Security Awareness and Acceptable Use Policy
This web site is Copyright © 2013 by EWC Franchise, LLC. All rights reserved. No part of this web site may be reproduced, published, distributed, displayed, performed, copied or stored for public or private use in any information retrieval system, or transmitted in any form by any print, mechanical, photographic or electronic process, including electronically or digitally on the Internet or World Wide Web, or over any network, or local area network, without the express written permission of EWC Franchise, LLC.
EWC Franchise, LLC, a successor-in-interest by merger of EWC Franchise Group, Inc., and its legal (collectively with all of EWC Franchise, LLC’s affiliates, “EWC”) has prepared this Security Awareness and Acceptable Use Policy (“Policy”) to protect against unauthorized use of all Systems (as defined below).
This Policy applies to all applicable employees, contractors, consultants, temporary employees, personnel and all other workers at EWC, all EWC franchisees and area representatives, including all personnel affiliated with third parties (collectively, “Users”). This Policy applies to any System owned or leased by EWC or that contains information about, or is used in connection with, EWC and/or its franchisees and area representatives, their respective customers or the European Wax Center franchise system in general. For the avoidance of doubt, this Policy applies to all uses of information that has any direct or indirect relation to EWC. If a User has any question about whether information has any relation to EWC, the User is advised to treat such information as if it does have such relation and therefore ensure compliance with this Policy with respect to such information and the System used in relation to such information.
Note: EWC, from time to time, provides certain access to its Systems to non-employee Users, such as franchisee and area representative personnel, franchise prospects, vendors, contractors and other Users associated with third parties. Nothing in this Policy shall be deemed to create an employer/employee relationship between EWC and any such Users. The intent of this Policy is to protect EWC’s Systems and other sensitive materials and to protect against liability with the understanding that EWC’s Systems will be accessed by non-employee Users from time to time.
Systems Covered By This Policy
This Policy governs all IT resources and communications systems owned by or made available by EWC, including all use of such resources and systems when accessed using an employee’s own resources, including but not limited to (collectively, “Systems”):
Internet, Intranet, Extranet and FTP systems, accounts, access and browsing.
E-mail and network systems and accounts.
Telephones and voicemail systems, including wired and mobile phones, smartphones and pagers.
Printers, photocopiers and scanners.
Fax machines, e-fax systems and modems.
All other associated computer, network and communications systems, hardware, peripherals, equipment, software, and storage media, including network key fobs and other devices.
Closed-circuit television (CCTV) and all other physical security systems and devices, including access key cards and fobs.
General Use and Ownership
As between each User and EWC, all Systems shall be deemed to be owned by EWC. In addition, EWC owns all Confidential Information (as defined below). Users should take all necessary steps to prevent unauthorized access to the Systems and Confidential Information.
EWC understands that Users may also use other computer hardware and systems to access, store, manipulate or produce information related to EWC’s business and the European Wax Center franchise system in general. The foregoing shall not be deemed to be authorization of any such use of information from any other system, but rather an understanding that if any User is using such other systems in connection with any such information, then such use shall also be governed by this Policy.
Users should be aware that the data they create on any System or that relates to EWC and its businesses, including the franchise system in general, remains the property of EWC. Because of the need to protect the network, EWC cannot guarantee the confidentiality of a User’s personal information stored on any System or other network device belonging to EWC.
EWC recommends that any information that may be reasonably be considered sensitive or vulnerable be encrypted.
Security, Access and Passwords
It is each User’s responsibility to adhere to this Policy and to other applicable IT security guidelines regarding the security of EWC’s Systems, including, but not limited to, the creation, format and scheduled changes of passwords. All user names, pass codes, passwords, and information used or stored on EWC Systems are the property of EWC. No User may use a user name, pass code, password or method of encryption to access any EWC System that has not been issued to that User through EWC, or authorized in advance by EWC. System and user level passwords should be changed every 90 days.
Keep passwords secure and do not share accounts. Users are responsible for the security of their passwords and accounts. All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 15 minutes or less.
All credit card data shall be protected to prevent unauthorized use – whether the data is printed or stored locally, or transmitted over a public network to a remote server or service provider. No cardholder data should ever be stored unless it is necessary to meet the needs of the business. If any primary account credit card numbers (PANs) are stored, the PANs should be stored in a manner to render the number unreadable through masking (i.e. only displaying a portion of the credit card number (please note that the first six or last four digits are the maximum number of digits that may be displayed)).
Users should secure their workstations by logging off or locking (control-alt-delete for Windows users) when the host will be unattended.
Because information contained on portable computers is especially vulnerable, special care should be exercised. Laptops should be protected at all times with personal firewalls and Users should comply with all other applicable security standards and guidelines in protecting this information.
