What information is a Fitstop franchisee prohibited from collecting and storing?

According to Fitstop's 2024 Franchise Disclosure Document, franchisees are not allowed to collect, store, or transfer any customer information that is deemed unnecessary.

This restriction is in place to ensure compliance with payment card industry (PCI) and data security standard (DSS) regulations. Franchisees are responsible for meeting all PCI and DSS requirements, including using necessary tools and systems for ongoing compliance, such as quarterly external security scans and annual self-assessment questionnaires. They are also responsible for all costs related to PCI compliance and data security issues, including breaches and malware.

Fitstop requires franchisees to alert them within 24 hours of any suspected or confirmed data security breach. This allows Fitstop to take appropriate action to protect customer data and notify relevant parties. By limiting the collection and storage of unnecessary customer information, Fitstop aims to minimize the risk of data breaches and maintain the security of customer data.