What happens if Atwell Suites experiences a Data Security Event?
Atwell_Suites Franchise · 2025 FDDAnswer from 2025 FDD Document
If we are determined by a Card Organization to have breached our data security obligations under Applicable Law or the Card Organization Rules, resulting solely from our independent acts or omissions which results in the actual, unauthorized disclosure of personally identifiable consumer information, including but not limited to Cardholder data that is submitted to us by you hereunder, (a "Data Security Event"), we will be responsible for performing each of the actions set forth in subparts (a) and (c) of Section 4.4.
Source: Item 23 — Receipts (FDD pages 99–486)
What This Means (2025 FDD)
According to Atwell Suites' 2025 Franchise Disclosure Document, if Atwell Suites is determined by a Card Organization to have breached its data security obligations under applicable law or the Card Organization Rules, resulting solely from its independent acts or omissions which results in the actual, unauthorized disclosure of personally identifiable consumer information, including but not limited to Cardholder data that is submitted to it by the franchisee, and this is considered a Data Security Event, then Atwell Suites will be responsible for performing certain actions.
Specifically, Atwell Suites will be responsible for performing an independent investigation, including a forensics analysis performed by a certified forensic vendor acceptable to the Card Organizations in accordance with Card Organization standards, of any data security breach of Cardholder data or Transaction Data. Atwell Suites will also be responsible for performing any remedial actions recommended by any such investigation.
In the event of a Data Security Event, the franchisee is responsible for providing Atwell Suites with the cardholder data that is submitted to them. The franchisee is also responsible for cooperating with Atwell Suites in the investigation and resolution of any security breach.