Common use of Cybersecurity; Data Protection Clause in Contracts

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To , and to the Company’s knowledge, the IT systems are knowledge free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their respective businesses, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any material incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification except where such non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries have taken all necessary actions to materially comply with the European Union General Data Protection Regulation if and to the extent applicable (and to prepare to materially comply with all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with the same would be reasonably likely to create a material liability) as soon they take effect except where such non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and, to the Company’s knowledge, the IT systems are based on commercially reasonable security and monitoring, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have have, at all times, implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information personal data and sensitive, confidential or regulated data (collectively, the “Personal Confidential Data”)) used in connection with their businesses, and and, to the Company’s knowledge, based on commercially reasonable security and monitoring, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the samesame and except as would not individually or in the aggregate have a Material Adverse Effect on the Company and its subsidiaries, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companytaken as a whole. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Confidential Data and to the protection of such IT Systems and Personal Confidential Data from unauthorized use, access, misappropriation or modification, except where failure to do so would not reasonably be expected to have a Material Adverse Effect on the Company and its subsidiaries, taken as a whole.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, technology, data and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware malware, viruses and other corruptants that wouldcorruptants, except as would not individually or in the aggregate, reasonably be likely to aggregate have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no, and the Company and its subsidiaries have not been notified of, and have no knowledge of any event or condition that would reasonably be expected to result in any, breaches, violations, outages or unauthorized uses of or accesses to the samesame (“Breach”), except for those that have been remedied without material cost or liability to the Company, and nor are there are no any incidents under internal review or investigation investigations relating to any Breach. Neither the sameCompany nor its subsidiaries has received any notice, except for those that would reasonably be expected to be able to remedied without material cost claim, complaint, demand or liability to letter from any person or governmental agency in respect of their businesses under applicable data protection laws, regulations and standards regarding any Breach of the IT Systems or any Personal Data used in connection with the operation of the Company’s and its subsidiaries’ businesses. Neither the Company nor its subsidiaries have been obligated to notify any third party, including, without limitation, any individual or data protection authority, of any Breach. The Company and its subsidiaries have complied at all times and are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal and external policies and contractual obligations relating to the privacy and security of IT Systems and the privacy, security, collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing of Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (“Data Security Obligation”), except as would not individually or in the aggregate have a Material Adverse Effect. The Company and its subsidiaries have taken all necessary actions to comply with any Data Security Obligation, including the European Union General Data Protection Regulation, the Health Insurance Portability and Accountability Act, and the California Consumer Privacy Act. Neither the Company nor its subsidiaries have received any notice, claim, complaint, demand, letter, notification of or complaint regarding, and is unaware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance with, any Data Security Obligation and there is no pending or threatened action, suit, investigation or proceeding by or before any court or governmental agency, authority or body alleging non-compliance with any Data Security Obligation.

Cybersecurity; Data Protection. The Company’s Company and its subsidiariesControlled Entities’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects their core functionality as required in connection with, with the operation of the business of the Company and its subsidiaries Controlled Entities as currently conducted. To , to the best of the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants corruptants. The Company reasonably believes that would(i) the Company, individually its Controlled Entities each own or in the aggregate, reasonably be likely to have a Material Adverse Effectvalid right to access and use its respective IT Systems; (ii) the IT Systems are adequate for, and operate and perform as required in connection with, the operation of the business of the Company and its Controlled Entities as currently conducted in all material respects, (iii) the Company and its Controlled Entities have implemented reasonable backup, security and disaster recovery technology consistent with applicable regulatory standards. The Company and its subsidiaries Controlled Entities have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used collected or processed by the Company or the Controlled Entities in connection with their businesses, and and, to the best of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries Controlled Entities are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, are reasonably believed by the Company to be adequate in the Company’s reasonable belief, adequate all material respects for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and, to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businessesthe business of the Company and its subsidiaries as currently conducted, and and, to the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except for such failures as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (including the data of their respective customers, employees, suppliers, vendors and any third party data maintained by or on behalf of the Company and its subsidiaries) (collectively, “IT Systems”) are), in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledgesubsidiaries, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would(collectively, “Bugs”), except where such Bugs would not, individually or in the aggregate, reasonably be likely expected to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards as are generally maintained by similarly situated companies and which the Company and its subsidiaries believe are reasonably adequate to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses. Without limiting the foregoing, the Company and its subsidiaries have used commercially reasonable efforts to establish and maintain, and have established, maintained, implemented and complied with, reasonable information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical safeguards and business continuity/disaster recovery and security plans as are generally maintained by similarly situated companies that are designed to protect against and prevent breach, destruction, loss, unauthorized distribution, use, access, disablement, misappropriation or modification, or other compromise or misuse of or relating to any information technology system or Data used in connection with the operation of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses and its subsidiaries’ businesses (“Breach”). To the knowledge of or accesses to the same, except for those that have been remedied without material cost or liability to the Company, there has been no such Breach. The Company and there are its subsidiaries have not been notified of and have no incidents under internal review knowledge of any event or investigation relating to the same, except for those condition that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgmentsresult in, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationBreach.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants, except in each case as would not, individually or in the aggregate, reasonably be likely expected to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material trade secrets and confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; and the Company has implemented backup and disaster recovery technology reasonably consistent with industry standards and practices.

