What policies regarding data protection must a Floyds 99 franchisee comply with?
Floyds_99 Franchise · 2025 FDDAnswer from 2025 FDD Document
. In connection with any amounts due and owing by the Franchisee to third parties, the Franchisee expressly acknowledges that a default by the Franchisee with respect to such indebtedness may be considered a default hereunder and the Franchisor may avail itself of all remedies provided for herein in the event of default.
- f. Customer Data. Franchisee acknowledges that Franchisor shall own all customer contact information and other customer information ("Customer Data"), wherever located, and Franchisee shall facilitate access to such information upon request from Franchisor. Franchisee shall only use the Customer Data as a processor as necessary to operate Franchisee's FLOYD'S 99 Shop for the initial term unless Franchisee obtains Franchisor's prior written approval. Franchisee has no right to sell, transfer, sublicense or otherwise share Customer Data to or with any third party, unless Franchisee obtains Franchisor's prior written approval, or the third party is a service provider bound to substantially similar obligations as in this Section and Franchisee remains liable for their use. Franchisee will comply with all directives and terms in the Operations Manual respecting Franchisee's use of the Customer Data. Franchisor may access Customer Data at the FLOYD'S 99 Shop and Franchisee will allow Franchisor to audit Franchisee's records to confirm compliance with these provisions. Franchisee must provide to Franchisor usernames and passwords to access the Customer Data. Franchisee is solely responsible for protecting Customer Data from cyberattacks or unauthorized access, and Franchisee waives any claim it may have against Franchisor as the direct or indirect result of such attacks or unauthorized access. Franchisee must comply with all applicable federal, state, and local laws and regulations concerning the storage, handling, use and protection of Customer Data. In addition, Franchisee must comply with any data protection and breach response policies Franchisor periodically may establish and must not use or disclose Customer Data in a manner that would cause Franchisor to be in violation of Franchisor's published privacy policy. Franchisee must notify Franchisor immediately of any actual or suspected data breach or cyber-attack at or in connection with the FLOYD'S 99 Shop and/or Customer Data.
- g. Generative AI. Franchisee will not, without Franchisor's prior written consent, utilize any generative artificial intelligence software, tools, or technologies, including, natural language processing, deep learning algorithms, or machine learning models ("Generative AI")
directly or indirectly in the operation of the FLOYD'S 99 Shop, including without limitation, in advertising, promotion, or marketing of the FLOYD'S 99 Shop or the FLOYD'S 99 system, communications with customers, business planning, analysis or optimization, or in any social media. Franchisee acknowledges and agrees not to upload or share any Confidential Information (including any inputs of information containing trade secrets, sensitive confidential information or personal information) with any unapproved third-party platforms, including Generative AI, except as authorized by Franchisor in writing. In addition, Franchisee shall prohibit Franchisee's employees from using any Confidential Information in Generative AI.
Source: Item 22 — CONTRACTS (FDD pages 57–58)
What This Means (2025 FDD)
According to the 2025 Floyds 99 Franchise Disclosure Document, franchisees must adhere to several data protection policies. Floyds 99 retains ownership of all customer data, and franchisees are permitted to use this data only as necessary to operate their shop, unless they receive prior written approval from Floyds 99. Franchisees are prohibited from selling, transferring, or sharing customer data with third parties without Floyds 99's approval, unless the third party is a service provider bound by similar obligations, in which case the franchisee remains liable for their use. Franchisees must also comply with all directives in the Operations Manual regarding the use of customer data and provide usernames and passwords to Floyds 99 for access to this data.
Franchisees are solely responsible for protecting customer data from cyberattacks and unauthorized access and must comply with all applicable federal, state, and local laws concerning the storage, handling, use, and protection of customer data. They must also adhere to any data protection and breach response policies that Floyds 99 establishes and must not use or disclose customer data in a way that violates Floyds 99's published privacy policy. Franchisees are required to immediately notify Floyds 99 of any actual or suspected data breach or cyberattack.
Furthermore, Floyds 99 franchisees must purchase, install, and implement computer data security hardware and software, firewall protection, and security breach insurance through Floyds 99's designated or approved supplier. They must use Floyds 99's designated credit card processing service and take security measures that comply with PCI Security Standards. In the event of a data security breach, franchisees must immediately notify Floyds 99 and comply with all investigation and remediation efforts. Unless already incorporated into the point-of-sale system, franchisees must also purchase the Franchisor's designated point-of-sale system data backup software and services. Without prior written consent from Floyds 99, franchisees are prohibited from utilizing any generative artificial intelligence software, tools, or technologies in the operation of the Floyds 99 Shop.