Common use of Information Technology; Data Security Clause in Contracts

Information Technology; Data Security. (a) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect: (i) the Company and each of its Subsidiaries have taken technical and organizational measures necessary to protect the Information Technology Systems and Data contained therein or transmitted thereby in connection with the operation of the Company’s and its Subsidiaries’ businesses; (ii) without limiting the foregoing, the Company and its Subsidiaries have used commercially reasonable efforts to establish and maintain, and have established, maintained, implemented and complied with commercially reasonable information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical safeguards and business continuity, disaster recovery and security plans that are designed to protect against and prevent breach, destruction, loss, unauthorized distribution, use, processing, access, disablement, misappropriation or modification, or other compromise or misuse of or relating to any Information Technology Systems or Data in the possession or control of the Company’s and its Subsidiaries’ businesses (“Breach”); and (iii) to the Knowledge of the Company, there has been no Breach, and the Company and the Subsidiaries have not been notified of, and have no knowledge of any event or condition that would reasonably be expected to result in, any Breach. (b) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) the Company and each of its Subsidiaries have complied, and are presently in compliance with, internal and external privacy policies, contractual obligations, binding industry standards, applicable Laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other legal obligations, in each case, relating to data privacy, data security, or Breach notification requirements or the collection, use, processing, transfer, import, export, storage, protection, disposal and disclosure by the Company or any of its Subsidiaries of personal, personally identifiable data or equivalent term (“Data Security Obligations”, and such data, “Data”); and (ii) the Company has not received any written notification of or complaint regarding material non-compliance with any Data Security Obligations; and (iii) there is currently no action, lawsuit or proceeding by or before any court or governmental agency, authority or body alleging the Company’s or any of its Subsidiaries’ material non-compliance with any Data Security Obligation.

Information Technology; Data Security. (a) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect: , to the Company’s knowledge, (i) the Company and its Subsidiaries’ information technology assets operate and perform in all material respects as required in connection with the operation of the business of the Company and its Subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants; (ii) to the Company’s knowledge, the Company and each of its Subsidiaries have in the past three years complied and are presently in compliance in all material respects with all internal and external privacy policies, contractual obligations, binding industry standards and applicable Laws, in each case, relating to the collection, use, transfer, storage, protection, disposal and disclosure by the Company or any of its Subsidiaries of personal, personally identifiable, or sensitive data (“Data Security Obligations”, and such data, “Data”); (iii) to the Company’s knowledge, the Company has not in the past three years received any written notification of or written complaint regarding and is unaware of any other facts that, individually or in the aggregate, would reasonably indicate material non-compliance with any Data Security Obligations; and (iv) there is currently no action, suit or proceeding by or before any court or governmental authority pending or, to the Company’s knowledge, against the Company or any of its Subsidiaries alleging non-compliance with any Data Security Obligation. Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) the Company and each of its Subsidiaries have taken technical and organizational measures necessary in place designed to protect the Information Technology Systems information technology systems and Data contained therein or transmitted thereby controlled and used in connection with the operation of the Company’s and its Subsidiaries’ businesses; (ii) without limiting the foregoing, the Company and its Subsidiaries have used commercially reasonable efforts to establish and maintain, and have established, maintained, implemented and complied with with, commercially reasonable information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical safeguards and business continuity, disaster recovery and security plans that are designed to protect against and prevent breach, destruction, loss, material security incidents such as breach and any unauthorized distribution, use, processing, access, disablement, misappropriation or modification, use or other compromise or misuse processing of or relating to any Information Technology Systems information technology system or Data controlled and used in connection with the possession or control operations of the Company’s and its Subsidiaries’ businesses (“Breach”)) in the past three years; and (iii) to the Knowledge of the Company’s knowledge, there has been no such Breach, and the Company and the its Subsidiaries have not been notified of, of and have no knowledge of any event or condition that would reasonably be expected to result in, in any such Breach. (b) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) the Company and each of its Subsidiaries have complied, and are presently in compliance with, internal and external privacy policies, contractual obligations, binding industry standards, applicable Laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other legal obligations, in each case, relating to data privacy, data security, or Breach notification requirements or the collection, use, processing, transfer, import, export, storage, protection, disposal and disclosure by the Company or any of its Subsidiaries of personal, personally identifiable data or equivalent term (“Data Security Obligations”, and such data, “Data”); and (ii) the Company has not received any written notification of or complaint regarding material non-compliance with any Data Security Obligations; and (iii) there is currently no action, lawsuit or proceeding by or before any court or governmental agency, authority or body alleging the Company’s or any of its Subsidiaries’ material non-compliance with any Data Security Obligation.