What laws and regulations must a Floyds 99 franchisee comply with regarding customer data?

According to the 2025 Floyds 99 Franchise Disclosure Document, franchisees must adhere to several laws and regulations concerning customer data. Floyds 99 retains ownership of all customer data, and franchisees are permitted to use this data only as necessary to operate their Floyds 99 shop, unless they receive prior written approval from the franchisor.

The franchisee is explicitly prohibited from selling, transferring, sublicensing, or sharing customer data with any third party without the franchisor's prior written consent, unless the third party is a service provider bound by similar obligations, in which case the franchisee remains liable for their use. Franchisees must also comply with all directives and terms in the Operations Manual regarding the use of customer data. Floyds 99 has the right to access customer data at the franchisee's shop and audit records to ensure compliance. Franchisees are required to provide usernames and passwords to access customer data.

Franchisees bear sole responsibility for protecting customer data from cyberattacks or unauthorized access and must waive any claims against Floyds 99 resulting from such incidents. They must comply with all applicable federal, state, and local laws and regulations concerning the storage, handling, use, and protection of customer data. Additionally, franchisees must adhere to any data protection and breach response policies established by Floyds 99 and must not use or disclose customer data in a way that violates the franchisor's published privacy policy.

Finally, franchisees are obligated to immediately notify Floyds 99 of any actual or suspected data breach or cyberattack at or in connection with their shop and/or customer data. They must also operate their Floyds 99 shop in compliance with all applicable federal, state, and local laws, including data security and privacy laws, to maintain a good public image and comply with business practices.