Common use of INFORMATION SECURITY / DATA PRIVACY Clause in Contracts

INFORMATION SECURITY / DATA PRIVACY. (a) The Target Company and the Transferred Subsidiary have established a commercially reasonable Information Security Program that is appropriate to the nature of the Personal Data Processed by the Target Company or the Transferred Subsidiary, and that is appropriately implemented and maintained, and, since the Applicable Date, there have been no material violations of the Information Security Program. The Target Company and the Transferred Subsidiary have assessed and tested their Information Security Program in a manner that is commercially reasonable, and have remediated all critical, high and medium risks and vulnerabilities that were identified as part of such assessments. The Information Security Program is compliant with Privacy Requirements in all material respects. The Company IT Systems are in good working condition, do not contain any material Malicious Code or defect, and operate and perform as necessary to conduct the Target Business. All Company Data will continue to be available for Processing by the Target Company and the Transferred Subsidiary following the Closing on substantially the same terms and conditions as existed immediately before the Closing. (b) The Target Company and the Transferred Subsidiary comply and have complied since the Applicable Date with Company Privacy Policies and the Privacy Requirements in all material respects. To the extent required by Privacy Requirements or Company Privacy Policies. (i) Personal Data is Processed by the Target Company or the Transferred Subsidiary in an encrypted manner, and (ii) Personal Data is securely deleted or destroyed by the Target Company or the Transferred Subsidiary. The Target Company and the Transferred Subsidiary have not sold (as defined by the California Consumer Privacy Act of 2018), and do not sell, any Personal Data to any third parties. Neither the execution, delivery nor performance of this Agreement or any other Transaction Document, nor the consummation of any of the transactions contemplated hereby or thereby, violate any Privacy Requirements or Company Privacy Policies, except for as would not reasonably be expected to be material to the Target Company or the Transferred Subsidiary. Where the Target Company or the Transferred Subsidiary uses a Data Processor to Process Personal Data, the Data Processor has provided guarantees, warranties or covenants to Process such Personal Data in accordance with confidentiality and security measures sufficient for the Target Company’s and the Transferred Subsidiary’s compliance with Privacy Requirements in all material respects. (c) Neither the Target Company, the Transferred Subsidiary nor, to the Target Company’s Knowledge, any of their Data Processors, have, since the Applicable Date, suffered a Security Incident, been required to notify any Person or Government Authority of any Security Incident or been materially adversely affected by any Malicious Code, ransomware or malware attacks, or by any denial-of-service attacks on any Company IT Systems. Since the Applicable Date, neither the Target Company nor the Transferred Subsidiary, nor any third-party acting at the direction or authorization of the Target Company or the Transferred Subsidiary, has paid any perpetrator of any actual or threatened Security Incident or cyber-attack, including ransomware attack or denial-of-service attack. Neither the Target Company nor the Transferred Subsidiary has received a written notice (including any enforcement notice), letter, or complaint from a Government Authority or any Person alleging noncompliance or potential noncompliance with any Privacy Requirements or Company Privacy Policies and has not been subject to any Action relating to noncompliance or potential noncompliance with Privacy Requirements or the Target Company’s or the Transferred Subsidiary’s Processing of Personal Data. Neither the Target Company nor the Transferred Subsidiary is in breach or default of any Contracts relating to the Company IT Systems or to Company Data in a manner that has resulted in or is reasonably likely to result in material liability to the Target Company and the Transferred Subsidiary, as a whole. Neither the Target Company nor the Transferred Subsidiary transfers Personal Data internationally, except where such transfers comply with Privacy Requirements and Company Privacy Policies.