Cybersecurity; Data Protection. The Company’s Except as would not reasonably be expected to result in a Material Adverse Effect, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and to the knowledge of the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person or for any such breaches, violations, outages or unauthorized uses or accesses to the Companysame that would not, and there are no individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect, nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Except as described in the Registration Statement, the Pricing Disclosure Package and its subsidiaries’ the Prospectus, the information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases owned by, or leased or licensed to, the Company or any of its subsidiaries (collectively, “IT Systems”) are), in to the knowledge of the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To , and to the Company’s knowledge, the IT systems knowledge are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data of their respective customers, employees, suppliers, vendors and any third party data maintained by or on behalf of them (“Personal Data”)) used in connection with their businesses, and ; to the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages or outages, unauthorized uses of, accesses to or other compromise of or accesses relating to any of the sameCompany’s or any of its subsidiaries’ Personal Data or IT Systems, except for those that have been remedied without material cost or liability or the duty to the Company, and notify any third party; there are no material incidents under internal review or investigation investigations relating to any security breach or other compromise of the sameCompany’s or any of its subsidiaries’ Personal Data or IT Systems and the Company and its subsidiaries have not been notified of, except for those and have no knowledge of any event or condition that would reasonably be expected to be able result in, any security breach or other compromise to remedied without material cost their IT Systems or liability to Personal Data; the Company. The Company and its subsidiaries have implemented commercially reasonable backup and disaster recovery technology consistent with industry standards and practices; and the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority and internal policies, internal policies procedures and contractual obligations relating to the privacy and security of IT Systems and the privacy, collection, use, transfer, storage, protection, disposal or disclosure of Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been (i) no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person, and (ii) no incidents under internal review or investigations relating to the Companysame, and there are no except where such breach, violation, outage, unauthorized use or access, or incidents under internal review or investigation relating to the same, except for those that would not be reasonably be expected to be able to remedied without material cost have, individually or liability to in the Companyaggregate, a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority having jurisdiction over the Company and its subsidiaries, and all internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The (i) Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company’s and its subsidiaries’ information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, applications, and databases (collectively, “IT Systems”) are, are adequate in the Company’s reasonable belief, adequate capacity and operation for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted as described in the Registration Statement and the Prospectus, to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; and (ii) the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have at all times in the past three (3) years implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the confidentiality, integrity, availability, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data used in its business (“Personal Company Data”)) used in connection with their businesses, and (iii) to the knowledge of the Company’s knowledge, except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, there have been no breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to the sameIT Systems and Company Data, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the CompanyIT Systems and Company Data. The Company and each of its subsidiaries are presently and, at all times, has been in material compliance with all (i) applicable laws or statutes and all laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority, ; and (ii) internal policies and contractual obligations obligations, each (i) and (ii) relating to the privacy and security of IT Systems and Personal Company Data and to the protection of such IT Systems and Personal Company Data from unauthorized use, access, misappropriation or modification, except to the extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s (i) Except as would not reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; (ii) the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained or are in the process of implementing commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, the operation of the business of the Company and its subsidiaries as currently conducted; (iii) except as would not reasonably be expected to the Company’s knowledgehave a Material Adverse Effect, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, ; and (iv) except for those that as would not reasonably be expected to be able to remedied without material cost or liability to have a Material Adverse Effect, the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Each SDH Party and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, : (i) adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company each SDH Party and its subsidiaries as currently conducted. To , and (ii) to the Company’s knowledgeknowledge of the SDH Parties, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company Each SDH Party and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all owned IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to . To the Company’s knowledgeknowledge of the SDH Parties, there have been no breaches, violations, outages or unauthorized uses of or accesses to the sameany such IT Systems or data, except for those that have been remedied without material cost or liability or the duty to the Companynotify any governmental or regulatory authority or any other Person, and there are no nor any incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company Each SDH Party and its subsidiaries are presently in material compliance with all applicable laws or statutes and all statutes, judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies published policies, and contractual obligations obligations, in each case, relating to the privacy and security of IT Systems and Personal Data (collectively, the “Data Security Obligations”). None of the SDH Parties has received any written notification of or written complaint regarding, or is aware of any other facts that, individually or in the aggregate, would reasonably indicate, material non-compliance with any Data Security Obligation, and there is no action, suit or proceeding by or before any court or governmental agency, authority or body pending or, to the protection knowledge of such IT Systems and Personal the SDH Parties, threatened alleging non-compliance with any Data from unauthorized use, access, misappropriation or modificationSecurity Obligation.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, are reasonably believed by the Company to be adequate in the Company’s reasonable belief, adequate all material respects for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and, to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal IT Data”)) used in connection with their businessesthe business of the Company and its subsidiaries as currently conducted, and and, to the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal IT Data and to the protection of such IT Systems and Personal IT Data from unauthorized use, access, misappropriation or modification, except for such failures as could not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The CompanyExcept as could not be expected, individually or in the aggregate, to have a Material Adverse Effect, the Partnership’s and its subsidiariesSubsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Partnership and its subsidiaries Subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of, to the knowledge of the Partnership, all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants. Except as could not be expected, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The Company , (i) the Partnership and its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and all personal data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used maintained or processed by the Partnership and its Subsidiaries in connection with their businessesbusinesses (collectively, the “Confidential Data”), and (ii) to the Company’s knowledgeknowledge of the Partnership, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch Confidential Data, except for those that have been remedied without material cost or liability or the duty to notify any other person. Except as could not be expected, individually or in the aggregate, to have a Material Adverse Effect, to the Companyknowledge of the Partnership, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company Partnership and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, and all internal policies and contractual obligations relating to of the Partnership and its Subsidiaries, governing the privacy and security of IT Systems and Personal Confidential Data and to the protection of such IT Systems and Personal Confidential Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s (A) There has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, technology, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, Sensitive Data (defined below) and any such data processed or stored by third parties on behalf of the Company and its subsidiaries) collectively, “IT SystemsSystems and Data”); (B) are, in the Company’s reasonable belief, The IT Systems and Data are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its the subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; and (C) the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable appropriate controls, policies, procedures procedures, and administrative, technical, and physical safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data Data (including all personally identifiable information and Personal Data, sensitive, confidential or regulated data (“Personal Sensitive Data”)) used in connection reasonably consistent with their businesses, industry standards and to the Company’s knowledge, there have been no breaches, violations, outages practices or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyas required by applicable regulatory standards. The Company and its subsidiaries have been and are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business respective businesses of the Company and its subsidiaries as currently conducted. To conducted and as proposed to be conducted as described in the Company’s knowledgeRegistration Statement and the Prospectus, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants, except in each case as would not, individually or in the aggregate, reasonably be likely expected to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures and safeguards consistent with industry standards and practices for similarly-situated companies to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all its IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)data) used or held for use in connection with their businessesrespective businesses (collectively, and to the Company’s knowledge, there “Data”). There have been no breaches, violations, outages or outages, unauthorized uses of or accesses to the sameIT Systems or Data, except for those that have been remedied without material cost in each case as would not, individually or liability to in the Companyaggregate, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to have a Material Adverse Effect. Except in each case as would not, individually or in the aggregate, reasonably be able expected to remedied without material cost or liability to have a Material Adverse Effect, (i) the Company. The Company and its subsidiaries have complied, and are presently in material compliance compliance, with all applicable laws or statutes and all laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authorityauthority and all privacy policies, internal policies and contractual obligations and industry standards relating to the privacy and security of the IT Systems or the collection, use, transfer, import, export, storage, protection, disposal and Personal disclosure of Data (“Data Security Obligations”) and (ii) there is no action, suit, investigation or proceeding by or before any court, governmental agency, authority or body or other third party pending or, to the protection knowledge of such IT Systems and Personal the Company, threatened against the Company or any of its subsidiaries alleging non-compliance with any Data from unauthorized use, access, misappropriation or modificationSecurity Obligation.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, are reasonably believed by the Company to be adequate in the Company’s reasonable belief, adequate all material respects for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and, to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, the business of the Company and to its subsidiaries as currently conducted. To the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages or unauthorized uses of or accesses to the samePersonal Data, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost as otherwise disclosed in the Registration Statement, Time of Sale Information or liability to the CompanyProspectus. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except for such failures as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are and free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost as would not, individually or liability to in the Companyaggregate, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyhave a Material Adverse Effect. The Company and its subsidiaries have implemented business continuity / disaster recovery plans and technology consistent with industry standards and practice. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification including the Data Privacy and Security Laws (“Data Protection Requirements”), except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. To ensure compliance with the Data Protection Requirements, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its subsidiaries have at all times made all material disclosures to patients or other individuals required by applicable Data Protection Requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Data Protection Requirements in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach or violation of any Data Protection Requirements or Policies, except where such breach or violation would not, individually or in the aggregate, have a Material Adverse Effect. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Data Protection Requirements, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental authority under any Data Protection Requirement.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and, to the Company’s knowledge, the IT systems are based on commercially reasonable security and monitoring, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have have, at all times, implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information personal data and sensitive, confidential or regulated data (collectively, the “Personal Confidential Data”)) used in connection with their businesses, and and, to the Company’s knowledge, based on commercially reasonable security and monitoring, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the samesame and except as would not individually or in the aggregate have a Material Adverse Effect on the Company and its subsidiaries, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companytaken as a whole. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Confidential Data and to the protection of such IT Systems and Personal Confidential Data from unauthorized use, access, misappropriation or modification, except where failure to do so would not reasonably be expected to have a Material Adverse Effect on the Company and its subsidiaries, taken as a whole.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, safeguards and safeguards backup and disaster recovery technology processes to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and the collection, use, storage, disclosure, processing or data security of Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. As of the date hereof, no claims have been asserted or threatened against the Company or any of its subsidiaries alleging a violation of laws, regulation or policies relating to Personal Data.

Cybersecurity; Data Protection. The Company’s Except as may be described or incorporated by reference in the Registration Statement, the Pricing Disclosure Package and its subsidiaries’ the Prospectus or as would not have a Material Adverse Effect, the information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases owned or controlled by, or operated on behalf of, the Company, Carnival plc and their respective subsidiaries (collectively, the “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Company, Carnival plc and its their respective subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company Company, Carnival plc and its their respective subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data in their possession or control (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, nor incidents under internal review or investigation, in each case, except for as may be described or incorporated by reference in the Registration Statement, the Pricing Disclosure Package and the Prospectus or those that have been or will be remedied without material cost or liability or the duty to the notify any other person. The Company, Carnival plc and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its their respective subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies authority and contractual obligations relating to the privacy privacy, security and security protection of the IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationData.

Cybersecurity; Data Protection. The Except as has not had or could not reasonably be expected to have, individually or in the aggregate, a Material Adverse Effect, (i) the Company’s and its subsidiariesSubsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries Subsidiaries as currently conducted. To conducted and (ii) to the knowledge of the Company’s knowledge, the IT systems Systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually designed to permit unauthorized access or in the aggregate, reasonably be likely to have a Material Adverse Effectactivity. The Company and its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch IT Systems or Personal Data, except for those that have been remedied without material cost to or liability of the Company and its Subsidiaries or the duty of the Company or any of its Subsidiaries to the Companynotify any other person, and nor are there are no any incidents under internal review or investigation investigations relating to such IT Systems or Personal Data and the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority having jurisdiction over the Company or its Subsidiaries, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (including the data and information of their respective users, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries) (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards, including commercially reasonable disaster recovery and security plans, procedures and safeguards facilities for their respective businesses, including, without limitation, for their IT Systems and data held or used by or for the Company or any of its subsidiaries, to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses access to the samesuch IT Systems and data, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyincluding Personal Data. The Company and its subsidiaries are presently presently, and since their inception have been, in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and external policies, industry standards and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (collectively, “Privacy Obligations”). To ensure compliance with the Privacy Obligations, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). To the Company’s knowledge, it has at all times made all disclosures to users, employees or other applicable persons required by Privacy Obligations, and no such disclosures made or contained in any external written Policies have been materially inaccurate or in violation of any Privacy Obligations. The Company and its subsidiaries (i) have not received written notice of or complaint regarding or indicating non-compliance with, or any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Obligations, and there has not been any event or condition that would reasonably be expected to result in any such notice; (ii) are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Obligations; and (iii) are not party to any governmental order, decree, or agreement that imposes any obligation or liability under any Privacy Obligations. The Company and its subsidiaries have taken all necessary actions to prepare to comply with all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any noncompliance with same would be reasonably likely to create a material liability, as soon they take effect.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, conformance with their functional specifications and have not materially malfunctioned or failed during the operation of the business of the Company and its subsidiaries as currently conductedpast three (3) years. To the Company’s knowledge, the IT systems are free and clear of all Assets do not contain any bugs, errors, defects, Trojan horses, time bombs, malware and or other corruptants corruptants, in each case that would, individually or in the aggregate, reasonably be likely to could have a Material Adverse Effectmaterial impact on the business or operations of the Company and its subsidiaries. The Company and its subsidiaries have implemented and maintained maintain commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently and at all times have been in material full compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (“Data Protection Requirements”), except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Neither the Company nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Data Protection Requirements, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental or regulatory authority under any Data Protection Requirement.

