What are the requirements for a Floyds 99 franchisee regarding 'Data Security and Access'?
Floyds_99 Franchise · 2025 FDDAnswer from 2025 FDD Document
The Franchisee must purchase, install and implement computer data security hardware and software, firewall protection, and security breach insurance through the Franchisor's designated or approved supplier.
Franchisee agrees to comply with Franchisor's standards and specifications which include, without limitation, using Franchisor's designated credit card processing service (which operates through the POS System) and taking security measures that comply with PCI Security Standards.
Franchisee acknowledges that Franchisor shall own all customer contact information and other customer information ("Customer Data"), wherever located, and Franchisee shall facilitate access to such information upon request from Franchisor.
Franchisee shall only use the Customer Data as a processor as necessary to operate Franchisee's FLOYD'S 99 Shop for the initial term unless Franchisee obtains Franchisor's prior written approval.
Franchisee has no right to sell, transfer, sublicense or otherwise share Customer Data to or with any third party, unless Franchisee obtains Franchisor's prior written approval, or the third party is a service provider bound to substantially similar obligations as in this Section and Franchisee remains liable for their use.
Franchisee will comply with all directives and terms in the Operations Manual respecting Franchisee's use of the Customer Data.
Franchisor may access Customer Data at the FLOYD'S 99 Shop and Franchisee will allow Franchisor to audit Franchisee's records to confirm compliance with these provisions.
Franchisee is solely responsible for protecting Customer Data from cyberattacks or unauthorized access, and Franchisee waives any claim it may have against Franchisor as the direct or indirect result of such attacks or unauthorized access.
Franchisee must comply with all applicable federal, state, and local laws and regulations concerning the storage, handling, use and protection of Customer Data.
In addition, Franchisee must comply with any data protection and breach response policies Franchisor periodically may establish and must not use or disclose Customer Data in a manner that would cause Franchisor to be in violation of Franchisor's published privacy policy.
Franchisee must notify Franchisor immediately of any actual or suspected data breach or cyber-attack at or in connection with the FLOYD'S 99 Shop and/or Customer Data.
The Franchisee shall keep the Program and any data generated by the use of the Program confidential during and after the term hereof, and shall establish and maintain such security precautions as are prescribed by the Franchisor from time to time to maintain the secrecy of the Program and any data generated by the use of the Program, and to prevent the unauthorized access to or use, disclosure or copying of the Program or any data generated by the use of the Program.
Franchisee will not, without Franchisor's prior written consent, utilize any generative artificial intelligence software, tools, or technologies, including, natural language processing, deep learning algorithms, or machine learning models ("Generative AI")
The Franchisor also reserves the right to require the Franchisee to provide the Franchisor with reasonable access to information and data regarding the FLOYD'S 99 Shop by computer modem, Internet connection or by other means.
Source: Item 22 — CONTRACTS (FDD pages 57–58)
What This Means (2025 FDD)
According to Floyds 99's 2025 Franchise Disclosure Document, franchisees have several requirements related to data security and access. Floyds 99 franchisees must purchase, install, and implement computer data security hardware and software, firewall protection, and security breach insurance through a supplier designated or approved by Floyds 99. Franchisees must use Floyds 99's designated credit card processing service, which operates through the POS system, and take security measures that comply with PCI Security Standards. If a data security breach occurs, the franchisee must immediately notify Floyds 99 and comply with all investigation and remediation efforts. Floyds 99 can authorize vendors to conduct periodic data security and compliance audits, or the franchisee must provide proof of compliance.
Floyds 99 also outlines specific requirements for handling customer data. Floyds 99 owns all customer contact information and other customer information, and franchisees must facilitate access to this information upon request. Franchisees can only use the Customer Data as necessary to operate their Floyds 99 shop, unless they obtain prior written approval from Floyds 99. Franchisees are prohibited from selling, transferring, or sharing Customer Data with third parties without approval, unless the third party is a service provider bound by similar obligations. Franchisees must comply with all directives in the Operations Manual regarding the use of Customer Data, and Floyds 99 can access Customer Data at the shop and audit records to confirm compliance. Franchisees are responsible for protecting Customer Data from cyberattacks or unauthorized access and must comply with all applicable data protection laws and regulations.
Furthermore, Floyds 99 requires franchisees to maintain the confidentiality of the software programs and any data generated by their use, establishing security precautions to prevent unauthorized access, use, disclosure, or copying. Franchisees must ensure that employees with access to the programs execute written confidentiality agreements. Floyds 99 also reserves the right to access information and data regarding the Floyds 99 shop via computer modem, Internet connection, or other means. Franchisees are generally prohibited from using generative AI software without prior written consent from Floyds 99.