Common use of Compliance with Data Privacy Laws Clause in Contracts

Compliance with Data Privacy Laws. To the Company’s knowledge, the Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries have in place, comply with, and take commercially reasonable steps reasonably designed to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. To Except as disclosed in the Company’s knowledgeRegistration Statement and the Prospectus or as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries areis, and at all prior times weresince January 1, 2020 has been, in material compliance with all applicable state and federal data privacy and security laws and regulations regulations, including, to the extent applicable to the Company, HIPAA, and the Company has taken all reasonable actions to comply with applicable provisions of the California Consumer Privacy Act (“CCPA”), and the European Union General Data Protection Regulation (EU 2016/679) (“GDPR”) (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries have has in place, comply complies with, and take commercially reasonable takes appropriate steps reasonably designed to comply ensure compliance in all material respects with their its policies and procedures relating to data privacy and security and the collection, storage, use, processing, disclosure, handling, and analysis of personal data and Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries have at makes all times made all material disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, have been materially inaccurate or in violation of any Privacy Laws applicable laws and regulatory rules or requirements in any material respect. Except as described in the Registration Statement and the Prospectus or as would not reasonably be expectednot, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiaryCompany: (i) has not received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is not a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) “personal data” as defined by GDPR; (iv) any information which would qualify as “protected health information” under HIPAA; (v) any “personal information” as defined by the CCPA; and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation Any certificate signed by an officer of the Company and delivered to the Agent or to counsel for the Agent pursuant to or in connection with this Agreement shall be deemed to be a representation and warranty by the Company, as applicable, to the Agent as to the matters set forth therein.

Compliance with Data Privacy Laws. To the Company’s knowledge, the The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations regulations, including without limitation HIPAA, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679), as applicable (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect, the Change. The Company and its subsidiaries have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply in all material respects ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except , except where the failure to do so would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect, Change. Neither the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability of the Company or any of its subsidiaries under or relating to, or its or any of its subsidiaries’ actual or potential asserted violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any notice of actual or potential material liability; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any governmental or regulatory demand under any Privacy Law; or (iii) is a party to any order, decree, or agreement from by or with a any court or other governmental or regulatory authority or agency that imposes any obligation or liability of the Company or any of its subsidiaries under any Privacy Law.

Compliance with Data Privacy Laws. To the Company’s knowledge, the The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations regulations, including without limitation HIPAA, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”), except where failure to be so in . To ensure compliance would not reasonably be expected, individually or in with the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse EffectPrivacy Laws, the Company and its subsidiaries have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply in all material respects ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so The Company and its subsidiaries have, except as would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse EffectChange, the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Lawsapplicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except applicable laws and regulatory rules or requirements , except as would not reasonably be expected, individually or in the aggregate, aggregate be reasonably expected to have result in a Material Adverse Effect, the Change. The Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, its subsidiaries of any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any material order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. To the Company’s knowledge, the The Company and its subsidiaries are, and subsidiary have at all prior times were, been and are in material compliance with all applicable state laws or statutes and federal data all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, policies and contractual obligations relating to the privacy and security laws of IT Systems and regulations Data (collectively, the “Privacy Laws”), except where failure to be so in compliance comply would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in To ensure compliance with the aggregate, to have a Material Adverse EffectPrivacy Laws, the Company and its subsidiaries subsidiary have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply ensure compliance in all material respects with their its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries subsidiary have at all times made all disclosures to users or customers required by the applicable Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s knowledge, been materially inaccurate or in violation of any applicable Privacy Laws in Laws, except where failure to do so or any material respect. Except as such inaccuracy or violation would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect, the . The Company further certifies that neither it nor any subsidiary: and its subsidiary (i) has have not received any written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and have no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or and (iii) is are not a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability by any governmental or regulatory authority under any Privacy Law. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of any Privacy Laws or Policies in any material respect.