Cybersecurity; Data Protection. The Company’s Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, are adequate in the Company’s reasonable belief, adequate all material respects for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and to the Company’s knowledge, the IT systems knowledge are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware bombs and other corruptants that wouldmalware. Except as would not, individually or in the aggregate, reasonably be likely expected to have a Material Adverse Effect. The , the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person. To the knowledge of the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority having jurisdiction over the Company and its subsidiaries, and all internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all necessary actions to prepare to comply with the European Union General Data Protection Regulation (and all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) as soon they take effect.

Cybersecurity; Data Protection. The Company’s , the Guarantors and its their respective subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in (i) are adequate for the business of the Company’s reasonable belief, adequate forthe Guarantors and their respective subsidiaries as currently conducted, and (ii) to the knowledge of the Company and the Guarantors, operate and perform in all material respects as required in connection with, with the operation of the business of the Company Company, the Guarantors and its their respective subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are conducted free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company Company, the Guarantors and its their respective subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or, the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company Company, the Guarantors and its their respective subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. Any certificate signed by an officer of the Company and delivered to the Representative or to counsel for the Initial Purchasers shall be deemed to be a representation and warranty by the Company to each Initial Purchaser as to the matters set forth therein.

Cybersecurity; Data Protection. The Company’s Each Sunnova Entity and its respective subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Sunnova Entity and its respective subsidiaries as currently conducted. To the Company’s knowledgeknowledge of the Sunnova Entities, the IT systems Systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually designed to permit unauthorized access or in the aggregate, reasonably be likely to have a Material Adverse Effectactivity. The Company Each Sunnova Entity and its respective subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the Company’s knowledgeknowledge of each Sunnova Entity, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch IT Systems or Personal Data, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost such IT Systems or liability to the CompanyPersonal Data. The Company Each Sunnova Entity and its respective subsidiaries are presently in material compliance with all applicable laws or statutes applicable to the Sunnova Entity and its respective subsidiaries and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority having jurisdiction over the Sunnova Entity and its respective subsidiaries, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Except as disclosed in the Registration Statement, Disclosure Package and the Prospectus, or except as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect, the Company and its subsidiaries’ respective information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, technology, data and databases (including confidential information, trade secrets or other data of the Company or any of its subsidiaries or their respective users, customers, employees, suppliers, vendors, personal data and any third party data maintained by or on behalf of the Company and its subsidiaries (collectively, “IT SystemsSystems and Data”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To The Company and its subsidiaries have complied, and are presently in compliance with all applicable laws and statutes and any judgments, orders, rules or regulations of any court or arbitrator or other governmental or regulatory authority, and all internal policies and contractual obligations and any other legal obligations, in each case, relating to the Company’s knowledgeprivacy and security of IT Systems and Data, and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification and the collection, use, transfer, processing, import, export, storage, protection, disposal and disclosure of data (collectively, the IT systems are free and clear of all bugs“Data Security Obligations”), errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldexcept as would not, individually or in the aggregate, reasonably be likely expected to have result in a Material Adverse Effect. The Company and its subsidiaries have implemented used reasonable efforts to establish and maintain, and have established, implemented, maintained and complied with, commercially reasonable information technology, information security, cyber security and data protection controls, policiespolicies and procedures to protect against and prevent security breaches of, procedures unauthorized access to and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security other similar compromises of all IT Systems and data (including all personally identifiable information Data in accordance with industry practices and sensitiveas required by applicable regulatory standards. Except as disclosed in the Registration Statement, confidential Disclosure Package and the Prospectus, the Company and its subsidiaries have not experienced and have no knowledge of any cyber-attack, security breach, unauthorized access or regulated data other similar compromise to their IT Systems and Data (“Personal DataBreach”)) used , which attack, breach, unauthorized access, or similar compromise that would reasonably be expected to result in connection with their businesses, and to the Company’s knowledge, there a Material Adverse Effect. There have been no breachesBreaches, violations, outages outages, or unauthorized uses of or accesses to any IT Systems and Data used in connection with the same, except for those that have been remedied without material cost or liability to operation of the Company, ’s and there are no incidents under internal review or investigation relating to the same, except for those its subsidiaries’ businesses that would reasonably be expected to be able to remedied without material cost or liability to result in a Material Adverse Effect; the Company. The Company and its subsidiaries are presently have not received notification of, and have no knowledge of, any event or condition that would reasonably be expected to result in, a Breach to their IT Systems and Data that would reasonably be expected to result in material a Material Adverse Effect. Neither the Company nor any of its subsidiaries has received any written notification of or complaint regarding, and has no knowledge of any facts that, individually or in the aggregate, would reasonably indicate non-compliance with all applicable laws any Data Security Obligation by the Company or statutes any of its subsidiaries, and all judgmentsthere is no action, orders, rules and regulations of suit or proceeding by or before any court or arbitrator governmental agency, authority or governmental or regulatory authoritybody, internal policies and contractual obligations relating pending or, to the privacy and security Company’s knowledge, threatened alleging non-compliance with any Data Security Obligation by the Company or any of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationits subsidiaries.

Cybersecurity; Data Protection. The Company’s Except as would not reasonably be expected to have a Material Adverse Effect, (A) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are designed to be adequate for, and designed to operate and perform perform, in all material respects respects, as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To , and (B) to the knowledge of the Company’s knowledge, the all IT systems Systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal and personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses. Except as would not reasonably be expected to have a Material Adverse Effect, and to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages violations or unauthorized uses of or accesses to the sameIT Systems and Personal Data, except for those that have been remedied without material cost or liability or the mandatory legal duty to the Companynotify any other person, and there nor are no any such incidents under internal review or investigation relating to as of the same, except for those that date hereof. Except as would not reasonably be expected to be able to remedied without material cost or liability to have a Material Adverse Effect, the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations to which the Company and its subsidiaries are bound relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all commercially reasonable actions to comply with the European Union General Data Protection Regulation.

Cybersecurity; Data Protection. The Company’s Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are designed to be adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; (ii) the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and ; (iii) to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to ; (iv) the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes (including, for the avoidance of doubt, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act; the European Union General Data Protection Regulation (EU 2016/679); and the California Consumer Privacy Act) and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the protection, collection, use, disclosure, transfer, storage, disposal, confidentiality, integrity, privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; and (v) the execution, delivery, and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach or violation of any Privacy Law.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are and free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost as would not, individually or liability to in the Companyaggregate, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyhave a Material Adverse Effect. The Company and its subsidiaries have implemented business continuity / disaster recovery plans and technology consistent with industry standards and practice. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification including the Data Privacy and Security Laws (“Data Protection Requirements”), except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. To ensure compliance with the Data Protection Requirements, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its subsidiaries have at all times made all material disclosures to patients or other individuals required by applicable Data Protection Requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Data Protection Requirements in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach or violation of any Data Protection Requirements or Policies, except where such breach or violation would not, individually or in the aggregate, have a Material Adverse Effect. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Data Protection Requirements, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental authority under any Data Protection Requirement.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the its business of the Company and its subsidiaries as currently conducted. To , in each case, to the knowledge of the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company has implemented, maintained and its subsidiaries have implemented and maintained complied with commercially reasonable information technology, information security, cybersecurity and data protection controls, policies, procedures procedures, and safeguards designed to maintain and protect their its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential information or regulated data trade secrets (collectively, “Personal Sensitive Data”)) used collected, used, stored or processed by, or to the knowledge of the Company, on behalf of the Company in connection with their businessesits business, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the sameany IT Systems and Sensitive Data, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyliability. The Company and its subsidiaries are is presently in material compliance with all applicable laws or statutes and all other applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and external policies, and contractual obligations relating to the privacy and security of IT Systems and Personal the collection, use, transfer, import, export, storage, disposal and disclosure of Sensitive Data and to the protection of such IT Systems and Personal Sensitive Data from unauthorized use, access, misappropriation or modificationmodification (“Data Security Obligations”) except where the failure to comply would not, individually or in the aggregate, have a Material Adverse Effect. The Company (i) has not received any notification of or complaint regarding any actual or potential liability under or relating to, or actual or potential violation of any Data Security Obligation and has no knowledge of any event or condition that would reasonably be expected to result in any such notice, (ii) is not currently conducting or paying for, in whole or in part, any investigation, remediation or other corrective action pursuant to any Data Security Obligation, (iii) is not a party to any order, decree, or agreement that imposed any obligation or liability under any Data Security Obligation and (iv) is not subject to any pending or, to the knowledge of the Company, threatened action, suit, investigation or proceeding by or before any court or government agency, or body alleging non-compliance with any Data Security Obligation by the Company.

