factual

What is Even Hotels' responsibility regarding compliance with privacy laws applicable to its business?

Even_Hotels Franchise · 2025 FDD

Answer from 2025 FDD Document

nt to this License, as well as any other reports, data, information or material provided to IHG pursuant to or in connection with this License, shall be true and correct and not misleading and shall comply with all Standards, policies and requirements of IHG with respect to privacy and security of Operating Data and Guest Data of the Hotel. Licensee acknowledges and agrees that IHG may retrieve Operating Data, Guest Data, and Licensee Personal Data directly through the reservations system, via electronic transmission or automatic capture.

  • (5) Data Privacy Laws. Licensee will: (i) comply with all applicable Data Privacy Laws; (ii) comply with all of IHG's requirements regarding data protection contained in the Standards or otherwise; (iii) refrain from any action or inaction that could cause IHG or its Affiliates to breach any of the Data Protection Laws; (iv) do and execute, or arrange to be done and executed, each act, document and thing necessary or desirable to keep IHG in compliance with any of the Data Protection Laws; (v) reimburse IHG for any and all costs incurred in connection with the breach by Licensee of such Data Privacy Laws or Brand Standards; (vi) immediately report to IHG the theft or loss of Personal Data or Guest Data; and (vii) permit IHG and its Affiliates to use any data or other information each of them gathers concerning Licensee, its Affiliates and/or the Hotel in connection with the establishment and operation of Brand System Hotels by IHG and its Affiliates. Licensee will implement commercially reasonable physical, administrative, and technical security controls for its processing of IHG Personal Data that are appropriate to the context and the risk of the Personal Data being processed.

B. Preparation and Maintenance of Records.

Licensee will, in a manner and form satisfactory to IHG and utilizing accounting and reporting standards as reasonably required by IHG, prepare on a current basis (and preserve for no less than four years or IHG's record retention requirements, whichever is longer), complete and accurate records concerning Gross Rooms Revenue and all financial, operating, marketing and other aspects of the Hotel. Licensee will maintain an accounting system which fully and accurately reflects all financial aspects of the Hotel and its business. Such records shall include but not be limited to books of account, tax returns, governmental reports, register tapes, daily reports, and complete quarterly and annual financial statements (profit and loss statements, balance sheets and cash flow statements). The requirement to preserve records as set forth herein shall continue beyond the expiration or sooner termination of the License Term.

C. Audit.

IHG may require Licensee to have the Hotel's Gross Rooms Revenue and/or monies due hereunder computed and certified as accurate. During the License Term and for two years afterward, IHG and its authorized agents will have the right to verify information required under this License by requesting, receiving, inspecting and auditing, at all reasonable times, any and all records referred to above wherever they may be located (or elsewhere if reasonably requested by IHG). If any such inspection or audit discloses a deficiency in any payments due hereunder, and the deficiency in any payment is not offset by overpayment, Licensee shall immediately pay to IHG the deficiency and interest thereon as provided in paragraph 3.C. along with an audit fee of $3,000, as such amount may be increased by IHG. No acceptance by IHG of any audit fee or deficiency payment shall be deemed to waive any right of IHG to pursue a default under this License by reason of such underpayment. If the audit does not result in a deficiency being assessed, then no audit fee will be assessed.

Source: Item 23 — RECEIPTS (FDD pages 99–438)

What This Means (2025 FDD)

According to Even Hotels' 2025 Franchise Disclosure Document, the franchisee, referred to as the Licensee or Hotel, has several responsibilities regarding compliance with data privacy laws. The Licensee must comply with all applicable Data Privacy Laws and all of IHG's (InterContinental Hotels Group) requirements regarding data protection, as outlined in the Standards. The Licensee must also avoid any actions that could cause IHG or its affiliates to breach any Data Protection Laws. Furthermore, the Licensee is responsible for executing any necessary actions to ensure IHG remains compliant with these laws. A significant risk for the franchisee is the responsibility to reimburse IHG for any costs incurred due to the Licensee's breach of Data Privacy Laws or Brand Standards. The Licensee must also immediately report any theft or loss of Personal Data or Guest Data to IHG. IHG and its affiliates are permitted to use any data gathered concerning the Licensee, its affiliates, and/or the Hotel in connection with establishing and operating Brand System Hotels. The Licensee must implement commercially reasonable security controls for processing IHG Personal Data, appropriate to the context and risk involved.

The FDD also specifies the roles of different parties in relation to personal data. The Hotel is considered an independent Controller of the Hotel Personal Data and sole Controller of the Excluded Personal Data, while IHG is an independent Controller of the IHG Personal Data to the fullest extent permitted by Privacy Laws and the sole Controller of the IHG Marketing Data. Each party is responsible for its compliance with Privacy Laws concerning its Personal Data. If either IHG or the Hotel receives a request related to the processing of Personal Data by the other party, they are required to direct the request to the appropriate Controller.

HotelKey, as the Processor of Hotel Personal Data and Subprocessor for the Hotel of IHG Marketing Data, also has obligations. HotelKey must process Personal Data on behalf of the Hotel for the purposes described in the agreement or as instructed and must not retain, use, or disclose the Personal Data for any commercial purpose other than providing services under the agreement, operational purposes permitted by Privacy Laws, or to comply with legal obligations. HotelKey must cooperate with the Hotel to promptly respond to consumer requests under Privacy Laws and implement consumer requests to the extent requested by IHG or the Hotel and/or required by Privacy Laws. HotelKey is obligated to comply with its obligations and provide the same level of privacy protection as required by the Privacy Laws and must notify the Hotel if it determines it can no longer meet its obligations under the Privacy Laws with respect to the Hotel Personal Data. HotelKey must notify IHG and Hotel immediately of any Security Incident involving Hotel Personal Data and cooperate with them in relation to any notifications following a Security Incident, allowing IHG and Hotel exclusive control over the content of such notices.

Overall, the Even Hotels franchisee bears significant responsibility for ensuring compliance with data privacy laws, including implementing security measures, reporting breaches, and cooperating with IHG and HotelKey. Failure to comply can result in financial liabilities and damage to the brand's reputation. Prospective franchisees should carefully review these obligations and ensure they have the resources and expertise to meet them.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Even_Hotels 2025 FAQs Ask FDD Ninja