Compliance with Data Privacy Laws. To the Company’s The Company is and to its knowledge, the Company and its subsidiaries are, and at all prior times wereafter diligent inquiry, in material compliance with all applicable state state, federal, and federal international data privacy and security laws and regulations (collectively, the “Privacy Laws”), except where the failure to be so in compliance comply would not reasonably be expected, individually or expected to result in the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in To ensure compliance with the aggregate, to have a Material Adverse EffectPrivacy Laws, the Company and its subsidiaries have has in place, comply with, place and take commercially reasonable appropriate steps reasonably designed to comply ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries have at all times has made all disclosures to users or customers required by the Privacy Lawsapplicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in applicable laws and regulatory rules or requirements, except for any material respect. Except as disclosures, inaccuracies or violations that would not reasonably be expected, individually or expected to result in the aggregate, to have a Material Adverse Effect, the . The Company further certifies that neither it nor any subsidiaryit: (i) has not received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is not a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law, in each case except as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect.

Compliance with Data Privacy Laws. To the The Company’s knowledge, the Company and its subsidiaries are, and at all prior times were, subsidiaries’ business practice have been structured in material compliance a manner reasonably designed to comply with all applicable state and federal data privacy and security laws and regulations regulations, including without limitation HIPAA, except where the failure to do so would not reasonably be expected to result in a Material Adverse Change, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or expected to result in the aggregate, to have a Material Adverse EffectChange. To ensure compliance with ​ ​ the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Lawsapplicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as applicable laws and regulatory rules or requirements, except where the failure to do so would not reasonably be expected, individually or expected to result in the aggregate, to have a Material Adverse Effect, the Change. The Company further certifies that neither it nor any subsidiary: (i) has received written notice asserting a violation by the Company or any of any actual or potential liability under or relating to, or actual or potential violation of, its subsidiaries of any of the Privacy Laws, ; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any material order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. To the Company’s knowledge, the The Company and its subsidiaries are, and subsidiary have at all prior times were, been and are in material compliance with all applicable state laws or statutes and federal data all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, policies and contractual obligations relating to the privacy and security laws of IT Systems and regulations Data (collectively, the “Privacy Laws”), except where failure to be so in compliance comply would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in To ensure compliance with the aggregate, to have a Material Adverse EffectPrivacy Laws, the Company and its subsidiaries subsidiary have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply ensure compliance in all material respects with their its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries subsidiary have at all times made all disclosures to users or customers required by the applicable Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s knowledge, been materially inaccurate or in violation of any applicable Privacy Laws in Laws, except where failure to do so or any material respect. Except as such inaccuracy or violation would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect, the . The Company further certifies that neither it nor and its subsidiary (A) have not received any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and have no knowledge of any event or condition that would reasonably be expected to result in any such notice; (iiB) is are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or and (iiiC) is are not a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability by any governmental or regulatory authority under any Privacy Law. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of any Privacy Laws or Policies in any material respect.

Compliance with Data Privacy Laws. To the Company’s knowledge, the The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations regulations, including without limitation HIPAA, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679), as applicable (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect, the . The Company and its subsidiaries have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply in all material respects ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except , except where the failure to do so would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse Effect, . Neither the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability of the Company or any of its subsidiaries under or relating to, or its or any of its subsidiaries’ actual or potential asserted violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any notice of actual or potential material liability; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any governmental or regulatory demand under any Privacy Law; or (iii) is a party to any order, decree, or agreement from by or with a any court or other governmental or regulatory authority or agency that imposes any obligation or liability of the Company or any of its subsidiaries under any Privacy Law.