All hosts used by the User that are connected to the Systems, whether owned by the User or EWC, shall be continually executing no less than commercially recognized off-the shelf virus-scanning software with a current virus database.
Users must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code.
Upon learning of any breach or potential breach, the User should contact his or her supervisor immediately and ensure that EWC is made aware of the breach or potential breach by contacting EWC at firstname.lastname@example.org with reasonable detail of the breach or potential breach. It is expressly understood that the loss or misplacement of any laptops, cell phones or other hardware or storage devices which may contain information about EWC, its businesses or the franchise system, including for sake of clarity, the personal information of any person, shall in all cases be deemed a security breach that needs to be reported pursuant to this Policy.
EWC maintains integrated computer and data communications networks to facilitate all aspects of its business. A User may never sign on to any System using the password or user name of another User. No User should access, attempt to access, alter, or delete any network document except in furtherance of authorized EWC business.
Downloading and Installing Software/Website Agreements
E-mail and downloading from the internet are prime sources of viruses and other malicious software. Therefore, no User may download or install any software or shareware to their hard drive that is not expressly authorized or approved by EWC. In addition, a User may not accept the terms or conditions of website agreements while using or in connection with any System without first obtaining approval from email@example.com.
Postings by Users from an EWC e-mail address to newsgroups is strictly prohibited without explicit consent from EWC and even with such consent, such postings shall contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of EWC, unless posting is in the course of business duties as approved by EWC.
No Expectation of Privacy
All contents of the EWC’s Systems are the property of EWC. Therefore, Users should have no expectation of privacy whatsoever in any message, files, data, document, facsimile, telephone conversation, social media post, conversation or message, or any other kind or form of information or communication transmitted to, received or printed from, or stored or recorded on the EWC’s electronic information and communications systems.
Users are expressly advised that in order to prevent against misuse, EWC reserves the right to monitor, intercept and review, without further notice, every User’s activities using the Systems, including, without limitation, e-mail (both outgoing and incoming), telephone conversations and voicemail recordings, instant messages and internet and social media postings and activities (to the extent utilized through the Systems). By using the Systems, each User consents to such monitoring of the Systems. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving and printing of transactions, messages, communications, postings, log-ins, recordings and other uses of the Systems as well as keystroke capturing and other network monitoring technologies.
EWC may also store copies of such data and communications for a period of time after they are created, and may delete such copies from time to time without notice.
Do not use EWC’s Systems for any matter that you desire to be kept private or confidential from EWC.
Confidentiality and Proprietary Rights
EWC’s “Confidential Information” includes, without limitation, as applicable, information provided and/or made available during the course of a User’s employment, engagement or other involvement with the European Wax Center system, including the EWC data on the Systems, all user interface for information contained on the Systems, credit card information, company information, customer information, corporate strategies, competitor sensitive data, trade secrets, specifications, processes, designs, customer lists, research data, computer programs, designs, procedures, methods, finances, research or development projects or results, policies, marketing, pricing, guest and supplier information and know-how, and technology.
EWC’s Confidential Information is extremely valuable to EWC. Users must treat Confidential Information accordingly and not jeopardize it through business or personal use of the Systems. A User should ask his or her supervisor if unsure whether to disclose Confidential Information to particular individuals or how to safeguard EWC’s proprietary rights.
In addition to any other obligations that a User may have in connection with a separate confidentiality agreement, Users shall not in any manner or at any time, either directly or indirectly, (i) use any part of the Confidential Information, except in the performance of his or her duties during User’s engagement, employment or other involvement with the European Wax Center system, and in no case in any manner detrimental to EWC, or (ii) divulge, disclose, distribute, reproduce, reverse engineer or communicate to any person or organization any of the Confidential Information.
Whenever requested by EWC, a User shall immediately return all Confidential Information in his or her possession, or under his or her care and control.
Do not use EWC’s name, brand names, logos, taglines, slogans or other trademarks without written permission from EWC. Requests for permission shall be directed to firstname.lastname@example.org.
This Policy also prohibits use of the Systems in any manner that would infringe or violate the proprietary rights of third parties. Electronic communications systems provide easy access to vast amounts of information, including material that is protected by copyright, trademark, patent and/or trade secret law. A User should not knowingly use or distribute any such material downloaded from the internet or received by e-mail without the prior written permission of EWC. Requests for permission shall again be directed to email@example.com.
E-mail and Text Messaging
EWC may, from time to time, provide certain Users with access to e-mail and/or text messaging systems for use in connection with the performance of their duties or for other business purposes related to EWC’s businesses. EWC seeks to provide stable and secure e-mail and text messaging systems (which may include SMS and internet-based instant messaging) with rapid, consistent delivery times that promote communication for business purposes without incurring unnecessary costs or generating messages that are unproductive for the recipient. Many of the policies described below governing use of EWC’s e-mail and text messaging systems are aimed at reducing the overall volume of messages flowing through and stored on the network, reducing the size of individual messages, and making the system more efficient and secure.
