Common use of Data Security and Privacy Clause in Contracts

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14, 2020 has been, in material compliance with all Data Security Requirements; and (ii) since August 14, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14, 2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14January 4, 2020 2021 has been, in material compliance with all Data Security Requirements, except for noncompliance that would have a Company Material Adverse Effect; and (ii) since August 14January 4, 20202021, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the have a Company Group, taken as a wholeMaterial Adverse Effect, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14January 4, 20202021, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with relating to any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14January 4, 20202021, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) isare, and since August 14May 16, 2020 has 2018 have been, in material compliance with all Data Security Requirements; and (ii) since August 14May 16, 20202018, has have taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereofDecember 11, 2020, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14May 16, 20202018, no fines or other penalties have been imposed on or written claims for compensation under applicable laws have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data BreachBreach or otherwise. The Company and each of its Subsidiaries have not since August 14May 16, 20202018, (1) to the Knowledge of the Company, experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14January 1, 2020 has been, in material compliance with all Data Security Requirements; and (ii) since August 14January 1, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14January 1, 2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14January 1, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14, 2020 the IPO Date has been, in material compliance with all Data Security Requirements; and (ii) since August 14, 2020the IPO Date, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements Requirements, to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, Information and in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14, 2020the IPO Date, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14, 2020the IPO Date, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) isare, and since August 14May 16, 2020 has 2018 have been, in material compliance with all Data Security Requirements; and (ii) since August 14May 16, 20202018, has have taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14May 16, 20202018, no fines or other penalties have been imposed on or written claims for compensation under applicable laws have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data BreachBreach or otherwise. The Company and each of its Subsidiaries have not since August 14May 16, 20202018, (1) to the Knowledge of the Company, experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.