Common use of Cybersecurity and Data Protection Clause in Contracts

Cybersecurity and Data Protection. (A) There has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company’s or its subsidiaries’ information technology and computer systems, networks, hardware, software, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company or its subsidiaries, and any such data processed or stored by third parties on behalf of the Company or its subsidiaries), equipment or technology (collectively, “IT Systems and Data”), except as would not, individually or in the aggregate, have a Material Adverse Effect; (B) neither the Company nor its subsidiaries have been notified of, or have any knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure of or other compromise to their IT Systems and Data and (C) the Company and its subsidiaries have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable regulatory standards. The Company and its subsidiaries are presently in compliance in all material respects with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Data, including the collection, use, transfer, processing, disposal, disclosure, handling, storage and analysis of personally identifiable information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in their possession (“Sensitive Company Data”), and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of the Sensitive Company Data. The Company and its subsidiaries have not received any notice, claim, complaint, demand or letter from any person in respect of their businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. There has been no unauthorized or illegal use of or access to any Sensitive Company Data by any third party. The Company and its subsidiaries have not been required to notify any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data.

Cybersecurity and Data Protection. Except as would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect, (A) There there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company’s or its subsidiaries’ information technology and computer systems, networks, hardware, software, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company or its subsidiaries, and any such data processed or stored by third parties on behalf of the Company or its subsidiaries), equipment or technology (collectively, “IT Systems and Data”), except as would not, individually or in the aggregate, have a Material Adverse Effect; (B) neither the Company nor its subsidiaries have been notified of, or nor have any knowledge of any event or condition that could would result in, any security breach or incident, unauthorized access or disclosure of or other compromise to their IT Systems and Data and Data; (C) the Company and its subsidiaries have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable regulatory standards. The ; (D) the IT Systems and Data are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated by them and as currently proposed to be operated as described in the Registration Statement and the Prospectus; and (E) the Company and its subsidiaries are presently in compliance in all material respects with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of the IT Systems and Data, including the collection, use, transfer, processing, disposal, disclosure, handling, storage and analysis of personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in their possession (“Sensitive Company Data”), and to the protection of such IT Systems and Data and Sensitive Company Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of the Sensitive Company Data. The Company and its subsidiaries have not received any written notice, claim, complaint, demand or letter from any person or Governmental Entity in respect of their businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. There To the Company’s knowledge, there has been no unauthorized or illegal use of or access to any Sensitive Company Data by any third party. The Company and its subsidiaries have not been required to notify any individual individual, Governmental Entity or data protection authority of any information security breach, compromise or incident involving Sensitive Company DataData and, to the Company’s knowledge, are not the subject of any inquiry or investigation by any Governmental Entity or data protection authority regarding any of the foregoing.

Cybersecurity and Data Protection. (A) There has been no security breach or incidentExcept as disclosed in the Hong Kong Public Offering Documents, unauthorized access or disclosure, or other compromise of or relating to the Company’s or its subsidiariesCompany and the Subsidiaries’ information technology assets and computer equipment, computers, systems, networks, hardware, software, data websites, applications, and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company or its subsidiaries, and any such data processed or stored by third parties on behalf of the Company or its subsidiaries), equipment or technology (collectively, “IT Systems Systems”) are adequate for, and Data”), except operate and perform as would not, individually or required in connection with the aggregate, have a Material Adverse Effect; (B) neither operation of the Company nor its subsidiaries have been notified of, or have any knowledge business of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure of or other compromise to their IT Systems and Data and (C) the Company and its subsidiaries the Subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and the Subsidiaries have implemented appropriate and maintained adequate controls, policies, procedures, and technological safeguards to maintain and protect and their users’ material confidential information and the integrity, continuous operation, redundancy and security of their all IT Systems and Data reasonably consistent data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with industry standards their businesses, and practicesthere have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person. Except as required by applicable regulatory standards. The disclosed in the Hong Kong Public Offering Documents, the Company and its subsidiaries the Subsidiaries are presently in compliance in all material respects with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority (including the PRC Cyber Security Law, the PRC Data Security Law, the PRC Personal Information Protection Law, and the related regulations and rules), internal policies and contractual obligations relating to the privacy and security of IT Systems and Data, including the collection, use, transfer, processing, disposal, disclosure, handling, storage and analysis of personally identifiable information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in their possession (“Sensitive Company Data”), Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Neither the Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of the Sensitive Company Data. The Company and its subsidiaries have not nor any Subsidiaries has received any notice, claim, complaint, demand or letter claim for compensation from any person in respect of their businesses its business under the applicable data security and data protection laws and regulations Laws and industry standards regarding misusein respect of inaccuracy, loss, unauthorized destruction or unauthorized disclosure of data in the previous three years except to the extent any Sensitive such claim would not, individually or in the aggregate, result in a Material Adverse Effect. Neither the Company Datanor any Subsidiaries is subject to any material investigation, inquiry, or sanction relating to cybersecurity or data privacy or any cybersecurity review from the Cyberspace Administration of China (the “CAC”), the China Securities Regulatory Commission (the “CSRC”), or any other relevant Governmental Authority. There Neither the Company nor any Subsidiaries has been no unauthorized or illegal use of or access to any Sensitive Company Data notified by any third partyGovernmental Authority of being classified as a critical information infrastructure operator under the Cybersecurity Review Measures. The Neither the Company and nor any of its subsidiaries have not been required Subsidiaries has received any objection to notify this Offering or the transactions contemplated under this Agreement from the CSRC, the CAC or any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Dataother relevant PRC Governmental Authority.