Compliance with Data Privacy Laws. To the Company’s knowledge, the Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in the aggregate, to have a Material Adverse EffectChange. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse EffectChange, the Company and its subsidiaries have in place, comply with, and take commercially reasonable steps reasonably designed to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse EffectChange, the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse EffectChange, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, ; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. To the Company’s knowledge, the Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries have in place, comply with, and take commercially reasonable steps reasonably designed to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so 277712584 v11 would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. To the Company’s knowledge, the The Company and its subsidiaries are, and have at all prior times werebeen, in material compliance with all applicable state and federal data privacy and security laws and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations regarding the privacy and security of IT Systems and Data and Personal Data (collectively, the “Privacy Laws”), except where failure to be so in compliance as would not reasonably be expectednot, individually or in the aggregate, reasonably be expected to have result in a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in To ensure compliance with the aggregate, to have a Material Adverse EffectPrivacy Laws, the Company and each of its subsidiaries have has in place, comply complies with, and take commercially reasonable takes appropriate steps reasonably designed to comply ensure compliance in all material respects with their policies and procedures relating to data privacy and security and contractual obligations governing the collection, storage, use, disclosure, handling, handling and analysis of Personal Data (as defined below) (the “Policies”)Data. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries have has at all times made all material disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except except as would not reasonably be expectednot, individually or in the aggregate, reasonably be expected to have result in a Material Adverse Effect, the . The Company further certifies that neither it the Company nor any subsidiaryof its subsidiaries: (ii)(A) has have received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, or (B) have knowledge of any event or condition that would reasonably be expected to result in, any such notice; (ii) is are currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy LawLaws; or (iii) is are a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law, except with respect to subsection (i), (ii) and (iii) as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect.

Compliance with Data Privacy Laws. To The Company has implemented, and requires that its third party vendors implement, commercially reasonable policies and commercially reasonable security (a) regarding the Company’s knowledgecollection, use, disclosure, retention, processing, transfer, confidentiality, integrity, and availability of personal data, and business proprietary or sensitive information, in its possession, custody, or control, or held or processed on its behalf, and (b) regarding the integrity and availability of the information technology and software applications the Company owns, operates, or outsources; the Company has not experienced any information security incident that has compromised the integrity or availability of the information technology and its subsidiaries aresoftware applications the Company owns, and at all prior times wereoperates, in material compliance with all applicable state and federal data privacy and security laws and regulations (collectivelyor outsources, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expectedthat would, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries have complied in all material respects with their respective privacy policies and other legal obligations regarding the collection, use, transfer, storage, protection, disposal and disclosure by the Company and its subsidiaries of personal and user information gathered or accessed in the course of their respective operations, and, to the knowledge of the Company, there has been no unauthorized access to or other misuse of such information that would, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except where failure to do so as disclosed in the Registration Statement, the Time of Sale Prospectus and the Prospectus or as would not reasonably be expectednot, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have in place, comply with, and take commercially reasonable steps reasonably designed to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would has not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in received any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating toclaims, investigations, or actual alleged violations of law, regulation, or potential violation ofcontract with respect to personal data or information security-related incidents, nor has the Company notified in writing, or been required by applicable law, regulation, or contract to notify in writing, any person or entity of the Privacy Laws, (ii) is currently conducting any personal data or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Lawinformation security-related incident.

