that their agreements with third-party vendors also comply with data privacy laws and IHG's requirements.