Common use of Data Security; Privacy Clause in Contracts

Data Security; Privacy. (a) Except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Material Adverse Effect: (i) Company and each of its Subsidiaries are in compliance, and have since January 1, 2023 complied, with all applicable Data Privacy Laws; (ii) neither Company nor any of its Subsidiaries has, since January 1, 2023, received any written notice from any applicable Governmental Authority alleging any violation of applicable Data Privacy Laws by Company, any of its Subsidiaries or, to the knowledge of Company, any third-party service providers, outsourcers, processors or other third parties who process, store or otherwise handle Personal Data for or on behalf of Company or any of its Subsidiaries (“Company Data Processors”), nor has Company or any of its Subsidiaries been threatened in writing to be charged with any such violation by any Governmental Authority; (iii) Company and each of its Subsidiaries have, since January 1, 2023, taken commercially reasonable steps (including, as appropriate, implementing reasonable technical, physical or administrative safeguards) designed to protect Personal Data in their possession or under their control against loss and unauthorized access, use, modification or disclosure, and, to the knowledge of Company, since January 1, 2023, there has been no incident of the same, or of the same with respect to any Personal Data maintained or otherwise processed for or on behalf of Company or its Subsidiaries; (iv) Company and each of its Subsidiaries have, since January 1, 2023, taken commercially reasonable steps with respect to Company Data Processors to obligate such persons to comply in all material respects with applicable Data Privacy Laws and to take reasonable steps to protect and secure Personal Data from loss or unauthorized use, access, modification or disclosure; and (v) the execution, delivery and performance of this Agreement complies with all applicable Data Privacy Laws and Company’s and each of its Subsidiaries’ applicable published policies, statements, and notices relating to privacy, data protection or information security regarding Personal Data. (b) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) to the Knowledge of the Company and its Subsidiaries, since January 1, 2023, there has been no security breach or incident, unauthorized access or disclosure, or other compromise of the Company’s and its Subsidiaries’ information technology and computer systems, networks, equipment, hardware, software, data and databases, including all personally identifiable information and sensitive and confidential data maintained, processed or stored by the Company and its Subsidiaries (collectively, “IT Systems and Data”), and any such personally identifiable information and sensitive and confidential data of the Company and its Subsidiaries that is processed or stored by third parties on behalf of the Company and its Subsidiaries, except for those that have been remedied; and (ii) the Company and its Subsidiaries have implemented and maintain controls, policies, procedures, and technological safeguards designed to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards, or as required by applicable laws or statutes.