Common use of Cybersecurity; Data Protection Clause in Contracts

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted and, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) the Company and its subsidiaries have implemented and maintained controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company To the knowledge of the Company, it and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted subsidiaries, and, to the knowledge of the Company’s knowledge, are as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) the corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conductedtheir businesses, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor are there any incidents under internal review or investigations relating to the same; and (iii) the . The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes applicable to the Company and its subsidiaries and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority having jurisdiction over the Company or its subsidiaries, or internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company Transaction Parties and its subsidiaries’ the subsidiaries of the Parent Guarantor’s information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Transaction Parties and its the subsidiaries of the Parent Guarantor as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) corruptants. The Transaction Parties and the Company and its subsidiaries of the Parent Guarantor have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other personliability, nor any incidents under internal review or investigations relating to the same; . The Transaction Parties and (iii) the Company and its subsidiaries of the Parent Guarantor are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are (i) are, to the knowledge of the Company, adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, and (ii) are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) corruptants, except in each case, as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, procedures and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any material incidents under internal review or investigations relating to the same; and (iii) the . The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except (i) The Company as described in Registration Statement, the Pricing Disclosure Package and the Prospectus or (ii) as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect: (A) the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are adequate for, and operate and perform as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, and are, to the knowledge of the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (iiB) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, procedures and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conducted, and, their businesses; (C) to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses use or disclosure of or accesses access to the same, except for those that have been remedied without material cost or liability or the duty to notify any other personperson or governmental or regulatory authority, nor any and there are no incidents under internal review review, or, to the knowledge of the Company, investigations by governmental or investigations regulatory authorities or other third parties relating to the same; and (iiiD) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or court, arbitrator or governmental or regulatory authority, internal applicable policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company, the Operating Partnership and its subsidiariesthe Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Company, the Operating Partnership and its subsidiaries the Subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) corruptants. The Company, the Company Operating Partnership and its subsidiaries the Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; . The Company, the Operating Partnership and (iii) the Company and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.and

Cybersecurity; Data Protection. Except as otherwise disclosed in each of the Registration Statement, the Time of Sale Information and the Final Prospectus (including any document incorporated by reference therein) and except as would not, individually or in the aggregate, have a Material Adverse Effect, (i) The the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are adequate for, and operate and perform as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted and, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantconducted; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of their businesses, and the Company and its subsidiaries as currently conducted, and, to the knowledge is not aware of the Company, there have been no material any breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company To the knowledge of the MediaAlpha Parties, the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants designed to damage or corrupt the IT Systems; (ii) the Company and its subsidiaries have implemented and currently implement and have maintained and currently maintain commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy operation and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, authority and internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, except as would not, in the case of the foregoing clauses each of clause (i), (ii) and (iii) as would not), reasonably be expected, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect;.

Cybersecurity; Data Protection. Except as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect or as otherwise disclosed in the Registration Statement and the Prospectus, (i) The the Company and each of its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases used to process, store, maintain and operate date, information and functions (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and each of its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) the Company and each of its subsidiaries have implemented and maintained controls, policies, procedures, and safeguards reasonably consistent with industry standards and practices, or as required by applicable regulatory standards, to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conductedtheir businesses, and, (iii) to the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages or unauthorized uses of or accesses to samesuch IT Systems, except for those that (a) have been remedied without material cost or liability or the (b) did not result in a duty to notify any other personregulator, nor any incidents under internal review or investigations relating and (iv) to the same; and (iii) Company’s knowledge, the Company and each of its subsidiaries are presently in material compliance with all applicable laws or laws, statutes and all regulations and any judgments, orders, orders or rules and regulations of any court or court, arbitrator or governmental regulatory authority having lawful jurisdiction over the Company or regulatory authorityany of its subsidiaries, internal policies and any contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse EffectSystems.”

