Common use of Privacy; Data Security Clause in Contracts

Privacy; Data Security. (a) Since January 1, 2018, the Company and each of its Subsidiaries has at all times maintained reasonable administrative, technical and physical safeguards designed to (i) protect the security, confidentiality, integrity and availability of Company Information and IT Assets in a manner consistent with applicable industry standard practices; (ii) protect against any anticipated threats or hazards to the security, confidentiality or integrity of Company Information and IT Assets; and (iii) detect and remediate Information Security Incidents. Since January 1, 2018, to the Knowledge of the Company, there has been no material Information Security Incident involving the Company or any of its Subsidiaries or third parties that process Company Information on behalf of Company or its Subsidiaries. (b) Since January 1, 2018, each of the Company and its Subsidiaries has at all times implemented and maintained reasonable policies, procedures and technical controls to monitor for, detect and remediate security vulnerabilities and security control deficiencies associated with IT Assets in a timely manner and in accordance with industry standard practices. To the Knowledge of the Company, the Company and each of its Subsidiaries has fully remediated, including necessary compensating controls, any and all material, critical and/or high-risk security vulnerabilities for which the Company or any of its Subsidiaries has become aware. (c) Except as do not and would not reasonably be expected to have a Company Material Adverse Effect, since January 1, 2018, the Company and each of its Subsidiaries is, and has been at all times, in compliance with all Privacy Laws and Privacy Commitments (collectively, “Privacy Requirements”). Except as do not and would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole, any privacy notices distributed or otherwise made available by the Company or any of its Subsidiaries have at all times complied in all material respects with Privacy Requirements. The Company and each of its Subsidiaries has all rights and permissions necessary to lawfully access, collect, obtain, use, retain, disclose and transfer Personal Information as permitted by the Privacy Requirements. To the Knowledge of the Company, no Person has made any written claim or commenced any Proceeding against the Company or any of its Subsidiaries with respect to any Information Security Incident or actual or alleged violation of a Privacy Requirement.

Privacy; Data Security. Since December 31, 2022, except as would not, individually or in the aggregate, have a Company Material Adverse Effect, (a) Since January 1, 2018, the Company and each of its Subsidiaries has are in compliance with (i) all applicable Privacy Laws, (ii) all of the Company’s and its Subsidiaries’ written, public facing policies regarding Personal Information (“Privacy Policies”), and (iii) all of the Company’s and its Subsidiaries’ contractual obligations with respect to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) of Personal Information; (b) no Privacy Policies of the Company and its Subsidiaries have contained any material omissions or been misleading or deceptive; (c) the Company and its Subsidiaries have implemented and at all times maintained reasonable administrativesafeguards, technical consistent with practices in the industry in which the Company and physical safeguards designed its Subsidiaries operate, to (i) protect Personal Information and other confidential data in their possession or under their control against loss, theft, misuse or unauthorized access, use, modification or disclosure and to protect the security, confidentiality, integrity and availability security of Company Information and the IT Assets Systems from potential unauthorized use, access, interruption or modification by third parties in a manner consistent with applicable industry standard practicesthat would violate any Applicable Law; (iid) protect against any anticipated threats or hazards to the security, confidentiality or integrity of Company Information and IT Assets; and (iii) detect and remediate Information Security Incidents. Since January 1, 2018, to the Knowledge of the Company, there has been no material Information Security Incident involving the Company or any of and its Subsidiaries have taken commercially reasonable steps to ensure that any third party to whom the Company and its Subsidiaries have granted access to Personal Information collected by or third parties that process Company Information on behalf of Company or its Subsidiaries. (b) Since January 1, 2018, each of the Company and its Subsidiaries has at all times implemented and maintained reasonable policies, procedures and technical controls the same; (e) there have been no breaches or security incidents (including any unauthorized or improper access to monitor for, detect and remediate security vulnerabilities and security control deficiencies associated with IT Assets in a timely manner and in accordance with industry standard practices. To the Knowledge or use or corruption of any of the CompanyIT Systems), or misuse of or unauthorized access to or disclosure of any Personal Information in the possession or control of the Company and each of its Subsidiaries has fully remediatedor collected, including necessary compensating controls, used or processed by or on behalf of any and all material, critical and/or high-risk security vulnerabilities for which of the Company and its Subsidiaries; (f) the Company and its Subsidiaries have not provided or been legally required to provide any notices to any Person in connection with any such breaches, security incidents, or misuse of or unauthorized access to or disclosure of any Personal Information in the possession or control of the Company and its Subsidiaries or collected, used or processed by or on behalf of any of the Company and its Subsidiaries; and (g) neither the Company nor any of its Subsidiaries has become aware. received any written notice of any claims (c) Except as do not and would not reasonably be expected to have a Company Material Adverse Effectincluding written notice from third parties acting on its behalf), since January 1of, 2018or been charged with, the Company and each of its Subsidiaries is, and has been at all times, in compliance with all Privacy Laws and Privacy Commitments (collectively, “Privacy Requirements”). Except as do not and would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a wholeviolation of, any privacy notices distributed Privacy Laws, applicable Privacy Policies, or otherwise made available by the Company or any of its Subsidiaries have at all times complied in all material respects with Privacy Requirements. The Company and each of its Subsidiaries has all rights and permissions necessary to lawfully access, collect, obtain, use, retain, disclose and transfer Personal Information as permitted by the Privacy Requirements. To the Knowledge of the Company, no Person has made any written claim or commenced any Proceeding against the Company or any of its Subsidiaries contractual commitments with respect to any Information Security Incident or actual or alleged violation of a Privacy RequirementPersonal Information.