Cybersecurity; Data Protection. The Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of, to the knowledge of the Company, all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants. Except as would not reasonably be expected, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The , (i) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and all personal data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used maintained or processed by the Company and its subsidiaries in connection with their businessesbusinesses (collectively, the “Confidential Data”), and (ii) to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch Confidential Data, except for those that have been remedied without material cost or liability or the duty to notify any other person. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, to the knowledge of the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, and all internal policies and contractual obligations relating to of the Company and its subsidiaries, governing the privacy and security of IT Systems and Personal Confidential Data and to the protection of such IT Systems and Personal Confidential Data from unauthorized use, access, misappropriation or modification. Any certificate signed by an officer of the Company and delivered to Virtu, or to counsel for Virtu, pursuant to or in connection with this Agreement, shall be deemed to be a representation and warranty by the Company to Virtu as to the matters set forth therein.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, cloud resources, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and as proposed to be conducted as described in the Company’s knowledgeRegistration Statement, the Pricing Disclosure Package and the Prospectus. The IT systems Systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants corruptants, in each case that would, individually or in the aggregate, may reasonably be likely expected to have a Material Adverse Effect. The Company and its subsidiaries have has at all times implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards (including contractual obligations on third party service providers) to maintain and protect their material confidential information and the integrity, availability, privacy, continuous operation, redundancy and security of all essential IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data data) (“Personal Company Data”)) used in connection with their businesses, and to the Company’s knowledge, there its business. There have been no material breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any such actual or reasonably suspected incidents under internal review or investigation investigations relating to the same. The Company has no knowledge of any event, except for those circumstances, or condition that would reasonably be expected to be able to remedied without material cost result in such breach, violation, outage, compromise, or liability unlawful or unauthorized acquisition of, disclosure of, use of or access to the CompanyCompany Data. The Company is, and since its subsidiaries are presently inception has been, in material compliance with all (i) applicable laws or statutes and all laws, industry standards, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority; (ii) internal policies, internal policies and (iii) contractual obligations obligations, each (i) -(iii) relating to the privacy and security of IT Systems and Personal Company Data and to the protection of such IT Systems and Personal Company Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, servers, hardware, software, websites, applications, and databases used in the Company’s and its subsidiaries’ business (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the such business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the and such IT systems Systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operationoperation (including commercially reasonable disaster recovery), redundancy and security of all IT Systems and data (including all any personally identifiable information and sensitiveregulated data) maintained, confidential processed or regulated stored by the Company or its subsidiaries, and any such data processed or stored by third parties on behalf of the Company or its subsidiaries (collectively, “Personal Company Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, incidents, violations, outages or unauthorized uses of use, access or accesses disclosure or other compromise to the sameIT Systems or the Company Data, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyliability. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal or publicly posted policies of the Company and its subsidiaries, and contractual obligations obligations, in each case, relating to the privacy and privacy, protection or security of IT Systems and Personal or Company Data and (“Privacy Legal Obligations”) or to the protection collection, processing, sharing, transfer, usage, disposal or storage of such IT Systems and Personal Data Company Data. Neither the Company nor any of its subsidiaries has received any notice, request or other communication from unauthorized useany governmental or regulatory authority or claim from any person, accessor has been subject to any enforcement action, misappropriation in each case, relating to a breach or modificationalleged breach of Privacy Legal Obligations, except as would not, individual or in the aggregate reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all necessary actions to prepare to comply with the European Union General Data Protection Regulation (and all other applicable laws and regulations in the European Union with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) as soon as they take effect.

Cybersecurity; Data Protection. The Company’s Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, data and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and as proposed to be conducted in the Company’s knowledgeRegistration Statement, the IT systems are Disclosure Package, and the Prospectus, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, back doors, drop dead devices, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have established, implemented and maintained commercially reasonable and appropriate controls, policies, procedures procedures, and technological safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and material data (including all personal, personally identifiable information and identifiable, household, sensitive, confidential or regulated data or information (“Personal Company Data”)) used in connection with their businesses, in compliance with all applicable laws and to regulatory standards in all material respects. To the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages outages, security incidents or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost any IT Systems or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the CompanyCompany Data. The Company and its subsidiaries own or have a valid right to access and use all IT Systems and Company Data, and have complied in all material respects and are presently in material compliance with all applicable laws or statutes and all statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority, binding industry standards, internal and external policies and notices, contractual obligations and any other legal obligations, in each case relating to the privacy and security collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing by or on behalf of IT Systems and Personal the Company or any of its subsidiaries of Company Data and (“Data Security Obligations”). Neither the Company nor any of its subsidiaries have received any notification of or complaint regarding, or otherwise have knowledge of any facts that would indicate, any material non-compliance by the Company or any of its subsidiaries with any Data Security Obligation. There is no action, suit, investigation or proceeding against the Company or any of its subsidiaries by or before any court or governmental agency, authority or body pending or, to the protection knowledge of such IT Systems and Personal the Company, threatened, against the Company or any of its subsidiaries alleging material non-compliance with any Data from unauthorized use, access, misappropriation Security Obligations by the Company or modificationany of its subsidiaries.

Cybersecurity; Data Protection. The To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have at all times during the past three years implemented and maintained commercially reasonable all reasonably necessary controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information and Personal Data, sensitive, confidential or regulated data (“Personal Confidential Data”)) used in connection with their businesses, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person. Any certificate signed by any officer or representative of the Company or any of its subsidiaries and delivered to the Company, Agent or counsel for the Agent in connection with an issuance of Shares shall be deemed a representation and there are no incidents under internal review or investigation relating warranty by the Company to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability Agent as to the Companymatters covered thereby on the date of such certificate. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgmentsacknowledges that the Agent and, ordersfor purposes of the opinions to be delivered pursuant to Section 4(o) hereof, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating counsel to the privacy Company and security of IT Systems and Personal Data and counsel to the protection Agent, will rely upon the accuracy and truthfulness of the foregoing representations and hereby consents to such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationreliance.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and, to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same. To the Company’s knowledge, no claims have been asserted or threatened against the Company or its subsidiaries alleging a violation relating to Personal Data or data rights and the consummation of the transactions contemplated hereby will not breach or otherwise cause any violation of any law related to privacy, data protection, or the collection and use of Personal Data collected, used, or held for use by the Company or its subsidiaries in the conduct of their businesses, except for those that where any such breach or violation would not reasonably be expected to be able to remedied without material cost or liability to the Companyresult in a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the collection and use of Personal Data, privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently are, and have been in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (collectively, the “Privacy Laws”). To the extent required by the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with Company policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, and handling, of Personal Data (the “Policies”). In each case, except as would not reasonably be expected, singly or in the aggregate, to have a Material Adverse Effect on the Company and its subsidiaries, taken as a whole, the Company and its subsidiaries have made all disclosures to individuals required by applicable Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Privacy Laws. Neither the Company nor any subsidiary: (i) has received written notice of any actual or alleged liability under or relating to, or actual or alleged violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such written notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action required pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental or regulatory authority under any Privacy Law.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems and are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all necessary actions, to the extent required to have been taken as of the date hereof, to prepare to comply with all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases owned or used by the Company or its subsidiaries (collectively, “IT Systems”) are), in to the knowledge of the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and as proposed to be conducted in the Company’s knowledgeRegistration Statement and the Prospectus, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used collected, used, stored or processed in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person or entity, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that . Except as would not reasonably be expected expected, individually or in the aggregate, to be able to remedied without material cost or liability to have a Material Adverse Effect, the Company. The Company and its subsidiaries have complied with and are presently in material compliance with all applicable laws or statutes (including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, the California Consumer Privacy Act and the European Union General Data Protection Regulation (the “GDPR”) and all applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and external policies, and contractual obligations relating to the privacy and security of IT Systems and the collection, use, transfer, import, export, storage, disposal and disclosure of Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (“Data Security Obligations”). Neither the Company nor any of its subsidiaries have received any notification of or complaint regarding non-compliance with any Data Security Obligation, and there is no pending or, to the knowledge of the Company, threatened, action, suit or proceeding by or before any court or governmental agency, authority or body alleging non-compliance with any Data Security Obligation. The Company and its subsidiaries have made all disclosures as required by applicable laws and regulatory rules or requirements in connection with such Data Security Obligations, and no such disclosures have been inaccurate or in violation of any applicable laws or regulatory rules and requirements. The Company and its subsidiaries have taken all necessary actions to prepare to comply with the GDPR and all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability, as soon they take effect.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, cloud resources, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conductedconducted and as proposed to be conducted as described in the Registration Statement and the Prospectus. To the Company’s knowledge, the The IT systems Systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants corruptants, in each case that would, individually or in the aggregate, may reasonably be likely expected to have a Material Adverse Effect. The Company and its subsidiaries have has at all times implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards (including contractual obligations on third party service providers) to maintain and protect their material confidential information and the integrity, availability, privacy, continuous operation, redundancy and security of all essential IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data data) (“Personal Company Data”)) used in connection with their businesses, and to the Company’s knowledge, there its business. There have been no material breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any such actual or reasonably suspected incidents under internal review or investigation investigations relating to the same. The Company has no knowledge of any event, except for those circumstances, or condition that would reasonably be expected to be able to remedied without material cost result in such breach, violation, outage, compromise, or liability unlawful or unauthorized acquisition of, disclosure of, use of or access to the CompanyCompany Data. The Company and its subsidiaries are presently are, and since their inception have been, in material compliance with all (i) applicable laws or statutes and all laws, industry standards, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority; (ii) internal policies, internal policies and (iii) contractual obligations obligations, each (i) -(iii) relating to the privacy and security of IT Systems and Personal Company Data and to the protection of such IT Systems and Personal Company Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ subsidiary’s information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, technology, data and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries subsidiary as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware malware, viruses and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries subsidiary have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no, and the Company and its subsidiary have not been notified of, and have no knowledge of any event or condition that would reasonably be expected to result in any, breaches, violations, outages or unauthorized uses of or accesses to the samesame (“Breach”), except for those that have been remedied without material cost or liability to the Company, and nor are there are no any incidents under internal review or investigation investigations relating to any Breach. Neither the sameCompany nor its subsidiary has received any notice, except for those that would reasonably be expected to be able to remedied without material cost claim, complaint, demand or liability to letter from any person or governmental agency in respect of their businesses under applicable data protection laws, regulations and standards regarding any Breach of the IT Systems or any Personal Data used in connection with the operation of the Company’s and its subsidiary’s businesses. Neither the Company nor its subsidiary have been obligated to notify any third party, including, without limitation, any individual or data protection authority, of any Breach. The Company and its subsidiaries subsidiary have complied at all times and are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal and external policies and contractual obligations relating to the privacy and security of IT Systems and the privacy, security, collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing of Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (“Data Security Obligation”), except where the failure to so comply would not result in a Material Adverse Effect. The Company and its subsidiary have taken all necessary actions to comply with any Data Security Obligation, including the European Union General Data Protection Regulation, the Health Insurance Portability and Accountability Act, and the California Consumer Privacy Act. Neither the Company nor its subsidiary have received any notice, claim, complaint, demand, letter, notification of or complaint regarding, and the Company has no knowledge of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance with, any Data Security Obligation and there is no pending or threatened action, suit, investigation or proceeding by or before any court or governmental agency, authority or body alleging non-compliance with any Data Security Obligation.

