Common use of Privacy and Information Security Clause in Contracts

Privacy and Information Security. Except as set forth on Schedule 4.18, each Loan Party and each of its Subsidiaries complies, and during the past six years has complied, in all material respects with (i) HIPAA and Other Privacy Laws, (ii) their privacy policies and notices, and (iii) all contracts relating to Processing of Personal Information. No Loan Party nor any of its Subsidiaries, nor, to the knowledge of any Loan Party, any other Person, has received any notice, allegation, complaint or other communication, and to the knowledge of any Loan Party, there is no pending investigation by any Governmental Authority or payment card association, regarding any actual or possible violation of HIPAA and Other Privacy Laws by or with respect to any Loan Party or any of its Subsidiaries. To the knowledge of each Loan Party, after reasonable investigation, no Loan Party nor any of its Subsidiaries has suffered a security breach with respect to any of Personal Information and there has been no unauthorized or illegal use of or access to any Personal Information. Except as set forth on Schedule 4.18, no Loan Party nor any of its Subsidiaries has notified, or been required to notify, any Person of any information security breach involving Personal Information. Each Loan Party and its Subsidiaries employ commercially reasonable security measures that comply in all material respects with HIPAA and Other Privacy Laws to protect Personal Information within their custody or control and require the same of all vendors that Process Personal Information on their behalf. Each Loan Party and its Subsidiaries have provided all requisite notices and obtained all required consents, and satisfied all other requirements (including notification to Governmental Authorities), necessary for such Loan Party’s or such Subsidiary’s Processing (including international and onward transfer) of all Personal Information in connection with the conduct of the business as currently conducted and in connection with the consummation of the transactions contemplated hereunder.

Privacy and Information Security. Except as set forth on Schedule 4.18, each Loan Party Each of Holdings and each of its Subsidiaries complies, and during the past six five (5) years has complied, in all material respects complied with (i) HIPAA all Privacy and Other Privacy LawsInformation Security Requirements, (ii) their its privacy policies and notices, and (iii) all contracts relating to Processing of Personal InformationData, except to the extent that failure to so comply could not be reasonably expected to have a Material Adverse Effect. No Loan Party Neither Holdings nor any of its Subsidiaries, nor, to the knowledge of any Loan Party, any other Person, Subsidiaries has received in the past five (5) years any notice, allegation, complaint or other communication, and to the knowledge of any Loan Partytheir knowledge, there is no pending investigation by any Governmental Authority or payment card associationAuthority, regarding any actual or possible violation of HIPAA any Privacy and Other Privacy Laws Information Security Requirement by or with respect to any Loan Party Holdings or any of its Subsidiaries. To the knowledge of each Loan PartyHoldings and its Subsidiaries, after reasonable investigation, no Loan Party neither Holdings nor any of its Subsidiaries has suffered a security breach with respect to any of Personal Information the Company Data and there has been no unauthorized or illegal use of or access to any Personal InformationCompany Data. Except as set forth on Schedule 4.18, no Loan Party Neither Holdings nor any of its Subsidiaries has notified, or been required to notify, any Person person of any information security breach involving Personal InformationData. Each Loan Party of Holdings and its Subsidiaries employ employs commercially reasonable security measures that comply in all material respects with HIPAA all Privacy and Other Privacy Laws Information Security Requirements to protect Personal Information Company Data within their its custody or control and require requires the same of all vendors that Process Personal Information Company Data on their its behalf, except to the extent that the failure to do so could not reasonably be expected to have a Material Adverse Effect. Each Loan Party of Holdings and its Subsidiaries have has provided all requisite notices and obtained all required consents, and satisfied all other requirements (including but not limited to notification to Governmental Authorities), necessary for such Loan Party’s or such Subsidiary’s Processing (including international and onward transfer) of all Personal Information Data in connection with the conduct of the business as currently conducted and in connection with the consummation of the transactions contemplated hereunder, except to the extent that the failure to do so could not reasonably be expected to have a Material Adverse Effect.