Compliance with Data Privacy Laws. To Except as would not, individually or in the Company’s knowledgeaggregate reasonably be, expected to have a Material Adverse Effect, the Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations regulations, including without limitation HIPAA, and the Company (collectively, the “Privacy Laws”), except where failure to be so in . To ensure compliance would not reasonably be expected, individually or in with the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse EffectPrivacy Laws, the Company and its subsidiaries have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the The Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Lawsapplicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws applicable laws and regulatory rules or requirements in any material respect. Except as would not reasonably be expectedNeither the Company, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. To Except as would not, individually or in the Company’s knowledgeaggregate, have a Material Adverse Effect, the Company Corporation and its subsidiaries are, and at all prior times were, each of the Subsidiaries are in material compliance with all applicable state and federal data privacy and security laws laws, statutes, judgements, orders, rules and regulations of any court or arbitrator or any other governmental or regulatory authority and all applicable laws regarding the collection, use, transfer, export, storage, protection, disposal or disclosure by the Corporation and the Subsidiaries of Personal Data collected from or provided by third parties. (collectively, the “Privacy Laws”), except where failure to be so in compliance would not reasonably be expected, individually or in . The Corporation and the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries Subsidiaries have in place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply (i) ensure compliance in all material respects with their policies its privacy policies, all third-party obligations and procedures relating to data privacy industry standards regarding Personal Data; and (ii) reasonably protect the security and the collection, storage, use, disclosure, handling, and analysis confidentiality of all Personal Data (as defined below) (collectively, the “Policies”). To the knowledge of the Corporation, the execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws or Policies. Except where failure to do so as would not reasonably be expectednot, individually or in the aggregate, to have a Material Adverse Effect, neither the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it Corporation nor any subsidiary: (i) Subsidiary has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy LawsLaws and is unaware of any other facts that, (ii) is currently conducting or paying for, in whole individually or in partthe aggregate, any investigation, remediation, or other corrective action pursuant to would reasonably indicate non-compliance with any Privacy Law; Laws or (iii) Policies. Except as would not, individually or in the aggregate, have a Material Adverse Effect, there is a party to no action, suit or proceeding by or before any ordercourt or governmental agency, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation body pending or, to the Corporation’s knowledge, threatened, alleging non-compliance with Privacy Laws or liability under any Privacy LawPolicies.

Compliance with Data Privacy Laws. To the Company’s knowledge, the The Company and its subsidiaries are, and at all prior times werefor the past three (3) years have been, in material compliance with all applicable state and federal data privacy and security laws and regulations regulations, including to the extent applicable, HIPAA and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”), except where failure internal policies and contractual obligations relating to be so in compliance would not reasonably be expected, individually the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use or in access. To the aggregate, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in extent required by the aggregate, to have a Material Adverse EffectPrivacy Laws, the Company and its subsidiaries have comply in place, comply all material respects with, and take commercially reasonable steps reasonably designed to comply ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (as defined below) (the “Policies”). Except where failure to do so as would not reasonably be expected, individually or in the aggregate, to have result in a Material Adverse EffectChange, the Company and its subsidiaries have at all times made all disclosures to users or customers required by the applicable Privacy Laws, and to the knowledge of the Company, none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any applicable Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, Neither the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, ; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any obligation or liability by any governmental or regulatory authority under any Privacy Law.

Compliance with Data Privacy Laws. To Except where non-compliance would not, individually or in the Company’s knowledgeaggregate, reasonably be expected to result in a Material Adverse Change, the Company and its subsidiaries are, are and at all prior times were, have been in material compliance with all applicable state and federal data privacy and security laws and regulations or statutes (collectively, the “Privacy Laws”)) and all judgments, except where failure to be so in compliance would not reasonably be expectedorders, individually rules and regulations of any court or in the aggregatearbitrator or governmental or regulatory authority, to have a Material Adverse Effect. Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries have in place, comply with, and take commercially reasonable steps reasonably designed to comply in all material respects with their internal policies and procedures contractual obligations, each relating to data the privacy and security of IT Systems and Personal Data and to the collection, storage, protection of such IT Systems and Personal Data from unauthorized use, disclosureaccess, handlingmisappropriation or modification (collectively, and analysis of Personal “Data (as defined below) (the “PoliciesProtection Requirements”). Except where failure to do so would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, Neither the Company and its subsidiaries have at all times made all disclosures to users or customers required by the Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been materially inaccurate or in violation of any Privacy Laws in any material respect. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy LawsData Protection Requirements, except where non-compliance would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Change and to the Company’s knowledge no such notices are threatened; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy LawData Protection Requirement that would, individually or in the aggregate reasonably be expected to have a Material Adverse Change related to any non-compliance; or (iii) is a party to any order, decree, or agreement from or with a governmental or regulatory authority or agency that imposes any material obligation or liability under by any Privacy LawGovernmental Entity with respect to compliance with any Data Protection Requirement.