Cybersecurity; Data Protection. The Company’s Except as would not reasonably be expected to have a Material Adverse Effect, (A) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and are, to the best knowledge of the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; (B) the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, ; (C) there have been no breaches, violations, outages or unauthorized uses of or accesses to same; (D) the same, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; and (E) the Company and its subsidiaries have taken all necessary actions to prepare to comply with all applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability as soon as they take effect.

Cybersecurity; Data Protection. The Company’s Except as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect, the Company and its subsidiarieseach of the Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries each of the Subsidiaries as currently conducted. To , and to the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, material Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries each of the Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same. Except as would not, except for those that would individually or in the aggregate, reasonably be expected to be able to remedied without material cost or liability to result in a Material Adverse Effect, the Company. The Company and its subsidiaries each of the Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. Any certificate signed by an officer of the Company and delivered to B. Xxxxx Securities or to counsel for B. Xxxxx Securities pursuant to or in connection with this Agreement shall be deemed to be a representation and warranty by the Company, as applicable, to B. Xxxxx Securities as to the matters set forth therein.

Cybersecurity; Data Protection. The To the Company’s and its subsidiaries’ Knowledge, the information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases owned by, or leased or licensed to, the Company or any of its Subsidiaries (collectively, “IT Systems”) are), in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries Subsidiaries as currently conducted. To , and to the Company’s knowledge, the IT systems Knowledge are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data of their respective customers, employees, suppliers, vendors and any third-party data maintained by or on behalf of them (“Personal Data”)) used in connection with their businesses, and ; to the Company’s knowledgeKnowledge, there have been no material breaches, violations, outages or outages, unauthorized uses of, accesses to or other compromise of or accesses relating to any of the sameCompany’s or any of its Subsidiaries’ Personal Data or IT Systems, except for those that have been remedied without material cost or liability or the duty to the Company, and notify any third party; there are no material incidents under internal review or investigation investigations relating to any security breach or other compromise of the sameCompany’s or any of its Subsidiaries’ Personal Data or IT Systems and the Company and its Subsidiaries have not been notified of, except for those and have no knowledge of any event or condition that would reasonably be expected to be able result in, any security breach or other compromise to remedied without material cost their IT Systems or liability to Personal Data; the Company. The Company and its subsidiaries Subsidiaries have implemented commercially reasonable backup and disaster recovery technology consistent with industry standards and practices; and the Company and its Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority and internal policies, internal policies procedures and contractual obligations relating to the privacy and security of IT Systems and the privacy, collection, use, transfer, storage, protection, disposal or disclosure of Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases owned or used by the Company or its subsidiaries (collectively, “IT Systems”) are, in the Company’s reasonable belief, are reasonably adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and, to the knowledge of the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in would cause a material disruption to the aggregate, reasonably be likely to have a Material Adverse Effectoperation of the business of the Company and its subsidiaries. The Company and its subsidiaries have implemented and maintained maintain commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect the secrecy of their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data in the Company’s possession or control (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used collected, used, stored or processed in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, in each case, except for those that as have been remedied without material cost or liability to the Companynot had, and there are no would not reasonably be expected to have, individually or in the aggregate, a Material Adverse Effect, nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, in each case, except as have not had, and would not reasonably be expected to have, individually or in the aggregate, a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment(i) Except as would not, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually singly or in the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to the Company, the Operating Partnership and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company each of their respective subsidiaries have complied and its subsidiaries are presently in material compliance with all internal and external privacy policies, contractual obligations, industry standards, applicable laws or statutes and all laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authorityauthority and any other legal obligations, internal policies and contractual obligations in each case, relating to the privacy collection, use, transfer, import, export, storage, protection, disposal and disclosure by the Company, the Operating Partnership and their respective subsidiaries of personal, personally identifiable, household, sensitive, confidential or regulated data (“Data Security Obligations,” and such data, “Data”); (ii) the Company and the Operating Partnership have not received any written notification of or written complaint regarding and is unaware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance with any Data Security Obligation and that, singly or in the aggregate, would have a Material Adverse Effect; and (iii) there is no action, suit or proceeding by or before any court or governmental agency, authority or body pending or, to the Company’s and the Operating Partnership’s knowledge, threatened alleging non-compliance with any Data Security Obligation. The Company, the Operating Partnership and each of their respective subsidiaries have taken all commercially reasonable technical and organizational measures necessary to protect the information technology systems and Data used in connection with the operation of the Company’s, the Operating Partnership’s and each of their respective subsidiaries’ businesses. Without limiting the foregoing, the Company, the Operating Partnership and their respective subsidiaries have used commercially reasonable efforts to establish and maintain, and have established, maintained, implemented and complied with, reasonable information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical safeguards and business continuity/disaster recovery and security of IT Systems plans that are designed to protect against and Personal Data and to the protection of such IT Systems and Personal Data from reasonably prevent material breach, destruction, loss, unauthorized distribution, use, access, disablement, misappropriation or modification, or other compromise or misuse of or relating to any information technology system or Data used in connection with the operation of the Company’s, the Operating Partnership’s and each of their respective subsidiaries’ businesses (“Breach”). There has been no such Breach (except for those that have been remedied without material cost, liability or obligation), and the Company, the Operating Partnership and each of their respective subsidiaries have not been notified of and have no knowledge of any event or condition that would reasonably be expected to result in, any such material Breach.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (including the data and information of their respective users, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries) (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards, including commercially reasonable disaster recovery and security plans, procedures and safeguards facilities for their respective businesses, including, without limitation, for their IT Systems and data held or used by or for the Company or any of its subsidiaries, to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses access to the samesuch IT Systems and data, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyincluding Personal Data. The Company and its subsidiaries are presently presently, and since their inception have been, in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and external policies, industry standards and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (collectively, “Privacy Obligations”). To ensure compliance with the Privacy Obligations, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). To the Company’s knowledge, it has at all times made all disclosures to users, employees or other applicable persons required by Privacy Obligations, and no such disclosures made or contained in any external written Policies have been materially inaccurate or in violation of any Privacy Obligations. The Company and its subsidiaries (i) have not received written notice of or complaint regarding or indicating non-compliance with, or any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Obligations, and there has not been any event or condition that would reasonably be expected to result in any such notice; (ii) are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Obligations; and (iii) are not party to any governmental order, decree, or agreement that imposes any obligation or liability under any Privacy Obligations. The Company and its subsidiaries have taken all commercially reasonable actions to prepare to comply with all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any noncompliance with same would create a material liability, as soon they take effect.

