Common use of Cybersecurity and Data Privacy Clause in Contracts

Cybersecurity and Data Privacy. The Company and the Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and the Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all Personal Data (as defined below) that is in the Company’s possession, and sensitive, confidential or regulated data (collectively, the “Confidential Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Confidential Data and to the protection of such IT Systems and Confidential Data from unauthorized use, access, misappropriation or modification. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by General Data Protection Regulation, and (v) any other piece of information that allows the identification of such natural person.

Cybersecurity and Data Privacy. The Company and the its Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries Subsidiaries as currently conducted, and to the knowledge of the Company are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptantscorrupting agents. The Company and the Subsidiaries its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all Personal Data (as defined below) that is in the Company’s possessionpersonal, and personally identifiable, sensitive, confidential or regulated data (collectively, the “Confidential Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company, there have been no material breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any material incidents under internal review or investigations relating to the same. The Company and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Confidential Personal Data and to the protection of such IT Systems and Confidential Personal Data from unauthorized use, access, misappropriation or modification. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under The Company and its Subsidiaries are in the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by process of taking all necessary actions to comply with the European Union General Data Protection RegulationRegulation and all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and (v) for which any other piece non-compliance with the same would be reasonably likely to create a material liability. Any certificate signed by any officer of information the Company or any of its Subsidiaries and delivered to any Underwriter or to counsel for the Underwriters in connection with the offering, or the purchase and sale, of the Offered Shares shall be deemed a representation and warranty by the Company to each Underwriter as to the matters covered thereby. The Company has a reasonable basis for making each of the representations set forth in this Section 1. The Company acknowledges that allows the identification Underwriters and, for purposes of the opinions to be delivered pursuant to Section 2(c), counsel to the Company and counsel to the Underwriters, will rely upon the accuracy and truthfulness of the foregoing representations and hereby consents to such natural personreliance.

Cybersecurity and Data Privacy. The Except as would not reasonably be expected to result in a Material Adverse Change or as described in the Prospectus, (A) there has been no security breach or, to the Company’s knowledge, other compromise of or relating to the Company and IT Systems; (B) the Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applicationsCompany has not been notified of, and databases (collectivelyhas no knowledge of any event or condition that would reasonably be expected to result in, “any such security breach or other compromise of the Company IT Systems”; (C) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and the Subsidiaries have implemented and maintained commercially reasonable controlsimplemented, policies, procedurescomply with, and safeguards take appropriate steps reasonably designed to maintain ensure compliance with policies and protect their material confidential information and procedures with respect to the integrity, continuous operation, redundancy and security of all Company IT Systems and relating to data (including all privacy and security and the collection, storage, use, disclosure, handling and analysis of Personal Data (as defined belowthe “Policies”) that is in are reasonably consistent with industry standards and practices, or as required by applicable regulatory standards or Privacy Laws; (D) the Company’s possession, and sensitive, confidential or regulated data (collectively, the “Confidential Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same. The Company and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes and all statutes, judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies including, without limitation, the Health Insurance Portability and Accountability Act (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) (42 U.S.C. Section 17921 et seq.); and the Company and each of its Subsidiaries have taken all reasonably necessary actions to comply with the applicable provisions of the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679), and contractual obligations (collectively, “Privacy Laws”), in each case, relating to data privacy and security, to the privacy and security of the Company IT Systems and Confidential Data and or to the protection of such the Company IT Systems and Confidential Data from unauthorized use, access, misappropriation or modification; and (E) neither the Company nor any of its Subsidiaries, has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws. “Personal Data” means (i) a natural person’s persons’ name, street address, telephone number, e-mail email address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by General Data Protection Regulation, GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of any Privacy Laws or Policies.