Cybersecurity; Data Protection. In each case except as could not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect: (i) The the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate in all material respects for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted conducted, and, to the Company’s and the Guarantor’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data stored therein (such data including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conducted, and, their businesses; (iii) to the knowledge of the CompanyCompany and the Guarantor, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that can or have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; same and (iiiiv) to the knowledge of the Company and the Guarantor, the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ information technology assets and equipment, computers, systemscomputer systems and assets, networks, hardware, software, websites, applications, databases (including all Personal Data, and databases sensitive, confidential or regulated data, and the data of their respective customers, employees, suppliers, vendors and any third party data maintained by or on behalf of them), equipment or technology (collectively, “IT SystemsSystems and Data”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) the corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) Data used in connection with their businesses. (i) Except as may be included or incorporated by reference in the business of Registration Statement, the General Disclosure Package and the Prospectus, (x) to the Company’s knowledge, the Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no has not had any material breachessecurity breach, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without or other material cost compromise of or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to any of the same; Company’s or its subsidiaries’ IT Systems and Data, and (iiiy) the Company and its subsidiaries have not been notified of, and have no knowledge of any event or condition that would reasonably be expected to result in, any material security breach or other material compromise to their IT Systems and Data; (ii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, except as would not, in the case of the foregoing clauses (i), this clause (ii) and (iii) as would not), individually or in the aggregate, reasonably be expected to have a Material Adverse Effect; and (iii) the Company and its subsidiaries have implemented backup and disaster recovery technology consistent with industry standards and practices.

Cybersecurity; Data Protection. (iA) The There has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, technology, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, Personal Data (defined below) and any such data processed or stored by third parties on behalf of the Company and its subsidiaries) collectively, “IT SystemsSystems and Data”); (B) The IT Systems and Data are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its the subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; and (iiC) the The Company and its subsidiaries have implemented and maintained appropriate controls, policies, procedures, and technical safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data Data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection reasonably consistent with the business of the industry standards and practices or as required by applicable regulatory standards. The Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. In each case, to the knowledge of the Company, (i) The the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate in all material respects for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; corruptants, (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conductedtheir businesses, and, to the knowledge of the Company, (iii) there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and , (iiiiv) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except as described in the Registration Statement, the Time of Sale Information and the Prospectus or could not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, (i) The Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “the Manager’s IT Systems”) Systems are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries Manager as currently conducted and, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantconducted; (ii) the Company and its subsidiaries have Manager has implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are Manager is presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) The Company the Company’s and its subsidiaries’ subsidiaries information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andfree and clear, to the knowledge of the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; corruptants, (ii) the Company and its subsidiaries have implemented and maintained controls, policies, procedures, and safeguards maintain commercially reasonable measures to maintain and protect their material confidential information and the integrity, continuous operation, redundancy availability and security of all the IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conductedtheir business, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; same and (iii) the Company and its subsidiaries are presently in compliance in all material respects with all applicable laws or statutes (including, but not limited to, the Israeli Privacy Protection Regulations, Information, Security, 2017) and all applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company’s information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, applications, and databases (collectively, “IT Systems”) are adequate in capacity and operation for, and operate and perform as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andas described in the Registration Statement, the Pricing Disclosure Package and the Prospectus, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; and (ii) the Company and its subsidiaries have has at all times in the past three (3) years implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the confidentiality, integrity, availability, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data used in its business (“Personal Company Data”), and (iii) used in connection with the business of the Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, there have been no material breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to sameIT Systems and Company Data, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; IT Systems and (iii) the Company and its subsidiaries are Data. The Company is presently and, at all times, has been in compliance with all (i) applicable laws or statutes and all laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority, ; and (ii) internal policies and contractual obligations obligations, each (i) and (ii) relating to the privacy and security of IT Systems and Personal Company Data and to the protection of such IT Systems and Personal Company Data from unauthorized use, access, misappropriation or modification; except, in except to the case of the foregoing clauses (i), (ii) and (iii) as extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. In each case, to the knowledge of the Company, (i) The the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate in all material respects for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; corruptants, (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conductedtheir businesses, and, to the knowledge of the Company, (iii) there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and , except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, (iiiiv) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, free and clear, to the knowledge of the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) the corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards designed to maintain and protect their material trade secrets and confidential information and the integrity, continuous operation, redundancy and security of all material IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, “Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conductedtheir businesses, and, during the last three years, there have been (i) to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person, (ii) nor any incidents under internal review or investigations relating to the same; , except in each case under Sections 3(oo)(i) and (iii3(oo)(ii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of its IT Systems and Personal Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Data and securing a valid legal basis for the foregoing, and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in and the case of the foregoing clauses (i), (ii) Company has implemented backup and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effectdisaster recovery technology consistent with applicable industry standards and practices.

