Common use of Privacy and Data Protection Clause in Contracts

Privacy and Data Protection. The Company and its subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiaries. The Company and its subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or any of its subsidiariesSubsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects complied with all United States federal, state, local and non-United States privacyprivacy (including, but not limited to, the General Data Protection Regulation (EU) 2016/679, “GDPR”), data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data, except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect. The In each case except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with (1) internal policies and procedures designed to appropriately ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with (2) internal policies and procedures designed to appropriately ensure compliance with the Health Care Laws that govern privacy and data security and take, and have the Company has taken reasonably appropriate steps designed to assure ensure compliance in all material respects with such internal policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable appropriate steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the French Disclosure Document, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material result in a Material Adverse Effect; and to the Company or any of its subsidiaries; and Company’s knowledge there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to ensure protect the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to ensure promote compliance with the Health Care Laws laws and regulations that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure attain compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and information identifiable to a consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company DataData (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries), except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries have has operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data, including, HIPAA, HITECH, the FTC Act, the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and all applicable national laws implementing or supplementing the GDPR and all related national laws, regulations and secondary legislation. The Company and its subsidiaries have has been and are is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have has been and are is in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have has taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, personal data, consumer information and other confidential information of the Company, its subsidiaries Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have has used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesCompany. The Company and its subsidiaries have has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company DataData and have not been notified of and have no knowledge of any event or condition that would reasonably be expected to result in any security breaches, compromises or incidents, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries have has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and has operated its subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have has been and are is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have has been and are is in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have has taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have has used reasonable efforts to establish, and have has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesCompany. The Company and its subsidiaries have has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries have has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal datadata except where any noncompliance would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its subsidiaries have been and are in compliance in all material respects with internal their respective published privacy policies and with their internal security procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; business except where any noncompliance would not reasonably be expected to, singly or in the Company and its subsidiaries have been and are aggregate, result in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and proceduresa Material Adverse Effect. The Company and its subsidiaries have taken reasonable steps to maintain the confidentiality of its the personally identifiable information, protected health information, consumer information and other confidential information that they process in connection with their operation of the Company, its subsidiaries and any third parties in its possession business (“Sensitive Company Data”). The To the knowledge of the Company, the tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiaries. The To the knowledge of the Company, neither the Company and nor its subsidiaries have not has suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The For the past three years, to the knowledge of the Company, the Company and its subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Except as would not, individually or in the aggregate, have a Material Adverse Effect, (i) the Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The , (ii) the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its businessSensitive Company Data; (iii) the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance by the Company and its Subsidiaries with the applicable Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The ; and (iv) the Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, personally identifiable consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries and in their possession or otherwise in their operational control (the “Company IT Assets”) are adequate with respect to capacity and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and Subsidiaries as currently proposed to be conducted operated as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus, except in each case as would not, singly or in the aggregate, be expected to be material to the Company and its Subsidiaries, taken as a whole. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respectsbusiness, including, without limitation, for the Company IT Assets and data held Sensitive Company Data, except in each case as would not, singly or used by or for in the aggregate, be expected to be material to the Company and its subsidiariesSubsidiaries, taken as a whole. The To the knowledge of the Company, the Company and its subsidiaries Subsidiaries have not (i) suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries (ii) have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data. Any certificate signed by an officer of the Company and delivered to the Agent or to counsel for the Agent pursuant to or in connection with this Agreement shall be deemed to be a representation and warranty by the Company, as applicable, to the Agent as to the matters set forth therein.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not not, to the Company’s knowledge, suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material result in a Material Adverse Effect; and to the Company or any of its subsidiaries; and Company’s knowledge, there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries have has operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have has been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have has been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have has taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have has used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesCompany. The Company and its subsidiaries have has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its their respective business; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the their respective business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and each of its subsidiaries have operated their business respective businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s Company and its subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of its their respective personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in the possession of the Company or any of its possession subsidiaries (“Sensitive Company Data”). Neither the Company nor any of its subsidiaries has received any notice, claim, complaint, demand or letter from any person in respect of their respective businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Pricing Disclosure Package and the ProspectusProspectus Supplement. The Company and its subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and or any of its subsidiaries. The Neither the Company and nor any of its subsidiaries have not has suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or nor has there been any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such breaches, compromises, incidents or unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Neither the Company and nor any of its subsidiaries have not has been required to notify any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and each of its subsidiaries have operated their business respective businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s Company and its subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of its their respective personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in the possession of the Company or any of its possession subsidiaries (“Sensitive Company Data”). Neither the Company nor any of its subsidiaries has received any notice, claim, complaint, demand or letter from any person in respect of their respective businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus. The Company and its subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and or any of its subsidiaries. The Neither the Company and nor any of its subsidiaries have not has suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or nor has there been any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such breaches, compromises, incidents or unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Neither the Company and nor any of its subsidiaries have not has been required to notify any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries, and the Company and its Subsidiaries have been and are in compliance with internal policies and procedures reasonably designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken, reasonably appropriate steps designed to assure compliance with such policies and procedures. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party; in each case, except where such breaches, compromises, incidents, use or access, would not, individually or in the aggregate, be material to the Company or any of its Subsidiaries. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data. The Company is presently in material compliance with all applicable laws and contractual obligations relating to the privacy and security of the Company IT Assets and Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects complied with all United States federal, state, local and non-United States privacyprivacy (including, but not limited to, the General Data Protection Regulation (EU) 2016/679, “GDPR”), data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data, except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect. The In each case except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with (1) internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with (2) internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have the Company has taken reasonably appropriate steps designed to assure compliance in all material respects with such internal policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Package, the Prospectus and the French Listing Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material result in a Material Adverse Effect; and to the Company or any of its subsidiaries; and Company’s knowledge there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries the Subsidiary have operated their business in a manner compliant in all material respects with all United States federal, state, state and local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries the Subsidiary have been and are in compliance in all material respects with internal policies and procedures designed to ensure protect the integrity and security of the data collected, handled or stored in connection with its their business; the Company and its subsidiaries the Subsidiary have been and are in compliance in all material respects with internal policies and procedures designed to ensure promote compliance with the Health Care Laws that govern privacy and data security and take, take and have taken reasonably appropriate steps designed to assure attain compliance in all material respects with such policies and procedures. The Company and its subsidiaries the Subsidiary have taken reasonable steps to maintain the confidentiality of its the personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries the Subsidiary and any third parties in its their possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries the Subsidiary (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries the Subsidiary as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries the Subsidiary have used reasonable efforts to establish, and have established, established commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesthe Subsidiary. The To the Company’s knowledge, after due inquiry, (A) the Company and its subsidiaries the Subsidiary have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or any of its subsidiaries; and (B) there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries the Subsidiary have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, state and local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its their business; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its their personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its their possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, Data except where such breaches, compromises or incidents would notnot reasonably be expected to, individually or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s and its Subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedurestheir businesses. The Company and its subsidiaries Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and or its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business businesses of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company and its subsidiaries Subsidiaries have used commercially reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respectspractices, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The To the Company’s knowledge, the Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Neither the Company and nor its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and Subsidiaries are presently in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and Subsidiaries are presently in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data Data, by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and Subsidiaries are presently in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and Subsidiaries are presently in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data Data, by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and each of its subsidiaries have operated their business respective businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s Company and its subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have taken all reasonable steps necessary to maintain the confidentiality of its their respective personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in the possession of the Company or any of its possession subsidiaries (“Sensitive Company Data”). Neither the Company nor any of its subsidiaries has received any notice, claim, complaint, demand or letter from any person in respect of their respective businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and or any of its subsidiaries. The Neither the Company and nor any of its subsidiaries have not has suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or nor has there been any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such breaches, compromises, incidents or unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Neither the Company and nor any of its subsidiaries have not has been required to notify any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States U.S. federal, state, local and non-United States U.S. privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal datadata and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are compliant in all material aspects with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) including the GDPR as incorporated into the law of the United Kingdom and as amended, and as implemented and supplemented by the Data Protection Xxx 0000. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its businessbusiness and all external privacy policies; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate commercially reasonable steps designed to assure compliance in all material respects with such policies and procedures. The Company, its Subsidiaries, and, to the their knowledge, any third parties processing information on behalf of the Company and its subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus. The Company, its Subsidiaries, and, to the their knowledge, any third-parties processing information on behalf of the Company and its subsidiaries have used commercially reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and and, there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacyprivacy (including, but not limited to, the European General Data Protection Regulation (EU) 2016/679 and the related national data protection laws of the European Union Member States and the United Kingdom), data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries Subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the ProspectusSEC Filings except as would not result in a Material Adverse Effect. The Company and its subsidiaries Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Except, in each case, as would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect, to the Company’s Knowledge, the Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material ; to the Company or any of its subsidiaries; and Company’s knowledge, there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The ; and the Company and its subsidiaries Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiaries have operated their business in a manner compliant in all material respects with all Privacy Laws, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are compliant in all material aspects with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) including the GDPR as it forms part of United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to Kingdom law by virtue of section 3 of the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal dataEuropean Union (Withdrawal) Act 2018. The Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity integrity, availability and security