INFORMATION SECURITY / DATA PRIVACY. (a) The Target Company Since the Applicable Date, Parent and the Transferred Subsidiary Subsidiaries have established a commercially reasonable established, implemented and maintained an Information Security Program that is appropriate to the nature of the Personal Data Processed by the Target Company Parent or the Transferred Subsidiary, and that is appropriately implemented and maintainedSubsidiaries, and, since the Applicable Date, there have been no material violations of the Information Security Program. The Target Company has included assessment and the Transferred Subsidiary have assessed and tested their Information Security Program in a manner that is commercially reasonabletesting, and have remediated remediation of all critical, high and medium material risks and vulnerabilities that were identified as part of by such assessmentsassessments and/or tests. The Information Security Program is compliant with Privacy Requirements in all material respects. The Company Parent IT Systems (including the Business Software) are in good working condition, do not contain any material known Malicious Code or significant defect, and in all material respects operate and perform as necessary to for the conduct the Target Business. All Company Data will continue to be available for Processing by the Target Company of Parent’s and the Transferred Subsidiary following the Closing on substantially the same terms and conditions as existed immediately before the ClosingSubsidiaries’ business. (b) The Target Company and the Transferred Subsidiary comply and have complied since the Applicable Date with Company Privacy Policies and the Privacy Requirements in all material respects. To the extent required by Privacy Requirements or Company Privacy Policies. (i) Personal Data is Processed by the Target Company or the Transferred Subsidiary in an encrypted manner, and (ii) Personal Data is securely deleted or destroyed by the Target Company or the Transferred Subsidiary. The Target Company and the Transferred Subsidiary have not sold (as defined by the California Consumer Privacy Act of 2018), and do not sell, any Personal Data to any third parties. Neither the execution, delivery nor performance of this Agreement or any other Transaction Document, nor the consummation of any of the transactions contemplated hereby or thereby, Document violate any Privacy Requirements or Company Privacy PoliciesRequirement, except for as would not be reasonably be expected to be material to the Target Company any Parent or the Transferred Subsidiary. Where the Target Company or Subsidiaries. (c) Parent and the Transferred Subsidiary uses a Data Processor to Process Personal Data, Subsidiaries comply and have since the Data Processor has provided guarantees, warranties or covenants to Process such Applicable Date processed Personal Data in accordance with confidentiality and security measures sufficient for the Target Company’s and the Transferred Subsidiary’s compliance with all Privacy Requirements in all material respects, including with respect to any contracts, terms of service, or similar agreements, Parent or Transferred Subsidiaries have in place with processor or service providers (as those and similar terms are defined in the Privacy Requirements). To the extent required by Privacy Requirements, and to the Knowledge of Seller, Personal Data is securely deleted or destroyed. Parent and Transferred Subsidiaries do not sell, and have not sold (as defined in the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations, or, in reference to any Privacy Requirement, in a comparable definition embodied in that particular Privacy Requirement with comparable exceptions) any Personal Data. Any International Transfers by Parent or any of the Transferred Subsidiaries in all material aspects comply with Privacy Requirements. (cd) Neither the Target Company, the Transferred Subsidiary norExcept as set forth in Section 6.14(d)(i) of Seller’s Disclosure Letter, to the Target Company’s KnowledgeKnowledge of Seller, any none of Parent or the Transferred Subsidiaries or third parties processing Personal Data on their Data Processors, behalf have, since the Applicable Date, suffered a Security Incident. Except as set forth in Section 6.14(d)(ii) of Seller’s Disclosure Letter, been required to notify any Person or Government Authority none of any Security Incident or been materially adversely affected by any Malicious Code, ransomware or malware attacks, or by any denial-of-service attacks on any Company IT Systems. Since the Applicable Date, neither the Target Company nor the Transferred Subsidiary, nor any third-party acting at the direction or authorization of the Target Company Parent or the Transferred Subsidiary, has paid any perpetrator of any actual or threatened Security Incident or cyber-attack, including ransomware attack or denial-of-service attack. Neither the Target Company nor the Transferred Subsidiary Subsidiaries has received a written notice (including any enforcement notice), letter, or complaint from a Government Authority or any Person alleging noncompliance or potential noncompliance with any Privacy Requirements or Company Privacy Policies and has not been subject to any Action relating to noncompliance or potential noncompliance with Privacy Requirements or the Target CompanyParent’s or the any Transferred Subsidiary’s Subsidiaries’ Processing of Personal Data. Neither the Target Company nor the Transferred Subsidiary is in breach or default of any Contracts relating to the Company IT Systems or to Company Data in a manner that has resulted in or is reasonably likely to result in material liability to the Target Company and the Transferred Subsidiary, as a whole. Neither the Target Company nor the Transferred Subsidiary transfers Personal Data internationally, except where such transfers comply with Privacy Requirements and Company Privacy Policies.