Cybersecurity; Data Protection. The Company’s and its subsidiariesDelek Parties’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, necessary for the operation of the business of the Company and its subsidiaries Delek Parties as currently conducted, except as would not, individually or in the aggregate, have a Material Adverse Change. To the Company’s knowledge, the The Delek Parties conduct industry-standard scans of their IT systems are free Systems to detect and clear of all address material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries Delek Parties have implemented and maintained commercially reasonable controls, policies, procedures and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and sensitive data (including all personal, personally identifiable information and sensitiveidentifiable, confidential or regulated data (“Personal Sensitive Data”)) used in connection with their businesses, and to the Company’s knowledgeknowledge of the Delek Parties, there have been no breaches, violations, incidents, compromises, outages or unauthorized uses of or of, accesses to the or disclosures of same, except for those that as would not, individually or in the aggregate, have been remedied without material cost or liability to the Companya Material Adverse Change, and the Delek Parties have not had a duty to notify any other person of, nor are there are no any incidents under internal review or investigation relating to to, the same, except for those same or any event or condition that would reasonably be expected to be able to remedied without material cost or liability to result in the Companysame. The Company and its subsidiaries Delek Parties are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating applicable to the privacy and security of its IT Systems and Personal Sensitive Data and to the protection of such IT Systems and Personal Sensitive Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Except as would not be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of, to the knowledge of the Company, all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants. Except as would not be expected, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The , (i) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and all personal data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used maintained or processed by the Company and its subsidiaries in connection with their businessesbusinesses (collectively, the “Confidential Data”), and (ii) to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch Confidential Data, except for those that have been remedied without material cost or liability or the duty to notify any other person. Except as would not be expected, individually or in the Companyaggregate, and there are no incidents under internal review or investigation relating to have a Material Adverse Effect, the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, and all internal policies and contractual obligations relating to of the Company and its subsidiaries, governing the privacy and security of IT Systems and Personal Confidential Data and to the protection of such IT Systems and Personal Confidential Data from unauthorized use, access, misappropriation or modification. Any certificate signed by any officer or other authorized signatory of the Company and delivered to the Underwriters or to counsel for the Underwriters shall be deemed a representation and warranty by the Company to the Underwriters as to the matters covered thereby.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform as required, in all material respects as required respects, in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and, to the knowledge of the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, vulnerabilities, Trojan horses, time bombs, malware malware, viruses, worms, wipers and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained maintain commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information “personal data” or other similar or any other similar terms as defined in applicable laws related to data privacy and sensitive, confidential or regulated data security (“Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company’s knowledge, in the past three (3) years, there have been no material breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to the Companyliability, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that . Except as would not reasonably be expected expected, individually or in the aggregate, to be able to remedied without material cost or liability to have a Material Adverse Effect, the Company. The Company and its subsidiaries have been, and are presently in material in, compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation misappropriation, destruction or modification.

Cybersecurity; Data Protection. The Company’s Except as has not had or could not reasonably be expected to have, individually or in the aggregate, a Material Adverse Effect, (i) the Company and its subsidiariesSubsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries Subsidiaries as currently conducted. To conducted and (ii) to the knowledge of the Company’s knowledge, the IT systems Systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually designed to permit unauthorized access or in the aggregate, reasonably be likely to have a Material Adverse Effectactivity. The Company and its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch IT Systems or Personal Data, except for those that have been remedied without material cost to or liability of the Company and its Subsidiaries or the duty of the Company or any of its Subsidiaries to the Companynotify any other person, and nor are there are no any incidents under internal review or investigation investigations relating to such IT Systems or Personal Data and the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority having jurisdiction over the Company or its Subsidiaries, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Except as disclosed in the Registration Statement and the Prospectus or as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect, (i) the Company and each of its subsidiariesSubsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases used to process, store, maintain and operate date, information and functions (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and each of its subsidiaries Subsidiaries as currently conducted. To , (ii) the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and each of its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards reasonably consistent with industry standards and practices, or as required by applicable regulatory standards, to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and (iii) to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch IT Systems, except for those that have been remedied without material cost or liability and (iv) to the Company’s knowledge, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and each of its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or laws, statutes and all regulations and any judgments, orders, orders or rules and regulations of any court or court, arbitrator or governmental regulatory authority having lawful jurisdiction over the Company or regulatory authorityany of its Subsidiaries, internal policies and any contractual obligations relating to the privacy and security of such IT Systems Systems. The Company acknowledges that the Agents, the Forward Sellers and Personal Data the Forward Purchasers and, for purposes of the opinions to be delivered pursuant to Sections 5 and 6 hereof, counsel to the protection Company and counsel to the Agents, the Forward Sellers and the Forward Purchasers, will rely upon the accuracy and truthfulness of the foregoing representations and hereby consents to such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationreliance.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants. Except as would not, individually or in the aggregate, reasonably be likely expected to have a Material Adverse Effect. The , the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses. Except as would not, and individually or in the aggregate, reasonably be expected to the Company’s knowledgehave a Material Adverse Effect, there have been no breaches, violations, outages or unauthorized uses of or accesses to the sameCompany and its subsidiaries’ IT Systems or data (including Personal Data), except for those that have been remedied without material cost or liability to the Company, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with (i) all applicable worldwide laws or and statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, and (ii) their internal policies and contractual obligations obligations, in each case of (i) and (ii), relating to the privacy and security of IT Systems and Personal Data Data, including the creation, collection, receipt, acquisition, storage, maintenance, use, disclosure, transfer, transmission, disposition, retention, and processing of Personal Data, and to the security and protection of such IT Systems and Personal Data from unauthorized use, access, disclosure, acquisition, misappropriation or modification. Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have taken all necessary actions to prepare to comply with all applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof.

Cybersecurity; Data Protection. The Company’s Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, data and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and as proposed to be conducted in the Company’s knowledgeRegistration Statement, the IT systems are Disclosure Package, and the Prospectus, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, back doors, drop dead devices, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have established, implemented and maintained commercially reasonable and appropriate controls, policies, procedures procedures, and technological safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and material data (including all personal, personally identifiable information and identifiable, household, sensitive, confidential or regulated data or information (“Personal Company Data”)) used in connection with their businesses, in compliance with all applicable laws and to regulatory standards in all material respects. To the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages outages, security incidents or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost any IT Systems or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the CompanyCompany Data. The Company and its subsidiaries own or have a valid right to access and use all IT Systems and Company Data, and have complied in all material respects and are presently in material compliance with all applicable laws or statutes and all statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority, binding industry standards, internal and external policies and notices, contractual obligations and any other legal obligations, in each case relating to the privacy and security collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing by or on behalf of IT Systems and Personal the Company or any of its subsidiaries of Company Data and (“Data Security Obligations”). Neither the Company nor any of its subsidiaries have received any notification of or complaint regarding, or otherwise have knowledge of any facts that would indicate, any material non-compliance by the Company or any of its subsidiaries with any Data Security Obligation. There is no action, suit, investigation or proceeding against the Company or any of its subsidiaries by or before any court or governmental agency, authority or body pending or, to the protection knowledge of such IT Systems and Personal the Company, threatened, against the Company or any of its subsidiaries alleging material non-compliance with any Data from unauthorized use, access, misappropriation Security Obligations by the Company or modificationany of its subsidiaries.

Cybersecurity; Data Protection. The Company’s , CTWS and its their respective subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Company, CTWS and its their respective subsidiaries as currently conducted. To , and, to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company Company, CTWS and its their respective subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company Company, CTWS and its their respective subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. To the Company’s knowledge, the Company, CTWS and their respective subsidiaries have taken all necessary actions, to the extent required to have been taken as of the date hereof, to prepare to comply with all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability.