Cybersecurity; Data Protection. (i) The To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (including all data and information (including all personal, personally identifiable, sensitive, confidential or regulated data) of their respective customers, employees, suppliers, vendors and any other third party data collected, maintained, processed or stored by or on behalf of the Company and its subsidiaries) (collectively, “IT SystemsSystems and Data”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards safeguards, including backup and disaster recovery technology, to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) Data used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or outages, unauthorized uses or disclosure of or accesses to, or other compromise of or relating to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any such incidents of which the Company or its subsidiaries have been notified or under internal review or investigations relating to the same; and (iii) to the Company’s knowledge, the Company and its subsidiaries are presently in material compliance with all applicable laws or and statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of their IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company’s information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, applications, and databases (collectively, “IT Systems”) are adequate in capacity and operation for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andas described in the Registration Statement, the Pricing Disclosure Package and the Prospectus, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; and (ii) the Company and its subsidiaries have has at all times in the past three (3) years implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the confidentiality, integrity, availability, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data used in its business (“Personal Company Data”), and (iii) used in connection with the business of the Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, there have been no material breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to sameIT Systems and Company Data, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; IT Systems and (iii) the Company and its subsidiaries are Data. The Company is presently and, at all times, has been in compliance with all (i) applicable laws or statutes and all laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority, ; and (ii) internal policies and contractual obligations obligations, each (i) and (ii) relating to the privacy and security of IT Systems and Personal Company Data and to the protection of such IT Systems and Personal Company Data from unauthorized use, access, misappropriation or modification; except, in except to the case of the foregoing clauses (i), (ii) and (iii) as extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except as described in the Registration Statement, the Pricing Disclosure Package and the Prospectus or could not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, (i) The Company the RP Entities and its their subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company RP Entities and its their subsidiaries as currently conducted and, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantconducted; (ii) the Company RP Entities and its their subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company RP Entities and its their subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards safeguards, including backup and disaster recovery technology, to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or outages, unauthorized uses or disclosure of or accesses to, or other compromise of or relating to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any such incidents of which the Company or its subsidiaries have been notified or under internal review or investigations relating to the same; and (iii) to the Company’s knowledge, the Company and its subsidiaries are presently in material compliance with all applicable laws or and statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of their IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except as described in the Registration Statement, the Pricing Disclosure Package and the Prospectus: (i) The the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, their businesses; (iii) there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iiiiv) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; , except, in the case of the foregoing clauses (i), (iiiii) and (iiiiv) above, as would not, individually or in the aggregate, could not reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except in each case as would not, individually or in the aggregate, have a Material Adverse Effect: (i) The Company the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case . Any certificate signed by an officer of the foregoing clauses (i), (ii) Company and (iii) delivered to the Managers or to counsel for the Underwriters shall be deemed to be a representation and warranty by the Company to each Underwriter as would not, individually or in to the aggregate, reasonably be expected to have a Material Adverse Effectmatters set forth therein.

Cybersecurity; Data Protection. (i) The Company Except as would not, individually or in the aggregate, have a Material Adverse Effect, the Company’s and its subsidiaries’ information technology assets and information technology equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) (i) are adequate in capacity and level of performance for, and operate and perform as required in connection with, the operation of the business businesses of the Company and its subsidiaries as currently conducted andconducted, (ii) in the past five years have not malfunctioned or failed and (iii) to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, back doors, drop dead devices, malware and other corruptant; corruptants, including software or hardware components that are designed to interrupt use of, permit unauthorized access to or disable, damage or erase the IT Systems. Except as would not, individually or in the aggregate, have a Material Adverse Effect, (iii) the Company and its subsidiaries have in the past five years implemented and maintained commercially reasonable controls, policies, procedures, and safeguards consistent with applicable regulatory requirements and customary industry practices for similarly-situated companies to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data and information (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business and information of their respective customers, employees, suppliers, vendors or other third parties collected, used, stored, maintained or otherwise processed by or on behalf of the Company and or any of its subsidiaries as currently conducted(collectively, and“Data”) within their possession or operational control, to the knowledge of the Company, (ii) there have been no material breachesbreaches of the security of, violationsoutages, outages destructions, losses, misappropriations, misuses or unauthorized uses uses, modifications or disclosures of or unauthorized accesses to samesame (each, a “Breach”), except for those that have been remedied without material cost or liability or the duty to notify any other person; and (iii) the Company and its subsidiaries have not been notified of, nor and have no knowledge of, any event or condition that would reasonably be expected to result in any Breach, or any incidents under internal review or investigations relating to the same. Except as would not have a Material Adverse Effect, during the past five years (i) the Company and its subsidiaries have complied and are presently in compliance with all applicable laws and statutes and all rules, regulations, industry standards and statutes, judgments and orders of any applicable court or arbitrator or governmental or regulatory authority, the Company’s and its subsidiaries’ internal and external policies and contractual and other legal obligations, in each case, relating to privacy, data protection or cybersecurity with respect to the use, protection, and security of IT Systems and the collection, use, transfer, import, export, storage, protection, disposal, disclosure, processing, privacy and security of Data (collectively, the “Data Security Obligations”) and to the protection of such IT Systems and Data from a Breach; (ii) neither the Company nor any of its subsidiaries has received any notification of or complaint regarding its, or is aware of any other facts that, individually or in the aggregate, would reasonably indicate its non-compliance with any Data Security Obligation, and there is no action, suit, proceeding or claim by or before any court or governmental or regulatory agency, authority or body pending or, to the Company’s knowledge, threatened alleging non-compliance with any Data Security Obligation by the Company or any of its subsidiaries; and (iii) the Company and its subsidiaries are presently in compliance have implemented reasonable backup and disaster recovery technology consistent with all applicable laws or statutes regulatory standards and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effectcustomary industry practices.

