Is a Hardees franchisee allowed to sell or share Consumer Information?
Hardees Franchise · 2025 FDDAnswer from 2025 FDD Document
HR owns all Consumer Information and may use the Consumer Information as it deems appropriate (subject to applicable law), including disclosing it to vendors or sharing it with its affiliates for crossmarketing or other purposes. Franchisee may only use Consumer Information for the purpose of operating the Franchised Restaurant to the extent permitted under this Agreement, including the OPM, during the term hereof and subject to such restrictions as HR may from time to time impose and in compliance with all data privacy, security and other applicable laws. Without limiting the foregoing, Franchisee agrees to comply with applicable law in connection with Franchisee's collection, processing, storage and use of such Consumer Information, including, if required under applicable law, obtaining consents from individuals for HR's and its affiliates' use of the Consumer Information. Franchisee must comply with all laws and regulations relating to data protection, privacy and security, including data breach response requirements ("Privacy Law(s)"), as well as data privacy and security policies, procedures and other requirements HR may periodically establish. Franchisee must maintain reasonable, appropriate, and effective security controls to preserve the security, integrity, availability, confidentiality, and resilience of Consumer Information. Franchisee must notify HR immediately of any suspected data breach at or in connection with the Franchised Restaurant or the business operated at the Franchised Restaurant. Franchisee must fully cooperate with HR and its counsel in determining the most effective way to meet HR's standards and policies pertaining to Privacy Laws, including those governing notification of a data breach. Franchisee is
responsible for any financial losses it incurs or remedial actions that it must take as a result of breach of security or unauthorized access to Consumer Information in Franchisee's control or possession.
Without limiting the foregoing, Franchisee represents, warrants, and covenants that:
(1) Franchisee will not "sell" or "share" (as defined under any Privacy Law) any Consumer Information or make Consumer Information available to any third party for valuable consideration;
(2) Franchisee will retain, use, or disclose Consumer Information only for the specific business purposes specified in this Agreement, and not for any other commercial or noncommercial purpose;
(3) Franchisee will not retain, use, or disclose Consumer Information outside of the direct business relationship between Franchisee and HR;
Source: Item 22 — Contracts (FDD page 85)
What This Means (2025 FDD)
According to Hardees's 2025 Franchise Disclosure Document, franchisees are explicitly prohibited from selling or sharing consumer information. The FDD defines "Consumer Information" broadly, including identifiers like names, addresses, phone numbers, email addresses, sales history, and any data related to customers or prospective customers. Hardees retains ownership of all Consumer Information and may use it as deemed appropriate, including sharing it with affiliates for marketing or other purposes.
Hardees franchisees are only allowed to use Consumer Information to operate their franchised restaurant, as permitted by the franchise agreement and the Operations Procedures Manual (OPM). This use is subject to restrictions imposed by Hardees and must comply with all data privacy and security laws. Franchisees must also obtain necessary consents from individuals for Hardees and its affiliates to use their Consumer Information, if required by law.
Furthermore, Hardees franchisees must comply with all data protection, privacy, and security regulations, including data breach response requirements. They are required to maintain security controls to protect the confidentiality of Consumer Information and must immediately notify Hardees of any suspected data breaches. Franchisees are financially responsible for any losses or remedial actions resulting from security breaches or unauthorized access to Consumer Information under their control.