Cybersecurity; Data Protection. The Company’s Except as disclosed in each of the Registration Statement, the Pricing Disclosure Package and the Prospectus, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and are, to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and, except as disclosed in each of the Registration Statement, the Pricing Disclosure Package and to the Company’s knowledgeProspectus, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that . Except as would not reasonably be expected expected, individually or in the aggregate, to be able to remedied without material cost or liability to have a Material Adverse Effect, the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and, to the Company’s knowledge, the IT systems are based on commercially reasonable security and monitoring, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have have, at all times, implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information personal data and sensitive, confidential or regulated data (collectively, the “Personal Confidential Data”)) used in connection with their businesses, and and, to the Company’s knowledge, based on commercially reasonable security and monitoring, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the samesame and except as would not individually or in the aggregate have a Material Adverse Effect on the Company and its subsidiaries, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companytaken as a whole. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Confidential Data and to the protection of such IT Systems and Personal Confidential Data from unauthorized use, access, misappropriation or modification, except where failure to do so would not reasonably be expected to have a Material Adverse Effect on the Company and its subsidiaries, taken as a whole. Any certificate signed by any officer of the Company and delivered to any Underwriter or to counsel for the Underwriters in connection with the offering, or the purchase and sale, of the Offered Shares shall be deemed a representation and warranty by the Company to each Underwriter as to the matters covered thereby. The Company has a reasonable basis for making each of the representations set forth in this Section 1. The Company acknowledges that the Underwriters and, for purposes of the opinions to be delivered pursuant to Section 6 hereof, counsels to the Company and counsel to the Underwriters, will rely upon the accuracy and truthfulness of the foregoing representations and hereby consents to such reliance.

Cybersecurity; Data Protection. The Company’s Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect and except as described in each of the Registration Statement, the Pricing Disclosure Package and the Prospectus, the Company and its subsidiaries’ information technology assets and assets, equipment, computers, systems, networks, software, hardware, softwarecomputers, websites, applications, applications and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants. Except as would not, individually or in the aggregate, reasonably be likely expected to have a Material Adverse Effect. The Effect and except as described in each of the Registration Statement, the Pricing Disclosure Package and the Prospectus, (i) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (data, including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, (ii) there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to the Company, and there are no nor any incidents currently under internal review or investigation investigations relating to the same. Except as would not, except for those that would individually or in the aggregate, reasonably be expected to be able to remedied without material cost or liability to have a Material Adverse Effect and except as described in each of the Company. The Registration Statement, the Pricing Disclosure Package and the Prospectus, the Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to collected, stored, processed, transferred, disclosed or used by the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation Company or modificationits subsidiaries.

Cybersecurity; Data Protection. The Company’s , the Guarantors and its their respective subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in (i) are adequate for the business of the Company’s reasonable belief, adequate forthe Guarantors and their respective subsidiaries as currently conducted, and (ii) to the knowledge of the Company and the Guarantors, operate and perform in all material respects as required in connection with, with the operation of the business of the Company Company, the Guarantors and its their respective subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are conducted free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company Company, the Guarantors and its their respective subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or, other than with respect to Aerogrow International, Inc., the Companyduty to notify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company Company, the Guarantors and its their respective subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. Any certificate signed by an officer of the Company and delivered to the Representative or to counsel for the Initial Purchasers shall be deemed to be a representation and warranty by the Company to each Initial Purchaser as to the matters set forth therein.

Cybersecurity; Data Protection. The Company’s Company and its subsidiariesthe Controlled Entities’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries the Controlled Entities have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any third party, and there are no nor any material incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries the Controlled Entities are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and the Controlled Entities have taken all necessary actions to prepare to comply with the European Union General Data Protection Regulation to the extent that it is applicable to the Company and the Controlled Entities (and all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) as soon as they take effect.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, conformance with their functional specifications and have not materially malfunctioned or failed during the operation of the business of the Company and its subsidiaries as currently conductedpast three (3) years. To the Company’s knowledge, the IT systems are free and clear of all Assets do not contain any bugs, errors, defects, Trojan horses, time bombs, malware and or other corruptants corruptants, in each case that would, individually or in the aggregate, reasonably be likely to could have a Material Adverse Effectmaterial impact on the business or operations of the Company and its subsidiaries. The Company and its subsidiaries have implemented and maintained maintain commercially reasonable controls, policies, procedures procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companysame . The Company and its subsidiaries are presently and at all times have been in material full compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationmodification (“Data Protection Requirements”), except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Neither the Company nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Data Protection Requirements, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental or regulatory authority under any Data Protection Requirement.

Cybersecurity; Data Protection. The Company’s Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, (i) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants; (ii) the Company and its subsidiaries own the IT Systems free from encumbrances and other third party rights, individually or in the aggregatecase of any IT Systems not owned by the Company or its subsidiaries, reasonably be likely to have a Material Adverse Effect. The valid license to use the IT Systems; (iii) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, (iv) there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person or supervisory authority, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to ; and (v) the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, including Data Protection Laws (as defined below). Neither the Company nor its subsidiaries have received written notification from a supervisory authority asserting a violation by the Company or its subsidiaries of the European Union General Data Protection Regulation (and all other applicable laws and regulations governing the privacy and security of Personal Data) (“Data Protection Laws”), or have received any written complaint in relation with their compliance with the Data Protection Laws.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures and safeguards to maintain and protect their material confidential information and Personal Data (defined below) and the integrity, continuous operation, redundancy integrity and security of all material IT Systems and data (including Systems. As used herein, “Personal Data” shall refer to all personally identifiable information and sensitive, confidential personal or regulated data (“Personal Data”)) that relates to an identified or identifiable natural person according to applicable law that is maintained by the Company or any of its subsidiaries and used in connection with their the Company or its subsidiaries’ respective businesses, and to . To the knowledge of the Company’s knowledge, there have been no material breaches, violations, outages or unauthorized uses of or accesses access to the samePersonal Data, except for those that have been remedied without material cost or liability to liability, nor any related incidents under investigation by a governmental or regulatory authority. To the knowledge of the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authoritylaws, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, and there is no pending, or to the knowledge of the Company, threatened, action, suit or proceeding by or before any court or governmental agency, authority or body alleging non-compliance with any applicable laws, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. (i) The Company’s Company and its subsidiariesSubsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, applications and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries Subsidiaries as currently conducted. To , and, except as would not, individually or in the Company’s knowledgeaggregate, the IT systems have a Material Adverse Effect, are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; (ii) the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, ; (iii) there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to or those that would not otherwise, individually or in the Companyaggregate, and there are no have a Material Adverse Effect, nor any incidents under internal review or investigation investigations relating to the same, ; and (iv) except for those that such non-compliance which would reasonably be expected to be able to remedied without material cost not, individually or liability to in the Company. The aggregate, have a Material Adverse Effect, the Company and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To , and to the Company’s knowledge, knowledge of the IT systems Company are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no known breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost as would not, individually or liability to in the Companyaggregate, and there are no result in a Material Adverse Change, nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. Any certificate signed by any officer of the Company or any of its subsidiaries and delivered to the Underwriters or to counsel for the Underwriters in connection with the offering of the Offered Shares shall be deemed a representation and warranty by the Company or such subsidiary, as the case may be, to each Underwriter as to the matters covered thereby. The Company acknowledges that the Underwriters and, for purposes of the opinions to be delivered pursuant to Section 6 hereof, counsel to the Company and counsel to the Underwriters, will rely upon the accuracy and truthfulness of the foregoing representations and hereby consents to such reliance.

