Common use of Cybersecurity and Data Protection Clause in Contracts

Cybersecurity and Data Protection. The Company and its Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are reasonably believed by the Company to be adequate in all material respects for, and operate and perform as required in connection with, the operation of the business of the Company and its Subsidiaries as currently conducted and, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants, except as would not individually or in the aggregate reasonably be expected to result in a Material Adverse Effect. The Company and its Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its Subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except for such failures as would not individually or in the aggregate reasonably be expected to result in a Material Adverse Effect. The Company and its Subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except for such failures as would not individually or in the aggregate reasonably be expected to result in a Material Adverse Effect.

Cybersecurity and Data Protection. The Company and Except as would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect, (A) there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company’s or its Subsidiariessubsidiaries’ information technology assets and equipment, computers, computer systems, networks, hardware, software, websitesdata and databases (including the data and information of their respective customers, applicationsemployees, suppliers, vendors and any third party data maintained, processed or stored by the Company or its subsidiaries, and databases any such data processed or stored by third parties on behalf of the Company or its subsidiaries), equipment or technology (collectively, “IT SystemsSystems and Data”); (B) are reasonably believed by neither the Company nor its subsidiaries have been notified of, nor have any knowledge of any event or condition that would result in, any security breach or incident, unauthorized access or disclosure of or other compromise to be adequate in all material respects for, their IT Systems and operate and perform as required in connection with, the operation of the business of Data; (C) the Company and its Subsidiaries as currently conducted and, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants, except as would not individually or in the aggregate reasonably be expected to result in a Material Adverse Effect. The Company and its Subsidiaries subsidiaries have implemented and maintained commercially reasonable appropriate controls, policies, procedures, and technological safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all their IT Systems and data Data reasonably consistent with industry standards and practices, or as required by applicable regulatory standards; (including all personalD) the IT Systems and Data are adequate and operational for, personally identifiablein accordance with their documentation and functional specifications, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its Subsidiaries subsidiaries as now operated by them and as currently conducted, and, proposed to the knowledge of the Company, there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except for such failures be operated as would not individually or described in the aggregate reasonably be expected to result in a Material Adverse Effect. The Registration Statement, the General Disclosure Package and the Prospectus; and (E) the Company and its Subsidiaries subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of the IT Systems and Personal Data Data, including the collection, use, transfer, processing, disposal, disclosure, handling, storage and analysis of personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in their possession (“Sensitive Company Data”), and to the protection of such IT Systems and Personal Data and Sensitive Company Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of the Sensitive Company Data. The Company and its subsidiaries have not received any written notice, except for such failures as would claim, complaint, demand or letter from any person or Governmental Entity in respect of their businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. To the Company’s knowledge, there has been no unauthorized or illegal use of or access to any Sensitive Company Data by any third party. The Company and its subsidiaries have not individually been required to notify any individual, Governmental Entity or in data protection authority of any information security breach, compromise or incident involving Sensitive Company Data and, to the aggregate reasonably be expected to result in a Material Adverse EffectCompany’s knowledge, are not the subject of any inquiry or investigation by any Governmental Entity or data protection authority regarding any of the foregoing.

Cybersecurity and Data Protection. The (i)(x) Except as disclosed in the Registration Statement, the General Disclosure Package and the Prospectus, (A) (1) the Company has not disclosed or permitted any disclosure of and (2) to the Company’s knowledge, there has been no Personal Data Breach of, in each case of (1) and (2), any Personal Data controlled or Processed by the Company or its Subsidiariessubsidiaries (or of any Personal Data Processed by Processors on behalf of the Company or its subsidiaries; (B) (1) the Company has not permitted access to and (2) to the Company’s knowledge, there has been no security breach, unauthorized access, or other compromise of or relating to, in each case of (1) and (2), any of the Company’s or its subsidiaries’ information technology assets and equipment, computers, computer systems, networks, hardware, software, websitesdata (including the data of their respective customers, applicationsemployees, suppliers, vendors, patients and databases any third party data maintained by or on behalf of them), equipment or technology (collectively, the “IT SystemsSystems and Data”) are reasonably believed by the Company to be adequate in all material respects for, and operate and perform as required in connection with, the operation of the business of (y) the Company and its Subsidiaries as currently conducted andsubsidiaries have not been notified of, to the Company’s knowledge, are free and clear have no knowledge of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants, except as any event or condition that would not individually or in the aggregate reasonably be expected to result in, any security breach, unauthorized access, disclosure or other compromise to their IT Systems and Data or any Personal Data Breach, except as would not, in the case of this clause (i), individually or in the aggregate, have a Material Adverse Effect. The ; (ii)(x) the Company and its Subsidiaries subsidiaries have in place and maintain commercially reasonable technical and organizational measures to protect against the accidental or unlawful destruction, loss, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed, by the Company or its subsidiaries; (y) have otherwise had in place and implemented and maintained commercially reasonable controls, policies, procedures, and technological safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all their IT Systems and data Data reasonably consistent with industry standards and practices, or as required by applicable Data Protection Laws; and (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)z) used in connection with the business of the Company and its Subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except for such failures as would not individually or in the aggregate reasonably be expected to result in a Material Adverse Effect. The Company and its Subsidiaries subsidiaries are presently in compliance with all applicable Data Protection Laws and other laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of Personal Data, IT Systems and Personal Data and to the protection of such Personal Data, IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except for such failures as would not not, in the case of this clause (ii), individually or in the aggregate reasonably be expected to result in aggregate, have a Material Adverse Effect; and (iii) the Company and its subsidiaries have implemented commercially reasonable controls, policies, procedures, technological safeguards and backup and disaster recovery technology reasonably consistent with industry standards and practices or as required by applicable Data Protection Laws, to maintain and protect the integrity, continuous operation, redundancy and security of the IT Systems and Data.