Common use of Privacy; Data Security Clause in Contracts

Privacy; Data Security. (a) The Company has delivered to Buyer correct and complete copies of all written policies, procedures, and all employee, supplier or third party education and training materials maintained by the Company for at least the previous five (5) years with respect to privacy and personal data protection relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data (“Company Privacy Policies”). The Company has complied in all material respects with, and has not received any notices of violation with respect to, applicable Laws, Contracts, Company Privacy Policies or any other commitments, obligations or representations concerning privacy and personal data protection relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data (“Company Privacy Obligations”). No Company Privacy Obligations will impose any restrictions upon the Company’s ability to use, possess, disclose or transfer such personal data in the manner necessary to conduct the Business in a manner similar to its conduct prior to Closing consistent with any Company Privacy Policy in effect at the time Company collected such data. To Seller's Knowledge, there are no claims or alleged claims that the Company has violated Company Privacy Obligations and there is no legal proceeding with respect to any potential violation thereof. To Seller’s Knowledge, the consummation of the transactions contemplated by the Transaction Documents will not require the Company to provide any notice to, or seek any consent from, any employee, customer, supplier, service provider or other third party under any Company Privacy Policy. (b) The Company has at all times for the last five (5) years maintained an information security program and used commercially reasonable efforts to maintain appropriate administrative, technical and physical controls, including but not limited to the controls set forth in the Payment Card Industry Data Security Standards, as adopted by the PCI Security Standards Council, LLC, Massachusetts’ Information Security Regulations, 201 CMR § 17.00, and other Company Privacy Obligations, in order to protect the security of all information in any form which comprises the Company Registered IP, Company source code, and confidential information and the personal data relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data. To Seller's Knowledge, there has been no occurrence of breach, unauthorized access to or any other material weakness which would otherwise contribute to or permit a breach of or ACTIVE 209289734v.13 unauthorized access to the Company Registered IP, Company source code, confidential information, confidential customer information or personal data relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data. To Seller's Knowledge, there is no material weakness in the Company’s information security program or the Company’s information security controls. The Company has not received from any third party audit firm a notification of a material weakness in the Company’s information security program or the Company’s information security controls to which it has not adequately responded.

Privacy; Data Security. (a) The Company has delivered to Buyer correct and complete copies Company’s websites provide notice of all written policies, procedures, and all employee, supplier or third party education and training materials maintained by the Company for at least the previous five (5) years with respect to its privacy and personal data protection relating security practices (each such notice to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data (be defined as a “Company Privacy PoliciesPolicy”), which Privacy Policies do not contain any material misstatements or omissions of the Company’s privacy practices or practices concerning the collection, use, protection and disclosure of Personal Information or Non-Personal Information. The Company has and, to the Company’s Knowledge, all third parties acting on the Company’s behalf or having authorized access to the Company’s Books and Records have complied in all material respects with all applicable laws relating to: (i) the privacy of users of (including Internet users who view or interact with) all of the websites and other electronic resources and platforms of the Company or third parties acting on the Company’s behalf or having authorized access to the Company’s Books and Records, (ii) the collection, use, storage, retention, disclosure, and has not received disposal of any notices Personal Information or Non-Personal Information collected by the Company or by third parties acting on the Company’s behalf or having authorized access to the Company’s Books and Records or otherwise provided to the Company; or (iii) the security of Personal Information to which the Company or third parties acting on the Company’s behalf or otherwise having authorized access to the Company’s Books and Records have access or otherwise collect or handle, including, to the extent subject thereto, to the Network Advertising Initiative’s Self-Regulatory Code of Conduct (2008), the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising, and the Federal Trade Commission’s Principles for the Self Regulation of Online Behavioral Advertising (2010). No Proceedings have been asserted or, to the Company’s Knowledge, are threatened against the Company by any Person alleging a violation with respect toof any Person’s privacy, applicable Laws, Contracts, Company personal or confidentiality rights under the Company’s Privacy Policies or any other commitmentsapplicable law. Neither this Agreement nor the transactions contemplated hereby, obligations or representations concerning privacy and personal data protection relating to its employeesincluding any disclosures of data, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data (“Company Privacy Obligations”). No Company Privacy Obligations will impose any restrictions upon violate the Company’s ability to use, possess, disclose Privacy Policies as they currently exist or transfer such personal data in as they existed at any time during which any of the manner necessary to conduct the Business in a manner similar to its conduct prior to Closing consistent with any Company Privacy Policy in effect at the time Company Personal Information or Non-Personal Information was collected such dataor obtained. To Seller's Knowledge, there are no claims or alleged claims that the Company has violated Company Privacy Obligations and there is no legal proceeding with respect to any potential violation thereof. To SellerCompany’s Knowledge, the consummation of the transactions contemplated by the Transaction Documents will not require the Company to provide any notice to, or seek any consent from, any employee, customer, supplier, service provider or other third party under any Company Privacy Policy. (b) The Company has at all times for the last five (5) years maintained an information security program and used commercially reasonable efforts to maintain appropriate administrative, technical and physical controls, including but not limited to the controls set forth in the Payment Card Industry Data Security Standards, as adopted by the PCI Security Standards Council, LLC, Massachusetts’ Information Security Regulations, 201 CMR § 17.00, and other Company Privacy Obligations, in order to protect the security of all information in any form which comprises the Company Registered IP, Company source code, and confidential information and the personal data relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data. To Seller's Knowledge, there has been no occurrence of breach, unauthorized access to or any other material weakness which would otherwise contribute to unauthorized disclosure or permit a breach use of Personal Information owned or ACTIVE 209289734v.13 unauthorized access to licensed by the Company Registered IP, Company source code, confidential information, confidential customer information or personal data relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data. To Seller's Knowledge, there is no material weakness in the Company’s information security program possession or the Company’s information security controls. The Company has not received from control by or to any third party audit firm a notification of a material weakness in the Company’s information security program or the Company’s information security controls to which it has not adequately respondedparty.