INFORMATION SECURITY / DATA PRIVACY. (a) The Target Company Since the Applicable Date, Parent and the Transferred Subsidiary Subsidiaries have established a commercially reasonable established, implemented and maintained an Information Security Program that is appropriate to the nature of the Personal Data Processed by the Target Company Parent or the Transferred SubsidiarySubsidiaries and, has included assessment and testing, and that is appropriately implemented and maintained, and, since the Applicable Date, there have been no remediation of all material violations of the Information Security Program. The Target Company and the Transferred Subsidiary have assessed and tested their Information Security Program in a manner that is commercially reasonable, and have remediated all critical, high and medium risks and vulnerabilities that were identified as part of by such assessmentsassessments and/or tests. The Information Security Program is compliant with Privacy Requirements in all material respects. The Company Parent IT Systems (including the Business Software) are in good working condition, do not contain any material known Malicious Code or significant defect, and in all material respects operate and perform as necessary to for the conduct the Target Business. All Company Data will continue to be available for Processing by the Target Company of Parent’s and the Transferred Subsidiary following the Closing on substantially the same terms and conditions as existed immediately before the ClosingSubsidiaries’ business. (b) The Target Company and the Transferred Subsidiary comply and have complied since the Applicable Date with Company Privacy Policies and the Privacy Requirements in all material respects. To the extent required by Privacy Requirements or Company Privacy Policies. (i) Personal Data is Processed by the Target Company or the Transferred Subsidiary in an encrypted manner, and (ii) Personal Data is securely deleted or destroyed by the Target Company or the Transferred Subsidiary. The Target Company and the Transferred Subsidiary have not sold (as defined by the California Consumer Privacy Act of 2018), and do not sell, any Personal Data to any third parties. Neither the execution, delivery nor performance of this Agreement or any other Transaction Document, nor the consummation of any of the transactions contemplated hereby or thereby, Document violate any Privacy Requirements or Company Privacy PoliciesRequirement, except for as would not be reasonably be expected to be material to the Target Company any Parent or the Transferred Subsidiary. Where the Target Company or Subsidiaries. (c) Parent and the Transferred Subsidiary uses a Data Processor to Process Personal Data, Subsidiaries comply and have since the Data Processor has provided guarantees, warranties or covenants to Process such Applicable Date processed Personal Data in accordance with confidentiality and security measures sufficient for the Target Company’s and the Transferred Subsidiary’s compliance with all Privacy Requirements in all material respects, including with respect to any contracts, terms of service, or similar agreements, Parent or Transferred Subsidiaries have in place with processor or service providers (as those and similar terms are defined in the Privacy Requirements). To the extent required by Privacy Requirements, Personal Data is securely deleted or destroyed. Parent and Transferred Subsidiaries do not sell, and have not sold (as defined in the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations, or, in reference to any Privacy Requirement, in a comparable definition embodied in that particular Privacy Requirement with comparable exceptions) any Personal Data. Any International Transfers by Parent or any of the Transferred Subsidiaries in all material aspects comply with Privacy Requirements. (cd) Neither the Target CompanyExcept as set forth in Section 6.14(d)(i) of Sellers’ Disclosure Letter, none of Parent or the Transferred Subsidiary nor, to the Target Company’s Knowledge, any of Subsidiaries or third parties processing Personal Data on their Data Processors, behalf have, since the Applicable Date, suffered a Security Incident. Except as set forth in Section 6.14(d)(ii) Sellers’ Disclosure Letter, been required to notify any Person or Government Authority none of any Security Incident or been materially adversely affected by any Malicious Code, ransomware or malware attacks, or by any denial-of-service attacks on any Company IT Systems. Since the Applicable Date, neither the Target Company nor the Transferred Subsidiary, nor any third-party acting at the direction or authorization of the Target Company Parent or the Transferred Subsidiary, has paid any perpetrator of any actual or threatened Security Incident or cyber-attack, including ransomware attack or denial-of-service attack. Neither the Target Company nor the Transferred Subsidiary Subsidiaries has received a written notice (including any enforcement notice), letter, or complaint from a Government Authority or any Person alleging noncompliance or potential noncompliance with any Privacy Requirements or Company Privacy Policies and has not been subject to any Action relating to noncompliance or potential noncompliance with Privacy Requirements or the Target CompanyParent’s or the any Transferred Subsidiary’s Subsidiaries’ Processing of Personal Data. Neither the Target Company nor the Transferred Subsidiary is in breach or default of any Contracts relating to the Company IT Systems or to Company Data in a manner that has resulted in or is reasonably likely to result in material liability to the Target Company and the Transferred Subsidiary, as a whole. Neither the Target Company nor the Transferred Subsidiary transfers Personal Data internationally, except where such transfers comply with Privacy Requirements and Company Privacy Policies.