Privacy; Data Security. (a) Since January 1The Company and its Subsidiaries own, 2018or have valid rights to access and use pursuant to a written agreement, all IT Systems. The IT Systems are (i) subject to commercially reasonable disaster recovery procedures, (ii) free from any defect, bug, virus, corruption, malicious code or other similar contaminants, and (iii) adequate and sufficient (including with respect to working condition and capacity) for, and operate and perform in all material respects as required in connection with, the conduct and operation of Group Companies as currently conducted. The Company and its Subsidiaries have taken all commercially reasonable efforts to protect the confidentiality, integrity and security of the IT Systems. During the five (5) years prior to the date of the Original Merger Agreement, the IT Systems have not suffered a material failure or malfunction. There have been no unauthorized uses or intrusions of, or breaches (including any “security incident” (as defined in 45 C.F.R § 164.304) or “breach” (as defined in 45 C.F.R § 164.402)) to, the IT Systems of the Company or any Subsidiary of the Company, or any other loss, unauthorized disclosure or use of any sensitive or confidential information, including Personal Information, in the custody or control of the Group Companies. (b) The Company and each of its Subsidiaries has at all times maintained reasonable administrative, technical and physical safeguards designed to (i) protect the security, confidentiality, integrity and availability of Company Information and IT Assets in a manner consistent with applicable industry standard practices; (ii) protect against any anticipated threats or hazards to the security, confidentiality or integrity of Company Information and IT Assets; and (iii) detect and remediate Information Security Incidents. Since January 1, 2018, to the Knowledge of the Company, there has been no material Information Security Incident involving the Company or any of its Subsidiaries or third parties that process Company Information on behalf of Company or its Subsidiaries. (b) Since January 1, 2018, each of the Company and its Subsidiaries has at all times implemented and maintained reasonable policies, procedures and technical controls to monitor for, detect and remediate security vulnerabilities and security control deficiencies associated with IT Assets in a timely manner and in accordance with industry standard practices. To the Knowledge of the Company, the Company and each of its Subsidiaries has fully remediated, including necessary compensating controls, any and all material, critical and/or high-risk security vulnerabilities for which the Company or any of its Subsidiaries has become aware. (c) Except as do not and would not reasonably be expected to have a Company Material Adverse Effect, since January 1, 2018, the Company and each of its Subsidiaries is, and has been at all timesare, in compliance with all privacy and security obligations to which they are subject under (i) all applicable privacy policies and online terms of use, (ii) any applicable Law, including Privacy Laws Laws, and Privacy Commitments (iii) any Contract, including all contractual commitments that the Company or a Subsidiary has entered into with respect to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure, or transfer of Personal Information or User Data (collectively, “Privacy Data Security Requirements”). Except as do There have not been any investigations regarding, and would not reasonably be expected to be material to neither the Company and its Subsidiaries, taken as a whole, any privacy notices distributed or otherwise made available by the Company or any of nor its Subsidiaries have at all times complied in all material respects with Privacy received any notice from any Governmental Authority or Person alleging, any violation of any Data Security Requirements. The Company and each of its Subsidiaries has all rights have provided accurate and permissions necessary complete disclosure with respect to lawfully accesstheir privacy policies and privacy and data security practices, collectincluding providing any type of notice and obtaining any type of consent required by Privacy Laws. (c) The Company and its Subsidiaries have not incorporated or used any open source Software in connection with any Software developed, obtain, use, retain, disclose and transfer Personal Information as permitted used or otherwise exploited by the Privacy Requirements. To Company and its Subsidiaries or any of their customers in a manner that requires the Knowledge contribution, licensing, transfer, assignment, attribution or disclosure to any third Person of any portion of the Companysource code of any Software developed, no Person has made any written claim licensed, distributed used or commenced any Proceeding against otherwise exploited by or for the Company or any of its Subsidiaries with respect Subsidiaries. No source code owned by the Group Companies has been delivered or licensed to any Information Security Incident other Person, or actual is subject to any source code escrow or alleged violation of a Privacy Requirementassignment obligation.