What are the specific obligations of a Hardees franchisee regarding the protection of customer data and privacy (Item 9), and how does the franchisor's data security policies (Item 9) support these obligations?
Hardees Franchise · 2025 FDDAnswer from 2025 FDD Document
programs.
P. Consumer Information
Franchisee may only use Consumer Information (as defined below) to the extent necessary to perform Franchisee's obligations under this Agreement during the term hereof and subject to such instructions and restrictions as HR may from time to time impose and in compliance with all data privacy, security and other applicable laws. "Consumer Information" means any identifiers (including name, address, phone numbers, usernames, birthdates and e-mail addresses), sales, transaction, loyalty and payment history, and all other information about or related to any customer or prospective customer, including any information deemed "personal information" or "personal data" under applicable law. As used in this Agreement, the term "customer" refers to any person or entity (i) whose information is collected by any HR system or application or included in any consumer or customer database, file or system owned or controlled by HR, its parent, subsidiary or affiliate companies; (ii) who is included on any marketing or customer lists Franchisee develops or uses or any customer information generally collected and saved for any reason; (iii) who has purchased, purchases or intends to purchase products or services online, through an HR application, or at the Franchised Restaurant; or (iv) who has been solicited to purchase any products or services at the Franchised Restaurant. HR may use the Consumer Information as HR deems appropriate, including sharing it with HR's affiliates.
HR owns all Consumer Information and may use the Consumer Information as it deems appropriate (subject to applicable law), including disclosing it to vendors or sharing it with its affiliates for crossmarketing or other purposes. Franchisee may only use Consumer Information for the purpose of operating the Franchised Restaurant to the extent permitted under this Agreement, including the OPM, during the term hereof and subject to such restrictions as HR may from time to time impose and in compliance with all data privacy, security and other applicable laws. Without limiting the foregoing, Franchisee agrees to comply with applicable law in connection with Franchisee's collection, processing, storage and use of such Consumer Information, including, if required under applicable law, obtaining consents from individuals for HR's and its affiliates' use of the Consumer Information. Franchisee must comply with all laws and regulations relating to data protection, privacy and security, including data breach response requirements ("Privacy Law(s)"), as well as data privacy and security policies, procedures and other requirements HR may periodically establish.
What This Means (2025 FDD)
According to Hardees' 2025 Franchise Disclosure Document, franchisees have several obligations regarding consumer information and data security. Hardees owns all consumer information and may use it as it deems appropriate, but franchisees can only use consumer information to operate their franchised restaurant. This use is subject to restrictions imposed by Hardees and must comply with all data privacy and security laws. Franchisees must also obtain consent from individuals for Hardees' and its affiliates' use of consumer information, if required by law.
Hardees franchisees must comply with all laws and regulations relating to data protection, privacy, and security, including data breach response requirements, as well as any data privacy and security policies established by Hardees. Franchisees are required to maintain reasonable, appropriate, and effective security controls to preserve the security, integrity, availability, confidentiality, and resilience of consumer information. They must also notify Hardees immediately of any suspected data breach at or in connection with their restaurant and fully cooperate with Hardees in determining the most effective way to meet the company's standards and policies pertaining to privacy laws, including those governing data breach notification.
Furthermore, franchisees represent, warrant, and covenant that they will not sell or share any consumer information or make it available to any third party for valuable consideration. They will retain, use, or disclose consumer information only for the specific business purposes outlined in the franchise agreement and not for any other commercial or noncommercial purpose. Franchisees also agree not to retain, use, or disclose consumer information outside of the direct business relationship between the franchisee and Hardees. Franchisees are responsible for any financial losses or remedial actions resulting from a security breach or unauthorized access to consumer information under their control.