INFORMATION SECURITY / DATA PRIVACY. (a) The Target Company Since the Applicable Date, Parent and the Transferred Subsidiary Subsidiaries have established a commercially reasonable established, implemented and maintained an Information Security Program that is appropriate to the nature of the Personal Data Processed by the Target Company Parent or the Transferred Subsidiary, and that is appropriately implemented and maintainedSubsidiaries, and, since the Applicable Date, there have been no material violations of the Information Security Program. The Target Company has included assessment and the Transferred Subsidiary have assessed and tested their Information Security Program in a manner that is commercially reasonabletesting, and have remediated remediation of all critical, high and medium material risks and vulnerabilities that were identified as part of by such assessmentsassessments and/or tests. The Information Security Program is compliant with Privacy Requirements in all material respects. The Company Parent IT Systems (including the Business Software) are in good working condition, do not contain any material known Malicious Code or significant defect, and in all material respects operate and perform as necessary to for the conduct the Target Business. All Company Data will continue to be available for Processing by the Target Company of Parent’s and the Transferred Subsidiary following the Closing on substantially the same terms and conditions as existed immediately before the ClosingSubsidiaries’ business. (b) The Target Company and the Transferred Subsidiary comply and have complied since the Applicable Date with Company Privacy Policies and the Privacy Requirements in all material respects. To the extent required by Privacy Requirements or Company Privacy Policies. (i) Personal Data is Processed by the Target Company or the Transferred Subsidiary in an encrypted manner, and (ii) Personal Data is securely deleted or destroyed by the Target Company or the Transferred Subsidiary. The Target Company and the Transferred Subsidiary have not sold (as defined by the California Consumer Privacy Act of 2018), and do not sell, any Personal Data to any third parties. Neither the execution, delivery nor performance of this Agreement or any other Transaction Document, nor the consummation of any of the transactions contemplated hereby or thereby, Document violate any Privacy Requirements or Company Privacy PoliciesRequirement, except for as would not be reasonably be expected to be material to the Target Company any Parent or the Transferred Subsidiary. Where the Target Company or Subsidiaries. (c) Parent and the Transferred Subsidiary uses a Data Processor to Process Personal Data, Subsidiaries comply and have since the Data Processor has provided guarantees, warranties or covenants to Process such Applicable Date processed Personal Data in accordance with confidentiality and security measures sufficient for the Target Company’s and the Transferred Subsidiary’s compliance with all Privacy Requirements in all material respects, including with respect to any contracts, terms of service, or similar agreements, Parent or Transferred Subsidiaries have in place with processor or service providers (as those and similar terms are defined in the Privacy Requirements). To the extent required by Privacy Requirements, and to the Knowledge of Seller, Personal Data is securely deleted or destroyed. Parent and Transferred Subsidiaries do not sell, and have not sold (as defined in the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations, or, in reference to any Privacy Requirement, in a comparable definition embodied in that particular Privacy Requirement with comparable exceptions) any Personal Data. Any International Transfers by Parent or any of the Transferred Subsidiaries in all material aspects comply with Privacy Requirements. (cd) Neither the Target Company, the Transferred Subsidiary norExcept as set forth in Section 6.14(d)(i) of ▇▇▇▇▇▇’s Disclosure Letter, to the Target Company’s KnowledgeKnowledge of Seller, any none of Parent or the Transferred Subsidiaries or third parties processing Personal Data on their Data Processors, behalf have, since the Applicable Date, suffered a Security Incident. Except as set forth in Section 6.14(d)(ii) of Tether’s Disclosure Letter, been required to notify any Person or Government Authority none of any Security Incident or been materially adversely affected by any Malicious Code, ransomware or malware attacks, or by any denial-of-service attacks on any Company IT Systems. Since the Applicable Date, neither the Target Company nor the Transferred Subsidiary, nor any third-party acting at the direction or authorization of the Target Company Parent or the Transferred Subsidiary, has paid any perpetrator of any actual or threatened Security Incident or cyber-attack, including ransomware attack or denial-of-service attack. Neither the Target Company nor the Transferred Subsidiary Subsidiaries has received a written notice (including any enforcement notice), letter, or complaint from a Government Authority or any Person alleging noncompliance or potential noncompliance with any Privacy Requirements or Company Privacy Policies and has not been subject to any Action relating to noncompliance or potential noncompliance with Privacy Requirements or the Target CompanyParent’s or the any Transferred Subsidiary’s Subsidiaries’ Processing of Personal Data. Neither the Target Company nor the Transferred Subsidiary is in breach or default of any Contracts relating to the Company IT Systems or to Company Data in a manner that has resulted in or is reasonably likely to result in material liability to the Target Company and the Transferred Subsidiary, as a whole. Neither the Target Company nor the Transferred Subsidiary transfers Personal Data internationally, except where such transfers comply with Privacy Requirements and Company Privacy Policies.