Is a Face Foundrie franchisee required to comply with data privacy regulations?
Face_Foundrie Franchise · 2025 FDDAnswer from 2025 FDD Document
, or other governmental instrumentality that relates to Franchisee, the Facial Bar, or any of Franchisee's employees. Franchisee must keep copies of all health, fire, building occupancy and similar inspection reports on file and available for Franchisor to review. Franchisee must promptly forward to Franchisor any correspondence stating that Franchisee is not in compliance with any such laws, rules, ordinances and regulations. Franchisee must abide by: (a) the Payment Card Industry Data Security Standards ("PCIDSS") enacted by the applicable Card Associations (as they may be modified from time to time or as successor standards are adopted); (b) the Fair and Accurate Credit Transactions Act ("FACTA"); and (c) all other standards, laws, rules, regulations or any equivalent thereof applicable to electronic payments that may be published from time to time by payment card companies and applicable to electronic payments ("Electronic Payment Requirements"). If Franchisee or Franchisor are required by one of the credit card companies or another third party (including any governmental body) to provide evidence of compliance with PCIDSS, FACTA or applicable Electronic Payment Requirements, Franchisor may require Franchisee to provide, or make available, to Franchisor copies of an audit, scanning results, or related documentation relating to such compliance. If Franchisee suspects or knows of a security breach, Franchisee must immediately give Franchisor notice of such security breach and promptly identify and remediate the source of any compromise or security breach. Franchisee assumes all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transaction concerning customers of the Facial Bar.
Source: Item 22 — CONTRACTS (FDD pages 73–74)
What This Means (2025 FDD)
According to Face Foundrie's 2025 Franchise Disclosure Document, franchisees must comply with specific data security standards and laws related to electronic payments. Face Foundrie franchisees are required to abide by the Payment Card Industry Data Security Standards (PCIDSS), the Fair and Accurate Credit Transactions Act (FACTA), and all other equivalent laws and regulations applicable to electronic payments. These Electronic Payment Requirements are those published by payment card companies and applicable to electronic payments.
If a credit card company or another third party, including a governmental body, requires evidence of compliance with PCIDSS, FACTA, or applicable Electronic Payment Requirements, Face Foundrie may require the franchisee to provide copies of an audit, scanning results, or related documentation. Franchisees are responsible for immediately notifying Face Foundrie of any suspected or known security breaches and must promptly identify and remediate the source of any compromise or security breach.
Furthermore, the Face Foundrie franchisee assumes all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the Facial Bar. Face Foundrie also states that it and its affiliates own all information relating to clients and members of the Facial Bar, including names, addresses, telephone numbers, e-mail addresses, buying habits, preferences, demographic information and related information, that it comprises personal information and part of the Confidential Information, and that Franchisor and its Affiliates may use such membership information in its and their business activities.