What must a Floyds 99 franchisee do if a data security breach occurs?
Floyds_99 Franchise · 2025 FDDAnswer from 2025 FDD Document
or approved supplier. Franchisee agrees to comply with Franchisor's standards and specifications which include, without limitation, using Franchisor's designated credit card processing service (which operates through the POS System) and taking security measures that comply with PCI Security Standards. If a data security breach occurs, the Franchisee must immediately notify the Franchisor and comply with all investigation and remediation efforts related to such breach consistent with the Franchisor's standards and specifications. The Franchisee authorizes vendors designated or approved by the Franchisor to conduct periodic data security and compliance audits and to perform remediation measures pursuant to the Franchisor's standards and specifications or the Franchisee shall provide proof of compliance to the Franchisor. Unless already incorporated into the point-of-sale system, the Franchisee must also purchase the Franchisor's designated point-of-sale system data backup software and services.
Source: Item 22 — CONTRACTS (FDD pages 57–58)
What This Means (2025 FDD)
According to Floyds 99's 2025 Franchise Disclosure Document, if a data security breach occurs, a franchisee must immediately notify Floyds 99. The franchisee must also comply with all investigation and remediation efforts related to the breach, consistent with Floyds 99's standards and specifications.
Floyds 99 franchisees are responsible for protecting customer data from cyberattacks or unauthorized access and waive any claims against Floyds 99 as a result of such attacks or unauthorized access. Franchisees must comply with all applicable federal, state, and local laws and regulations concerning the storage, handling, use, and protection of customer data. They must also adhere to any data protection and breach response policies that Floyds 99 establishes and must not use or disclose customer data in a way that violates Floyds 99's published privacy policy.
To ensure data security, Floyds 99 franchisees must purchase, install, and implement computer data security hardware and software, firewall protection, and security breach insurance through Floyds 99's designated or approved supplier. They must also use Floyds 99's designated credit card processing service, which operates through the POS system, and take security measures that comply with PCI Security Standards. Floyds 99 also owns all customer contact information and other customer information, and franchisees must facilitate access to this information upon request from Floyds 99.