Can a Floyds 99 franchisee sell customer data without the Franchisor's approval?
Floyds_99 Franchise · 2025 FDDAnswer from 2025 FDD Document
Franchisee acknowledges that Franchisor shall own all customer contact information and other customer information ("Customer Data"), wherever located, and Franchisee shall facilitate access to such information upon request from Franchisor.
Franchisee shall only use the Customer Data as a processor as necessary to operate Franchisee's FLOYD'S 99 Shop for the initial term unless Franchisee obtains Franchisor's prior written approval.
Franchisee has no right to sell, transfer, sublicense or otherwise share Customer Data to or with any third party, unless Franchisee obtains Franchisor's prior written approval, or the third party is a service provider bound to substantially similar obligations as in this Section and Franchisee remains liable for their use.
Franchisee will comply with all directives and terms in the Operations Manual respecting Franchisee's use of the Customer Data.
Franchisor may access Customer Data at the FLOYD'S 99 Shop and Franchisee will allow Franchisor to audit Franchisee's records to confirm compliance with these provisions.
Franchisee must provide to Franchisor usernames and passwords to access the Customer Data.
Franchisee is solely responsible for protecting Customer Data from cyberattacks or unauthorized access, and Franchisee waives any claim it may have against Franchisor as the direct or indirect result of such attacks or unauthorized access.
Franchisee must comply with all applicable federal, state, and local laws and regulations concerning the storage, handling, use and protection of Customer Data.
In addition, Franchisee must comply with any data protection and breach response policies Franchisor periodically may establish and must not use or disclose Customer Data in a manner that would cause Franchisor to be in violation of Franchisor's published privacy policy.
Franchisee must notify Franchisor immediately of any actual or suspected data breach or cyber-attack at or in connection with the FLOYD'S 99 Shop and/or Customer Data.
Source: Item 22 — CONTRACTS (FDD pages 57–58)
What This Means (2025 FDD)
According to Floyds 99's 2025 Franchise Disclosure Document, franchisees are generally prohibited from selling or transferring customer data to third parties without prior written approval from the franchisor. The FDD specifies that Floyds 99 owns all customer contact information and other customer information, referred to as "Customer Data." Franchisees are allowed to use this data only as necessary to operate their Floyds 99 shop during the initial term of the franchise agreement, unless they receive explicit written consent from the franchisor for other uses.
This restriction ensures that Floyds 99 maintains control over customer data and can manage how it is used across the franchise system. It also allows Floyds 99 to ensure compliance with privacy policies and data protection laws. The franchisee is responsible for protecting customer data from cyberattacks and unauthorized access, and must notify the franchisor immediately of any data breaches or cyber-attacks.
However, there is an exception: a franchisee can share customer data with a third-party service provider if that provider is bound by substantially similar obligations regarding data protection and use, as outlined in the franchise agreement. Even in this case, the franchisee remains liable for how the service provider uses the data. This provision allows franchisees to use necessary third-party services while still protecting customer data according to Floyds 99's standards.
In summary, a Floyds 99 franchisee cannot sell, transfer, sublicense, or share customer data with any third party unless they obtain prior written approval from Floyds 99 or the third party is a service provider with similar data protection obligations. This policy is in place to protect customer data and maintain consistency across the Floyds 99 franchise system.