Under what circumstances must a 7 Brew franchisee notify 7 Brew in writing immediately?

According to 7 Brew's 2025 Franchise Disclosure Document, a franchisee must notify 7 Brew immediately after becoming aware of an actual or suspected Data Security Incident at their store. This notification must specify the extent to which Consumer Data was compromised or disclosed. The franchisee is then required to cooperate with 7 Brew's instructions for addressing the incident to protect Consumer Data and the 7 Brew brand. This includes giving 7 Brew or its designee access to the franchisee's computer system, whether remotely or at the store.

A "Data Security Incident" is defined as any act that initiates either internally or from outside the store's computers, point-of-sale terminals, and other technology or networked environment and violates the Law or explicit or implied security policies. This includes attempts to gain unauthorized access to the Franchise System, 7 Brew Stores, or their Data, or to view, copy, or use Consumer Data or Confidential Information without authorization. It also includes unwanted disruption or denial or service, unauthorized use of a system for processing or storage of Data, and changes to system hardware, firmware, or software characteristics without 7 Brew's knowledge, instruction, or consent.

This requirement ensures that 7 Brew can take swift action to mitigate any potential damage resulting from a data breach and protect its customers' information. It also allows 7 Brew to maintain control over the handling of such incidents, ensuring consistency and minimizing the risk of further harm to the brand's reputation. The franchisee is obligated to follow 7 Brew's instructions and cooperate fully in the investigation and remediation efforts. This clause highlights the importance 7 Brew places on data security and the protection of consumer information, placing a significant responsibility on the franchisee to be vigilant and responsive in the event of a security breach.