of the data collected, handled handled, stored or stored otherwise processed in connection with its businessbusiness and with all external privacy policies and notices, and all such notices have been legally adequate and accurate; the Company and its subsidiaries Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Privacy Laws and Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate taken, commercially reasonable steps designed to assure compliance in all material respects with such policies and procedures. The Company, its Subsidiaries, and, to the their knowledge, any third parties processing information on behalf of the Company and its subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable informationPersonal Information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiaries and any third parties in its possession or control (collectively, “Sensitive Company Data”). The Company and its Subsidiaries have contractually obligated all third parties that process Sensitive Company Data on their behalf to data protection obligations that comply with applicable Privacy Laws, including (i) to comply with applicable Privacy Laws, (ii) to take reasonable steps to protect and security Sensitive Company Data, and (iii) to act only in accordance with the instructions of the Company. The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus. The Company, its Subsidiaries, and, to the their knowledge, any third-parties processing information on behalf of the Company and its subsidiaries have used commercially reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiaries. The Company and its subsidiaries Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company DataAsset, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and and, there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiaries have not been required to notify any individual individual, regulator or other third party of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal datadata except where any noncompliance would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its subsidiaries have been and are in compliance in all material respects with internal their respective published privacy policies and with their internal security procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; business except where any noncompliance would not reasonably be expected to, singly or in the Company and its subsidiaries have been and are aggregate, result in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and proceduresa Material Adverse Effect. The Company and its subsidiaries have taken reasonable steps to maintain the confidentiality of its the personally identifiable information, protected health information, consumer information and other confidential information that they process in connection with their operation of the Company, its subsidiaries and any third parties in its possession business (“Sensitive Company Data”). The To the knowledge of the Company, the tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiaries. The To the knowledge of the Company, neither the Company and nor its subsidiaries have not has suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material result in a Material Adverse Effect;. For the past three years, to the Company or any knowledge of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The the Company, the Company and its subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries Subsidiary have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations (“Privacy Laws”), policies and procedures, contractual obligations and applicable industry standards applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal datadata (collectively, the “Data Protection Requirements”). The Company and its subsidiaries Subsidiary have been implemented and are in compliance in all material respects with internal maintained policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its businessbusiness in accordance with the Privacy Laws; the Company and its subsidiaries Subsidiary have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures, except where such non-compliance or the failure to take such steps would not, singly or in the aggregate, result in a Material Adverse Effect. The Company and its subsidiaries Subsidiary have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other sensitive, confidential or regulated information of the Company, its subsidiaries Subsidiary and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiary (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, operate and perform as required for the business of the Company and its subsidiaries Subsidiary as now currently operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus, and in accordance with their documentation and functional specifications. The Company IT Assets are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries Subsidiary have used reasonable efforts to establish, established and have establishedmaintained, commercially reasonable disaster recovery and security plans, procedures procedures, safeguards and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiary. The Company and its subsidiaries Subsidiary have not suffered or incurred any security breachesbreaches or incidents, unauthorized access or disclosure, or compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, incidents, access, disclosure or compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material result in a Material Adverse Effect; and to the Company or any of its subsidiaries; and Company’s knowledge there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiary have not been notified of, have not been required to notify any individual or governmental or regulatory authority of and have no knowledge of any event or condition that could result in, any information security breach, compromise or incident involving Sensitive Company Data. Neither the Company nor any Subsidiary (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any Data Protection Requirement, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice, (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement, or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental or regulatory authority under any Data Protection Requirement. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of any Data Protection Requirement.

Privacy and Data Protection. The Company and its subsidiaries Subsidiary have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data, except where the failure to so comply would not reasonably be expected, singly or in the aggregate, result in a Material Adverse Effect. The Company and its subsidiaries Subsidiary have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business, except where the failure to so comply would not reasonably be expected, singly or in the aggregate, result in a Material Adverse Effect; the Company and its subsidiaries Subsidiary have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures, except where the failure to so comply would not reasonably be expected, singly or in the aggregate, result in a Material Adverse Effect. The Company and its subsidiaries Subsidiary have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Subsidiary and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries Subsidiary (the “Company IT Assets”) are adequate and operational operational, in all material respects, for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries Subsidiary as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries Subsidiary have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiariesSubsidiary. The Neither the Company and nor its subsidiaries Subsidiary have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material result in a Material Adverse Effect; and, to the Company or any of its subsidiaries; and Company’s knowledge, there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries Subsidiary have not been required to notify any individual of any material information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries have operated their business businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s and its subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedurestheir businesses. The Company and its subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and or its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business businesses of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company and its subsidiaries have used commercially reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respectspractices, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiaries. The To the Company’s knowledge, the Company and its subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would notnot reasonably be expected to, individually singly or in the aggregate, be material to the Company or any of its subsidiariesresult in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Neither the Company and nor its subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and has operated its subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have has taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company and its subsidiaries have has used reasonable efforts to establish, and have has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company and its subsidiaries. The Company and its subsidiaries have has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises Data or incidents would not, individually or in the aggregate, be material to the Company or any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its subsidiaries have has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.