Cybersecurity; Data Protection. Except as would not, individually or in the aggregate, have a Material Adverse Effect, (iA) The Company the IT Systems and its subsidiaries’ information technology assets Data (defined below), have at all times during the past five (5) years, operated and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform performed as required in connection with, is necessary for the operation of the business of the Company and its subsidiaries as currently conducted and, to the knowledge of the Company, as proposed to be conducted as described in the General Disclosure Package and the Final Offering Memorandum, (B) the IT Systems and Data are not, to the knowledge of the Company, infected by viruses, disabling code or other harmful code, (C) there have been, to the knowledge of the Company, after reasonable inquiry, no unauthorized uses of or access to the IT Systems and Data of any of the Company’s knowledgeor its subsidiaries’ information technology and computers, are free computer systems, networks, servers, data communications lines, hardware, software, or databases of Personal Data or confidential information (including the Personal Data or other confidential information of their respective customers, employees, suppliers, vendors and clear any third party data maintained, processed or stored by the Company and its subsidiaries, and any such Personal Data or confidential information processed or stored by third parties on behalf of all material bugsthe Company and its subsidiaries) (collectively, errors“IT Systems and Data”), defects, Trojan horses, time bombs, malware and other corruptant; (iiD) neither the Company nor its subsidiaries have been notified of any security breach or security incident of their IT Systems and Data. The Company and its subsidiaries have at all times in the past five (5) years implemented and maintained reasonable controls, policies, procedures, and technological safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all their IT Systems and data Data reasonably consistent with applicable binding industry standards, or as required by applicable laws. (including all personalxlii) Absence of Integration. Neither the Company nor any of its affiliates (as defined in Rule 501(b) of Regulation D) has, personally identifiabledirectly or through any agent, sensitivesold, confidential offered for sale, solicited offers to buy or regulated data otherwise negotiated in respect of, any security (“Personal Data”)as defined in the 0000 Xxx) used in connection that is or will be integrated with the business sale of the Company and its subsidiaries as currently conducted, and, to the knowledge Securities in a manager that would require registration of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or Securities under the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect1933 Act.

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, and are, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) corruptants. Except as disclosed in the Pricing Disclosure Package, the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conductedtheir businesses, and, to the knowledge of the Company’s knowledge, there have been no material significant breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the . The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect: (i) The the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the Company’s knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company To the knowledge of the MediaAlpha Parties, the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants designed to damage or corrupt the IT Systems; (ii) the Company and its subsidiaries have implemented and currently implement and have maintained and currently maintain commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy operation and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, authority and internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, except as would not, in the case of the foregoing clauses each of clause (i), (ii) and (iii) as would not), reasonably be expected, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company To the knowledge of the MediaAlpha Parties, the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants designed to damage or corrupt the IT Systems; (ii) the Company and its subsidiaries have implemented and currently implement and have maintained and currently maintain commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy operation and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, authority and internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, except as would not, in the case of the foregoing clauses each of clause (i), (ii) and (iii) as would not), reasonably be expected, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company To the knowledge of the MediaAlpha Parties, the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants designed to damage or corrupt the IT Systems; (ii) the Company and its subsidiaries have implemented and currently implement and have maintained and currently maintain commercially reasonable controls, policies, procedures, procedures and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy operation and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, authority and internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, except as would not, in the case of the foregoing clauses each of clause (i), (ii) and (iii) as would not), reasonably be expected, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect;.