Unfortunately, Users will occasionally receive unsolicited commercial or bulk e-mail (spam) which, aside from being a nuisance and a drain on IT resources, might be a means to spread computer viruses and other malicious software. Users should avoid opening unsolicited messages and report any suspicious e-mail to their supervisor and to EWC firstname.lastname@example.org. Users must delete all spam immediately. Users must not reply to the message in any way, even if it states that User can request to be removed from its distribution list. If delivery persists, the User should again contact its supervisor and EWC at email@example.com, so that steps may be taken to block any incoming e-mail from that address. Users should be aware that spammers have the ability to access e-mail addresses that are listed as senders or recipients on e-mail messages, on websites, user discussion groups, and other internet areas. Therefore, Users should be cautious about using and disclosing company e-mail addresses.
Proper business etiquette should be maintained when communicating via e-mail and text messaging. When writing business e-mail (i.e. any e-mail associated with EWC), Users should be as clear and concise as possible. Sarcasm, poor language, inappropriate comments, attempts at humor, and so on, should be avoided. When communicating via e-mail or instant messages, there are no facial expressions and voice tones to assist in determining the meaning or intent behind a certain comment. This leaves too much room for misinterpretation. E-mail communications should resemble typical professional and respectful business correspondence.
Internet and Social Media
EWC provides desktop internet access to certain Users for use in connection with performance of their duties. The following outlines EWC’s expectations regarding internet and social media access and use by Users.
Personal Use of the Internet
EWC recognizes that Users using EWC’s Systems might work long hours and occasionally may desire to access the internet (including social media) for personal activities at the office or by means of EWC’s Systems. EWC authorizes such occasional use so long as it does not involve unprofessional or inappropriate content. Users are responsible for exercising good judgment regarding the reasonableness of personal use and shall comply with all applicable policies, standards, rules, laws and regulations regarding such use.
Using EWC’s Systems (including social media) to access pornographic, sexually explicit or "hate" sites, or any other website that might violate law or EWC policies against harassment and discrimination, are never permitted.
Remember that EWC expressly reserves the right, without further notice, to monitor and review records of all websites visited by Users using the Systems, any postings or downloads Users make while visiting websites and during Users’ other internet activities using the Systems, and Users consents to such monitoring and review by acknowledgement of this Policy and, if applicable, use of internet access provided by EWC.
Use of Social Media.
The internet provides unique opportunities to participate in discussion groups and activities, and share information on particular topics using a wide variety of social media. Social media is technology that enables online users to interact and share information (including video, audio, photographs and text) publicly or privately. EWC respects the right of any User to use social media. However, to protect EWC’s interests, Users must adhere to the general internet use guidelines and rules in this Policy when using the Systems to access the internet, or whenever their internet access may otherwise affect EWC, and the following related specifically to social media use:
oAll Users must act professionally and shall ensure avoid engaging in any inappropriate content.
oRemember that anything Users post or send using social media, whether in or outside of the workplace, could reflect on EWC or others, in addition to such User, and might create legal liabilities for EWC or others associated with EWC, or damage their respective business or reputation.
oTo avoid the risk of any legal liability or business damage as a result of a User’s use of social media, whether in or outside of the workplace, each User must remember that he or she is solely responsible for all content that User posts or sends. EWC prefers that Users avoid identifying themselves as affiliated with EWC, using EWC e-mail address or mentioning EWC or any of its products or services unless such User receives written instructions or permission from an authorized person. If you have any questions about EWC’s policies on social media affiliations, you should speak with your supervisor. If a User does identify him or herself as affiliated with EWC, the User may not identify him or herself as a representative of EWC and it is strongly recommended to include a disclaimer such as "the views expressed by me do not represent the views of EWC". This is necessary to avoid damage to EWC’s business reputation and goodwill in the marketplace. Also note, if a User endorses EWC in any way, by law the User must disclose his or her affiliation and role with EWC.
oIf your job duties require you to speak on behalf of EWC in a social media environment, you must be authorized to act as EWC’s "representative" or must otherwise seek written approval for such communication. If a User has no authorization or approval to speak on behalf of EWC in a social media environment, direct the inquiry to firstname.lastname@example.org do not respond without written approval. Note that all social media accounts used on behalf of EWC or otherwise used for EWC’s business purposes are owned by EWC, including any and all log-in and password information and content associated with each account, such as followers and contacts. EWC owns all such information and content regardless of the User that opens the account or uses it, and will retain all such information and content regardless of separation of any User from EWC.
oDo not post or send anything through social media that any other party or person could reasonably find offensive, including ethnic slurs, sexist comments, discriminatory comments, or obscenity.
oAny conduct that under the law is impermissible if expressed through any other public forum is also impermissible if expressed through social media.
oIf a User is unsure about the appropriateness of any posting or communication, and the User must refrain from posting or communicating until the User has had it approved.
oIf a User sees content in a social media environment that reflects poorly on EWC or its stakeholders, employees or other representatives, notify email@example.com immediately.
oFinally, Users must keep in mind the speed at which information can be relayed through social media, and the manner in which it can be misunderstood and distorted by readers and subsequent re-posters. Accordingly, EWC urges all Users not to post information regarding EWC that might detrimentally affect EWC’s goodwill or business reputation or otherwise negatively impact EWC or any businesses associated with EWC.
