If a Byrider franchisee suspects a breach of security involving personal information, what is the franchisee required to do?

The Franchisee must implement all administrative, physical and technical safeguards necessary to protect any information that can be used to identify an individual, including names, addresses, telephone numbers, e-mail addresses, employee identification numbers, signatures, passwords, financial information, credit card information, biometric or health data, government-issued identification numbers and credit report information ("Personal Information") in accordance with applicable law and industry best practices. It is entirely the Franchisee's responsibility (even if the Company provides the Franchisee with any assistance or guidance in that regard) to confirm that the safeguards the Franchisee uses to protect Personal Information comply with all applicable laws and industry best practices related to the collection, access, use, storage, disposal and disclosure of Personal Information. If Franchisee becomes aware of a suspected or actual breach of security or unauthorized access involving Personal Information, the Franchisee will notify the Company immediately and specify the extent to which Personal Information was compromised or disclosed. The Franchisee also agrees to follow the Company's instructions regarding curative actions and public statements relating to the breach. The Franchisee must comply with the Company's privacy policy, as it may be amended periodically. The Franchisee further agrees to comply with any requests to return or delete Personal Information, whether requested by the Company or directly by a consumer, as required by applicable data sharing and privacy laws**.**

Source: Item 23 — Receipts (FDD pages 88–335)