Cybersecurity and Data Protection. (Ai) There (x) To the Company’s knowledge, there has been no material security breach or incident, unauthorized access or disclosure, or other material compromise of or relating to any of the Company’s or its subsidiaries’ information technology and computer systems, networks, hardware, software, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third third-party data maintained, processed maintained by or stored by the Company or its subsidiaries, and any such data processed or stored by third parties on behalf of the Company or its subsidiariesthem), equipment or technology (collectively, “IT Systems and Data”), except as would not, individually or in the aggregate, have a Material Adverse Effect; ) and (By) neither the Company nor its subsidiaries have has not been notified of, or have any and has no knowledge of any event or condition that could would reasonably be expected to result in, any material security breach or incident, unauthorized access or disclosure of or other material compromise to their IT Systems and Data and Data; (Cii) the Company and its subsidiaries have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable regulatory standards. The Company and its subsidiaries are is presently in compliance in all material respects with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Data, including the collection, use, transfer, processing, disposal, disclosure, handling, storage and analysis of personally identifiable information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in their possession (“Sensitive Company Data”), Data and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification, and (iii) the Company has implemented backup and disaster recovery technology consistent with industry standards and practices; except as would not, in the case of clause (ii) and (iii) hereof, individually or in the aggregate, result in a Material Adverse Effect. The Company has adopted and maintains data privacy and security policies designed to comply with all applicable laws, and each of the Company and the Subsidiaries has at all times complied with all applicable policies and third-party obligations (imposed by applicable laws, regulations or contracts) regarding the collection, use, transfer, storage, protection, disposal and disclosure by the Company and the Subsidiaries of personally identifiable information and data and any other information and data collected from or provided by third parties as well as data that may constitute trade secrets and working secrets of any Governmental Authority or would otherwise be detrimental to national security or public interest pursuant to the applicable laws in all material respects. The Company and its subsidiaries the Subsidiaries have taken all commercially reasonable steps necessary to maintain protect the confidentiality information technology systems and data used in connection with the operation of the Sensitive Company Data. The Company and its subsidiaries have not received any notice, claim, complaint, demand or letter from any person in respect of their businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Datathe Subsidiaries and/or the offering. There has been no unauthorized material security breach or illegal use attack or other compromise of or access relating to any Sensitive such information technology systems or data, and, no material action, suit or proceeding (including, without limitation, governmental investigations or inquiries) by or before any Governmental Authority involving the Company Data by or any third partyof the Subsidiaries with respect to applicable cybersecurity, data privacy and security and confidentiality or archive administration laws is pending or threatened. The Company and its subsidiaries have has not been required informed by any Governmental Authority that the Company must file for a cybersecurity review under the Cybersecurity Review Measures of the Cyberspace Administration of China, which came into effect on February 25, 2022. The Company will use reasonable best efforts to notify fully cooperate once being informed by any individual or data protection authority Governmental Authority of any such cybersecurity review and report to the Cybersecurity Review Office once relevant network products and services provided by the Company may affect national security and is required by applicable Laws to make such report. The Company has not been designated as a “critical information security breach, compromise infrastructure” operator by the Cyberspace Administration of China or incident involving Sensitive Company Dataany other Governmental Authority.

Cybersecurity and Data Protection. Except as would not, singly or in the aggregate, have or reasonably be expected to have a Material Adverse Effect: (A) There there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company’s or its subsidiaries’ information technology and computer systems, networks, hardware, software, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company or its subsidiaries, and any such data processed or stored by third parties on behalf of the Company or its subsidiaries), equipment or technology (collectively, “IT Systems and Data”), except as would not, individually or in the aggregate, have a Material Adverse Effect; (B) neither the Company nor its subsidiaries have been notified of, or nor have any knowledge of any event or condition that could would result in, any security breach or incident, unauthorized access or disclosure of or other compromise to their IT Systems and Data and Data; (C) the Company and its subsidiaries have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable regulatory standards. The ; and (D) the Company and its subsidiaries are presently in compliance in all material respects with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Data, including the collection, use, transfer, processing, disposal, disclosure, handling, storage and analysis of personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in their possession (“Sensitive Company Data”), and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of the Sensitive Company Data. The Company and its subsidiaries have not received any written notice, claim, complaint, demand or letter from any person in respect of their businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. There has been no unauthorized or illegal use of or access to any Sensitive Company Data by any third party. The Company and its subsidiaries have not been required to notify any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data.