Privacy; Data Security. (a) The Company has delivered to Buyer Purchaser correct and complete copies of all written policies, procedures, and all employee, supplier or third party education and training materials currently maintained by any member of the Company for at least the previous five (5) years Group with respect to privacy and personal data protection relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom any member of the Company Group has obtained personal data (“Company Privacy Policies”). The Each member of the Company Group has complied in all material respects with, is not in material violation of, and has not received any notices of violation with respect to, any applicable Laws, Contracts, Company Privacy Policies or any other commitments, obligations or representations concerning privacy and personal data protection relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom any member of the Company Group has obtained personal data (“Company Privacy Obligations”). No To the Knowledge of the Company, each member of the Company Group has at all times since the date of formation performed the necessary due diligence in the evaluation and selection of suppliers, service providers or any other third parties with access to or that may receive in the normal course of business personal data relating to any member of the Company Group’s employees, customers, suppliers, service providers, or any other third parties for purposes of determining the adequacy of the supplier’s, service provider’s or any other third party’s capacity to comply with Company Privacy Obligations. To the Knowledge of the Company, no Company Privacy Obligations will will, as a result of the consummation of the Transactions, impose any restrictions upon the CompanyPurchaser’s ability to use, possess, disclose or transfer such personal data in the manner necessary to conduct the Business in a manner Company Group has used, possessed, disclosed or transferred such or similar to its conduct personal data prior to Closing consistent with Closing. No member of the Company Group has written notice of any Company Privacy Policy in effect at the time Company collected such data. To Seller's Knowledge, there are no claims or alleged claims that the Company has violated Company Privacy Obligations and there is no legal proceeding Legal Proceeding with respect to any potential violation thereof. To Seller’s Knowledge, the The consummation of the transactions contemplated by the Transaction Documents Transactions will not violate any past or current Company Privacy Obligation or result in a material change in the use of personal data or otherwise have the effect of altering any past or current Company Privacy Obligation, nor require the Company to provide any notice to, or seek any consent Consent from, any employee, customer, supplier, service provider or other third party under any Company Privacy Policy. Any Company electronic mail distribution lists have been reviewed and scrubbed prior to the date hereof in order to remove email addresses associated with individuals who have opted out of receiving commercial electronic mail messages. (b) The Company has at all times for since January 1, 2011 maintained the last five (5) years maintained an information security program and used commercially reasonable efforts to maintain appropriate administrative, technical and physical controls, including but not limited to the controls set forth in the Payment Card Industry Data Security Standards, as adopted by the PCI Security Standards Council, LLC, Massachusetts’ Information Security Regulations, 201 CMR § 17.00, and other Company Privacy Obligations, in order to protect the security of all information in any form which comprises the Company Registered IPIntellectual Property, Company source codeSource Code, and confidential information Confidential Information and the personal data relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data. To Seller's Knowledge, there The Company has been maintained a comprehensive information security program to materially comply with Company Privacy Obligations. The Company has no Knowledge of any occurrence of breach, unauthorized access to or any other material weakness which would otherwise contribute to or permit a breach of or ACTIVE 209289734v.13 unauthorized access to the Company Registered IPCompany’s Intellectual Property, Company source codeSource Code, confidential information, confidential customer information Confidential Information Customer Information or personal data relating to its employees, customers, suppliers, service providers, or any other third parties from or about whom the Company has obtained personal data. To Seller's Knowledge, there is The Company has no Knowledge of any material weakness in the Company’s information security program or the Company’s information security controls. The Company has not received from any third party audit firm a notification of a material weakness in the Company’s information security program or the Company’s information security controls to which it has not adequately respondedcontrols.