Cybersecurity; Data Protection. Other than as disclosed in the Registration Statement, the Pricing Disclosure Package and the Prospectus or as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) The Company and its subsidiaries’ the information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases owned or controlled by the Company and its subsidiaries (collectively, “IT Systems”) are reasonably adequate for, and operate and perform as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted and, to the knowledge of the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; (ii) the Company and its subsidiaries have implemented and maintained and are in the process of updating commercially reasonable controls, policies, procedures, and safeguards designed to maintain and protect the confidentiality of their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data data, as defined under applicable law (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, ’s or its subsidiaries’ possession or control against any breach or unauthorized access or use; (iii) there have been no material breachesbreaches of, violations, outages or unauthorized uses of or accesses access to samePersonal Data or IT Systems or instances of unauthorized access to or use or disclosure of any Personal Data owned or held by the Company or its subsidiaries, except for those that have been remedied without material cost or liability or the duty to notify any other personliability, nor are there any incidents under internal review or investigations relating to the same; and (iiiiv) the Company and its subsidiaries are presently in compliance with all (A) applicable laws or statutes and all laws, statutes, judgments, and orders, any applicable rules and regulations of any court or arbitrator or governmental or regulatory authority, internal and (B) the Company’s and its subsidiaries’ own policies and contractual obligations obligations, in each case of (A)-(B), to the extent relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, and (v) there are no Actions pending against the Company and its subsidiaries in the case relation to any of the foregoing clauses (i) – (iv), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. There has been (i) The Company and no security breach or other compromise of or relating to any of the Company’s or any of its subsidiaries’ information technology assets and equipment, computers, computer systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) and data including all personal, personally identifiable, sensitive, confidential or regulated data and such data of their respective customers, employees, suppliers, vendors and any third party data maintained by or on behalf of them, (collectively, “Data”) and the Company and its subsidiaries have not been notified of, and have no knowledge of any event or condition that would reasonably be expected to result in, any security breach or other compromise to their IT Systems and Data; (ii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards (including backup and disaster recovery technology) to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and Data consistent with industry standards and practices; (iii) the Company’s and its subsidiaries’ IT Systems are adequate for, and operate and perform as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted and, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) the Company and its subsidiaries have implemented and maintained controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iiiiv) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority (including the European Union’s General Data Protection Regulation), internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, except as would not, in the case of the foregoing clauses (i) through (iv), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. Except as would not reasonably be expected to have a Material Adverse Effect, (i1) The the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted conducted, and, to the knowledge of the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; corruptants, (ii2) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with the business of the Company their businesses, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor are there any incidents under internal review or investigations relating to the same; same and (iii3) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (i) The Company and its subsidiaries’ information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted andand as proposed to be conducted as described in the Registration Statement and the Prospectus, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptant; (ii) the corruptants. The Company and its subsidiaries have at all times implemented and maintained all reasonably necessary controls, policies, procedures, and safeguards consistent with industry standards and practices for similarly situated companies to maintain and protect their material confidential information and the integrity, availability, privacy, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data data) (“Personal Company Data”)) used in connection with the business of the Company their business, and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the each case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. There are no privacy or security incidents under internal review or investigations relating to the same that would, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except in each case as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are presently and, at all times, have been in compliance with all (i) applicable laws, statutes, judgments, orders, rules and regulations of any court, arbitrator, governmental or regulatory authority; and (ii) internal policies and contractual obligations, each (i) and (ii) relating to the privacy and security of IT Systems and Company Data.

Cybersecurity; Data Protection. (i) The There has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, technology, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, Personal Data (defined below) and any such data processed or stored by third parties on behalf of the Company and its subsidiaries) collectively, “IT SystemsSystems and Data”); (B) The IT Systems and Data are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its the subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; and (iiC) the The Company and its subsidiaries have implemented and maintained appropriate controls, policies, procedures, and technical safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data Data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Sensitive Data”)) used in connection reasonably consistent with the business of the industry standards and practices or as required by applicable regulatory standards. The Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. (iA) The There has been no actual or suspected security breaches or incidents, unauthorized access or disclosure, or other compromise of or relating to the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, technology, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, Sensitive Data (defined below) and any such data processed or stored by third parties on behalf of the Company and its subsidiaries) collectively, “IT SystemsSystems and Data”); (B) The IT Systems and Data are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its the subsidiaries as currently conducted andconducted, to the Company’s knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantcorruptants; and (iiC) the Company and its subsidiaries have implemented and maintained appropriate controls, policies, procedures, and administrative, technical, and physical safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data Data (including all personal, personally identifiablePersonal Data, sensitive, confidential or regulated data (“Personal Sensitive Data”)) used in connection reasonably consistent with the business of the industry standards and practices or as required by applicable regulatory standards. The Company and its subsidiaries as currently conducted, and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same; and (iii) the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; except, in the case of the foregoing clauses (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.