Our terms of service

Legal

Website terms of use

Recruitment privacy notice

Restricted activities

Human rights and modern slavery statement

GDPR

GDPR

Updated on
June 10, 2024

Overview:

Franchain streamlines payment collection for franchisors, allowing them to efficiently gather royalties and one-off payments from operators worldwide. Unlike traditional methods such as standard invoicing or direct debits, Franchain offers a modern solution that enhances control for franchisors and flexibility for operators. We have offices in Canada, the United Kingdom, and the United Arab Emirates.

We operate from our London office at [XX]. Our company number is [XX], and our ICO (Information Commissioner's Office) registration is [XX].

1. What is GDPR?

The General Data Protection Regulation (GDPR) is the European law regulating data protection. It applies across Europe and is enacted into UK law, giving it effect in the UK even after Brexit. It standardizes data protection across EU member countries and post-Brexit UK. GDPR grants privacy rights to EU/EEA individuals - the data subjects - and places obligations on organizations handling their personal data, wherever those organizations are based. It gives EU and UK citizens control over their personal data, providing transparency into how data is used and ensuring that the organizations entrusted with personal data treat it appropriately.

2. Is Franchain compliant with GDPR?

With GDPR in effect, we welcome the opportunity to deepen our commitment to data privacy and security. In preparation, we conducted a comprehensive review and update of our policies, agreements, processes, products, and systems to ensure compliance with GDPR and continue to prioritize data protection. We operate a global privacy program that ensures we meet high standards of privacy law wherever we operate. This includes documented processes, assessing the risk of privacy-impacting business processes, and applying industry best practice privacy-by-design protocols. We’re also committed to helping our customers meet their requirements under the law.

3. Does Franchain comply with other privacy and data protection laws?

We operate in countries around the world with their own privacy and data protection laws, which we monitor for compliance - for example, the Australian Privacy Act, the New Zealand Privacy Act, PIPEDA in Canada, and US state and federal laws that apply to our operations. Our global privacy program is built on a GDPR model, the gold standard for compliance, adjusted where necessary for variations in local laws.

4. Is Franchain registered for data protection?

Franchain is headquartered in the United Kingdom and is registered with the UK Information Commissioner’s Office under registration number [XX].

5. GDPR requires effective security controls. How does Franchain meet that requirement?

Franchain is ISO 27001-certified and is routinely audited by an independent third party to ensure compliance with the certification. To meet ISO27001 standards, we continually review and improve our security management program, which includes:

  • A formal approach to security risk management overseen as part of our enterprise risk management program.
  • A dedicated team specializing in security engineering, including product security and security operations.
  • Mandatory security training for all employees.
  • Secure password policies.
  • Security procedures in product development and change control.
  • Information classification and document handling protocols.
  • Access controls based on specific needs and audited regularly.
  • Data center resilience and business continuity protocols.
  • Security protocols for databases and backups.
  • Physical security for our office environments.
  • Encryption and key management.
  • Formal incident response protocols.

6. What personal data does Franchain process?

As a data controller for personal data relating to operators and franchisors using Franchain services, we comply with the law's requirement to provide accurate, complete, and clear notice of the personal data we use. You can read the Franchain privacy notice on our website for further information.

7. What do you do with the data you collect?

We process personal data to provide our franchisors with the Franchain service. We also use personal data to improve our services, provide support, prevent fraud and money laundering, and for other related purposes. We do not share personal data with third parties for their own unrelated purposes, like advertising. You can read more about how Franchain uses personal data in our privacy notice.

8. Do you get explicit consent for the data you collect?

GDPR requires companies to have a "lawful basis" for processing personal data. To provide our services, we rely on three of these bases:

  • (b) Necessary to execute the transaction - for example, when we provide our payment services.
  • (c) Necessary to comply with a legal obligation - for example, when we conduct AML screening.
  • (f) Necessary to meet our legitimate interests - for example, when we apply our fraud models.

Consent is not always appropriate for these activities; we wouldn't be able to allow an individual to grant or revoke consent to process data after submitting a transaction or to opt out of fraud prevention. Where no other basis applies, or where we are required by law, we capture consent.

