disruption to our operations, a compromise or corruption of confidential information, and/or damage to our employee and business relationships, all of
which could lead to loss and harm our business” herein. In addition, we offer a mobile application and rewards program that allows our guests to schedule
their visits and facilitates a contactless experience with self-check-in, which may in the future track other personal information. Some of this data is highly
sensitive in nature and could be an attractive target of a criminal attack by malicious third parties with a wide range of motives and expertise, including
lone wolves, organized criminal groups, “hacktivists,” disgruntled current or former employees, and others. The integrity and protection of guest,
prospective guest and employee data is critical to us.
Despite the security measures we have in place to comply with applicable laws and rules, our facilities and systems, and those of our franchisees and third-
party service providers (as well as their third-party service providers), may be vulnerable to security breaches, acts of cyber terrorism or sabotage,
vandalism or theft, computer viruses, loss or corruption of data, programming or human errors or other similar events. See “The occurrence of cyber-
incidents, or a deficiency in cybersecurity, could negatively impact our business by causing a disruption to our operations, a compromise or corruption of
confidential information, and/or damage to our employee and business relationships, all of which could lead to loss and harm our business” herein.
Furthermore, the size and complexity of our information systems, and those of our franchisees and our third-party vendors (as well as their third-party
service providers), make such systems potentially vulnerable to security breaches from inadvertent or intentional actions by our employees, franchisees or
vendors, or from attacks by malicious third parties. Because such attacks are increasing in sophistication and change frequently in nature, We, our
franchisees and our third-party service providers may be unable to anticipate these attacks or implement adequate preventative measures, and any
compromise of our systems, or those of our franchisees and third-party vendors (as well as their third-party service providers), may not be discovered and
remediated promptly. Changes in consumer behavior following a security breach or perceived security breach, act of cyber terrorism or sabotage,
vandalism or theft, computer viruses, loss or corruption of data or programming or human error or other similar event affecting a competitor, large retailer
or financial institution may materially and adversely affect our business.
Additionally, the handling of personally identifiable information by us, or our franchisees’, businesses are regulated at the federal, state and international
levels as well as by certain industry groups, such as the Payment Card Industry Security Standards Council, the National Automated Clearing House
Association, and individual credit card issuers. Federal, state, international and industry groups may also consider and implement from time to time new
privacy and security requirements that apply to our businesses. Compliance with contractual obligations and evolving privacy and security laws,
requirements and regulations may result in cost increases due to necessary systems changes, new limitations or constraints on our business models and the
development of new administrative processes. They also may impose further restrictions on our handling of personally identifiable information that are
housed in one or more of our franchisees’ databases or those of our third-party service providers. Non-compliance with privacy laws or industry group
requirements or a security breach or perceived non-compliance or breach involving the misappropriation, loss or other unauthorized disclosure of personal,
sensitive or confidential information, whether by us or by one of our franchisees or vendors, could have material adverse effects on us and our franchisees’
business, operations, brand, reputation and financial condition, including decreased revenue, material fines and penalties, litigation, increased financial
processing fees, compensatory, statutory, punitive or other damages, adverse actions against our licenses to do business and injunctive relief by court or
consent order. Despite our efforts, the handling of personally identifiable information may not be in compliance with applicable law, or this information
could be disclosed or lost due to a hacking event or unauthorized access to our information system, or through publication or improper disclosure, any of
which could affect the value of our brand. We maintain cyber risk insurance, but in the event of a significant data security breach, this insurance may not
cover all of the losses that we would be likely to suffer.
We and our franchisees rely heavily on information systems, and any material failure, interruption or weakness may prevent us from effectively
operating our business and damage our reputation.
We and our franchisees increasingly rely on information systems, including point-of-sale processing systems in our centers and other information systems
managed by third parties, to interact with our franchisees and guests and collect, maintain and handle guest information, billing information and other
personally identifiable information, including for the operation of our centers, collection of cash, legal and regulatory compliance, management of its
supply chain, accounting, staffing, payment of obligations, credit and debit card transactions and other processes and procedures. To process payments by
our guests, we use a commercially available third-party point-of-sale system. Unforeseen issues, such as bugs, data inconsistencies, outages, changes in
business processes, and other interruptions with such point-of-sale system in the past have had, and could have an adverse impact on our business in the
future. Additionally, if we move to different third-party systems, or otherwise significantly modifies the point-of-sale system, our operations could be
interrupted. Our ability to efficiently and effectively manage our franchisees and corporate-owned centers depends significantly on the reliability and
capacity of these systems, and any potential failure of these third parties to provide quality uninterrupted service is beyond our control.
Our and our franchisees’ operations depend upon our ability, and the ability of our franchisees and third-party service providers (as well as their third-party
service providers), to protect our computer equipment and systems against damage from physical theft, fire, power loss, telecommunications failure or
other catastrophic events, as well as from internal and external security incidents, viruses, denial-of-service attacks and other disruptions. The failure of
these systems to operate effectively, stemming from maintenance problems, existing systems becoming obsolete, upgrading or transitioning to new
platforms, expanding our systems as it grows, a
18