In the event of a data breach, who is responsible for the expenses related to the investigation conducted by Bft or its designees?

If Franchisee becomes aware of a suspected or actual breach of security or unauthorized access involving Personal Information, Franchisee will notify Franchisor immediately and specify the extent to which Personal Information was compromised or disclosed. Franchisee also agrees to fully cooperate, at its own expense, with any investigation Franchisor, or its designees, conducts related to the suspected or actual breach. Franchisee also agrees to follow Franchisor's instructions regarding curative actions and public statements relating to the breach. Franchisee also agrees to comply with applicable law regarding notice of the breach (either to the affected individuals and/or applicable governmental officials). To the extent permitted under Applicable Law, Franchisee will provide Franchisor with a copy of the form of breach notice as soon as practical in advance of providing such notice to the affected data subjects and/or governmental official. Franchisor reserves the right to conduct a data security and privacy audit of any of the Studio and computer system at any time, from time to time, to ensure that Franchisee is complying with Franchisor's requirements. Franchisee must promptly notify Franchisor if it receives any complaint, notice, or communication, whether from a governmental agency, customer or other person, relating to any Personal Information, or Franchisee's compliance with Franchisee's obligations relating to Personal Information under this Agreement, and/or if Franchisee has any reason to believe that it will not be able to satisfy any of its obligations relating to Personal Information under this Agreement.

Source: Item 23 — RECEIPTS (FDD pages 79–265)