Compliance with FINRA Rules The Company hereby agrees that it will ensure that the Reserved Securities will be restricted as required by FINRA or the FINRA rules from sale, transfer, assignment, pledge or hypothecation for a period of three months following the date of this Agreement. The Underwriters will notify the Company as to which persons will need to be so restricted. At the request of the Underwriters, the Company will direct the transfer agent to place a stop transfer restriction upon such securities for such period of time. Should the Company release, or seek to release, from such restrictions any of the Reserved Securities, the Company agrees to reimburse the Underwriters for any reasonable expenses (including, without limitation, legal expenses) they incur in connection with such release.
Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the Company nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.