9. Where is the data you collect processed?

Franchain relies on a number of component services and providers to deliver payment processing services to our franchisors. All of our main processing for European payments is carried out on servers located in the European Economic Area (EEA). We use carefully chosen suppliers to perform other discrete tasks, which may result in data being transferred outside of the EEA. Whenever personal data is stored in those services, we ensure it is protected to EU standards using a GDPR-approved mechanism for the transfer.

10. What is Franchain doing to address the Schrems II Privacy Shield decision and keep international transfers lawful?

We enact appropriate transfer mechanisms and additional safeguards as part of our supplier due diligence. We keep an inventory of these suppliers and ensure they can continue to support our services despite changing regulations.

11. How long does Franchain retain personal data?

Franchain operates a formal, GDPR-compliant data retention and deletion program. It includes a documented data retention and deletion standard, with a defined retention period set for each data category we hold. Retention periods vary based on the relationship, type of data subject, category of data, and documented purpose of the processing.

12. Can you respond to requests from data subjects to exercise their rights?

We are able to respond to subject rights requests and aim to make the process as simple as possible. We have an online portal through which you can submit your request. If you believe the personal data we hold is incorrect or incomplete, please email us with 'Privacy' in the subject line, setting out the details of your request. We will get back to you as soon as possible.

13. I’m a business using Franchain to collect payments; how do I make sure I comply with GDPR?

As a franchisor, you're also a data controller for the personal data of your operators. You are responsible for ensuring that you have proper grounds for processing your operator's personal data and that you take other steps needed to comply with the law. Franchain takes on the direct responsibility for complying with the law for the processing that we undertake. You can help by including our name and privacy notice on your payment pages.

14. Does Franchain have an appointed GDPR representative I can contact?

Franchain has formally appointed a Data Protection Officer to ensure we stay accountable under the law. You can direct any queries regarding our approach to privacy and data protection by emailing us with ‘Privacy’ in the subject line.

Our position as data controller

1. Why is Franchain a controller of end-customer personal data?

Data protection law treats companies handling personal data as either data controllers or data processors. Franchain is considered a data controller due to the nature of our services and regulatory obligations. We determine the "purposes and means" of processing personal data, which includes deciding how long to retain data and ensuring compliance with payment scheme rules.

2. How does this affect me as a franchisor using Franchain?

Franchain’s position as a data controller is beneficial for franchisors. Franchain takes on direct responsibility for legal obligations related to processing personal data for our payment services. Your operators have a direct legal relationship with Franchain regarding our use of their personal data. This means they can exercise certain rights against us directly. We ask that you include a link to our privacy notice at the point of collection or other available interfaces.

3. How does this affect me as a partner offering an integration with Franchain?

As a partner, you must have an agreement in place with each franchisor using your service that includes appropriate data protection terms. When a franchisor enables your integration, they authorize us to share customer personal data with you, and you must protect that data and provide sufficient assurances.

4. How does this affect me when I pay a franchisor through Franchain?

Franchain is the payment provider for a business you make payments to on a recurring basis. We clarified our position as a data controller for individuals that pay businesses via Franchain. GDPR places strict rules on data usage, protection, and responses to data breaches. Please be assured that we will treat your data with respect and in accordance with the law.

5. How can I obtain a copy of your Data Processing Agreement (DPA)?

You can review the updated data protection terms that apply to your agreement with us in the 'Data Protection' section of our online Merchant Agreement. Our agreement reflects our relationship as data controllers, ensuring we comply with GDPR and other relevant regulations.

Built for global franchise organisations

©2024 Franchain Technologies Limited. All rights reserved. Franchain and the Franchain logo are registered trademarks of Franchain Technologies Limited.

Franchain Technologies Limited is registered in England and Wales, London, England and is not regulated by the Financial Conduct Authority.

Franchain is not a bank and your Franchain business account is not an FDIC-insured bank account.
Franchain Technologies Limited is Registered in the United Kingdom with Registered offices at 123 Buckingham Palace Road, London, England, SW1W 9SR