Telephone and Voicemail
EWC provides landline and/or mobile telephone access and voicemail systems to certain Users for use in connection with performance of their duties. To ensure that EWC guests and other third parties are provided with courteous and respectful service, and to prevent misuse of EWC’s Systems, conversations and voicemail messages of every User through EWC’s Systems may, without notice, be monitored, recorded and reviewed. EWC may also store recorded telephone conversations and voicemail messages for a period of time after they take place, and may delete such recordings from time to time.
We recognize that Users might occasionally need to use EWC telephones and voicemail for personal activities. EWC authorizes occasional personal use of EWC’s telephones and voicemail systems so long as it does not comprise unprofessional or inappropriate conversations or messages, and, with respect to EWC personnel, does not interfere with a User’s responsibilities or productivity. EWC telephones may not be used for commercial, religious or political solicitation, or to promote outside organizations.
Remember that EWC expressly reserves the right, without further notice, to monitor, review and record telephone conversations and voicemail messages Users have or leave whether business or personal in nature, using EWC Systems, and each User consents to such monitoring, review and recording by his or her acknowledgement of this Policy and by using any of EWC’s telephones or voicemail systems.
Inappropriate Use of Company IT Resources and Communications Systems
Users are never permitted to use EWC’s Systems for any inappropriate or unlawful purpose. The following activities are strictly prohibited, with no exceptions:
oMisrepresenting him or herself as another individual or company.
oSending, posting, recording or encouraging receipt of messages or information that may be offensive because of their sexual, racist, or religious content.
oRevealing proprietary or Confidential Information, including official EWC information, employee information, personnel information or intellectual property without authorization.
oConducting or soliciting illegal activities.
oRepresenting a personal opinion as that of EWC.
oInterfering with the performance of User’s job or the jobs of other EWC Users.
oFor any other purpose that violates EWC policies, procedures or practices.
System and Network Activities
oViolations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by EWC or the end user.
oUnauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which EWC or the end user does not have an active license is strictly prohibited. The use of any recording device such as, but not limited to, digital cameras, video cameras, and cell phone cameras, within the premises of all EWC properties is prohibited unless approved by EWC.
oExporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.
oIntroduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
oRevealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.
oProcuring or transmitting material that is in violation of all applicable sexual harassment or hostile workplace laws.
oMaking fraudulent offers of products, items, or services.
oMaking statements about warranty, expressly or implied, unless it is a part of normal job duties.
oEffecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the User is not an intended recipient or logging into a server or account that the User is not expressly authorized to access, unless these duties are within the scope of regular duties or otherwise expressly authorized. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
oPort scanning or security scanning is expressly prohibited unless prior approval from EWC is received.
oExecuting any form of network monitoring which will intercept data not intended for the User’s host, unless this activity is a part of the User’s normal job/duty or is otherwise expressly authorized.
oCircumventing user authentication or security of any host, network or account.
oInterfering with or denying service to any user other than the User’s host (for example, denial of service attack).
oUsing any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the Internet/Intranet/Extranet.
oProviding information about, or lists of, any persons to third-parties without prior approval from EWC.
E-mail and Communications Activities (while EWC’s Systems or for any reason associated with EWC)
oSending unsolicited e-mail messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (e-mail spam).
oAny form of harassment via e-mail, telephone or paging, whether through language, frequency, or size of messages.
oUnauthorized use, or forging, of e-mail header information.
oSolicitation of e-mail for any other e-mail address, other than that of the poster’s account, with the intent to harass or to collect replies.
oCreating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
oUse of unsolicited e-mail originating from within EWC‘s networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by EWC or connected via EWC‘s network.
oPosting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).
Users who violate any provision of this Policy are subject to discipline, which may included, at the discretion of the applicable employer and subject to applicable law, termination.
Conduct Not Prohibited by This Policy
This Policy is not intended to preclude or dissuade Users from engaging in legally protected activities/activities protected by state or federal law, including the National Labor Relations Act such as discussing wages, benefits or terms and conditions of employment or legally required activities.
All questions, consents, approvals or other communications for EWC regarding this Policy should be directed to: firstname.lastname@example.org, unless another contact is specifically provided in this Policy.