Cybersecurity; Data Protection. The (A) To the knowledge of the Company and the Partnership, there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company’s, the Partnership’s and its or their subsidiaries’ information technology assets and equipment, computers, computer systems, networks, hardware, software, websitesdata and databases (including the data and information of their respective customers, applicationsemployees, suppliers, vendors and any third party data maintained, processed or stored by the Company, the Partnership and their subsidiaries, and databases any such data processed or stored by third parties on behalf of the Company, the Partnership and their subsidiaries), equipment or technology (collectively, “IT SystemsSystems and Data”): (B) are, in none of the Company’s reasonable belief, adequate forthe Partnership nor their subsidiaries have been notified of, and operate have no knowledge of any event or condition that would reasonably be expected to result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT Systems and perform in all material respects as required in connection withData and (C) the Company, the operation of the business of the Company Partnership and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its their subsidiaries have implemented and maintained commercially reasonable appropriate controls, policies, procedures procedures, and technological safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all their IT Systems and data (including all personally identifiable information Data reasonably consistent with industry standards and sensitivepractices, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the sameas required by applicable regulatory standards, except for those that have been remedied without material cost or liability as would not, in the case of each of (A) through (C), reasonably be expected to result in a Material Adverse Change with respect to the Company, the Partnership and there are no incidents under internal review or investigation relating to the sametheir subsidiaries, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Companyconsidered as one entity. The Company Company, the Partnership and its their subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants. Except in connection with any breaches, individually violations, outages or unauthorized uses of or accesses to same described in the aggregateRegistration Statement, reasonably be likely to have a Material Adverse Effect. The the Pricing Disclosure Package or the Prospectus, the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect in all material respects their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data confidential information (including all personal or personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, except as described in the Registration Statement, the Pricing Disclosure Package or the Prospectus, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to notify any other person. Except as described in the CompanyRegistration Statement, and there are no incidents under internal review the Pricing Disclosure Package or investigation relating to the sameProspectus, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes (including, but not limited to, the Israeli Privacy Protection Regulations, Information Security, 2017) and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations obligations, each as relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Except as may be described or incorporated by reference in the Registration Statement, the Pricing Disclosure Package and its subsidiaries’ the Prospectus or as would not have a Material Adverse Effect, the information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases owned or controlled by, or operated on behalf of, the Company, Carnival plc and their respective subsidiaries (collectively, the “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Company, Carnival plc and its their respective subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company Company, Carnival plc and its their respective subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data in their possession or control (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, nor incidents under internal review or investigation, in each case, except for as may be described in or incorporated by reference in the Registration Statement, the Pricing Disclosure Package and the Prospectus or those that have been or will be remedied without material cost or liability or the duty to the notify any other person. The Company, Carnival plc and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its their respective subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies authority and contractual obligations relating to the privacy privacy, security and security protection of the IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationData.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants, except in each case, as would not, individually or in the aggregate, reasonably be likely expected to have result in a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to in the Company’s knowledge, last three years there have been no material breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any material incidents under internal review or investigation relating or, to the knowledge of the Company and its subsidiaries, investigations related to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except in each case, as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s Except (i) as described in the Registration Statement, the Time of Sale Prospectus and the Prospectus or (ii) as would not reasonably be expected to have a Material Adverse Effect, (A) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, for and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and are, to the best knowledge of the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in corruptants; (B) the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential household or regulated data or information collected, stored or processed by the Company or its subsidiaries (“Personal Data”)) used in connection with their businesses, and ; (C) to the best knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses use or disclosure of or accesses access to the sameIT Systems and/or Personal Data, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person or governmental or regulatory authority, and there are no incidents or, to Company’s knowledge, threatened incidents under internal review or investigation investigations by governmental or regulatory authorities or other third parties relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to ; (D) the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or court, arbitrator or governmental or regulatory authority, their own internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, loss, access, processing, misappropriation or modification, including, without limitation, the European Union General Data Protection Regulation 2016/679 and/or any implementing or supplementing local law of a European Union member state, Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002, the Federal Trade Commission Act, the Health Insurance Portability and Accountability of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, the California Consumer Privacy Act and all other laws and regulations with respect to Personal Data applicable to the Company or its subsidiaries (“Privacy Laws”); (E) the Company and its subsidiaries have not received notice of any actual or potential violation of any Privacy Laws and there is no action, suit or proceeding by or before any court or governmental agency, authority or body pending or threatened against the Company or its subsidiaries alleging non-compliance with Privacy Laws; (F) the Company has provided notice of its privacy policy on its websites where required by Privacy Laws and such privacy policies do not contain any misrepresentations of the Company’s then-current privacy practices; (G) the Company and its subsidiaries has taken commercially reasonable steps to require that any Personal Data of the Company and its subsidiaries processed by authorized third parties acting on behalf of the Company or its subsidiaries is protected with similar safeguards, in each case, in compliance with applicable laws and contractual obligations; and (H) the Company and its subsidiaries have in place safeguards and measures for the international transfer of Personal Data outside the European Economic Area that are adequate and comply with Privacy Laws.

Cybersecurity; Data Protection. The Company’s Except as would not reasonably be expected to have a Material Adverse Effect, (i) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To conducted as described in the Registration Statement, the Pricing Disclosure Package and the Prospectus, and (ii) to the Company’s knowledge, the such IT systems Systems are free and clear of all not infected by viruses, bugs, errorsmalware, defects, Trojan horses, time bombs, malware and disabling code or other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectharmful code. The Company and its subsidiaries have implemented taken commercially reasonable actions, consistent with current industry standards and maintained their obligations to third parties, to implement and maintain commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material trade secrets and confidential information and the integrity, continuous operation, redundancy integrity and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries subsidiaries, taken as a whole, are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; and the Company and its subsidiaries have implemented backup and disaster recovery technology reasonably consistent with industry standards and practices, except to the extent that any inconsistency would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s Except as would not reasonably be expected to have a Material Adverse Effect, (i) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted. To conducted as described in the Registration Statement, the Pricing Disclosure Package and the Prospectus, and (ii) to the Company’s knowledge, the such IT systems Systems are free and clear of all not infected by viruses, bugs, errorsmalware, defects, Trojan horses, time bombs, malware and disabling code or other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectharmful code. The Company and its subsidiaries have implemented taken commercially reasonable actions, consistent with current industry standards and maintained their obligations to third parties, to implement and maintain commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material trade secrets and confidential information and the integrity, continuous operation, redundancy integrity and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries subsidiaries, taken as a whole, are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification; and the Company and its subsidiaries have implemented backup and disaster recovery technology reasonably consistent with industry standards and practices, except to the extent that any inconsistency would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or |US-DOCS\149255760.3|| regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all necessary actions to prepare to comply with the European Union General Data Protection Regulation (and all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) as soon they take effect, except as has not and would not reasonably be expected to result in liability material to the Company and its subsidiaries, taken as a whole.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all necessary actions to prepare to comply with the European Union General Data Protection Regulation (and all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) as soon they take effect, except as has not and would not reasonably be expected to result in liability material to the Company and its subsidiaries, taken as a whole.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and as proposed to be conducted as described in the Company’s knowledgeRegistration Statement and the Prospectus, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants, except in each case as would not, individually or in the aggregate, reasonably be likely expected to have a Material Adverse Effect. The Company and its subsidiaries have at all times implemented and maintained commercially reasonable all reasonably necessary controls, policies, procedures procedures, and safeguards consistent with industry standards and practices for similarly situated companies to maintain and protect their material confidential information and the integrity, availability, privacy, continuous operation, redundancy and security of all IT Systems and data (including all Personal Data, personally identifiable information and identifiable, sensitive, confidential or regulated data data) (“Personal Company Data”)) used in connection with their respective businesses, and to the Company’s knowledge, there have been no breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to the same, except for those that have been remedied without material cost in each case as would not, individually or liability to in the Companyaggregate, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to have a Material Adverse Effect. Except in each case as would not, individually or in the aggregate, reasonably be able expected to remedied without material cost or liability to have a Material Adverse Effect, the Company. The Company and its subsidiaries are presently and, at all times, have been in material compliance with all (i) applicable laws or statutes and all laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority, ; and (ii) internal policies and contractual obligations obligations, each (i) and (ii) relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationCompany Data.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, including, without limitation, those owned, licensed or ​ otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, cloud resources, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conductedconducted and as proposed to be conducted as described in the Registration Statement and the Prospectus. To the Company’s knowledge, the The IT systems Systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants corruptants, in each case that would, individually or in the aggregate, may reasonably be likely expected to have a Material Adverse Effect. The Company and its subsidiaries have has at all times implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards (including contractual obligations on third party service providers) to maintain and protect their material confidential information and the integrity, availability, privacy, continuous operation, redundancy and security of all essential IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data data) (“Personal Company Data”)) used in connection with their businesses, and to the Company’s knowledge, there its business. There have been no material breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any such actual or reasonably suspected incidents under internal review or investigation investigations relating to the same. The Company has no knowledge of any event, except for those circumstances, or condition that would reasonably be expected to be able to remedied without material cost result in such breach, violation, outage, compromise, or liability unlawful or unauthorized acquisition of, disclosure of, use of or access to the CompanyCompany Data. The Company and its subsidiaries are presently are, and since their inception have been, in material compliance with all (i) applicable laws or statutes and all laws, industry standards, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority; (ii) internal policies, internal policies and (iii) contractual obligations obligations, each (i) -(iii) relating to the privacy and security of IT Systems and Personal Company Data and to the protection of such IT Systems and Personal Company Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (including the data of their respective customers, employees, suppliers, vendors and any third party data maintained by or on behalf of the Company and its subsidiaries) (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To and to the Company’s knowledge, knowledge of the IT systems Company are free and clear of all material bugs, errors, errors ,defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards necessary to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses. Without limiting the foregoing, the Company and its subsidiaries have used reasonable efforts to establish, maintain, implement and comply with reasonable information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical safeguards and business continuity/disaster recovery and security plans that are designed to protect against and prevent breach, destruction, loss, unauthorized distribution, use, access, disablement, misappropriation or modification, or other compromise or misuse of or relating to any information technology system or Data used in connection with the operation of the Company’s knowledge, and its subsidiaries’ businesses (“Breach”) and there have has been no breaches, violations, outages such Breach. The Company and its subsidiaries have not been notified of and have no knowledge of any event or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability to the Company, and there are no incidents under internal review or investigation relating to the same, except for those condition that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgmentsresult in, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationBreach.

Cybersecurity; Data Protection. The Company’s Company and its subsidiariesSubsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries Subsidiaries as currently conducted. To the knowledge of the Company’s knowledge, the IT systems Systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually designed to permit unauthorized access or in the aggregate, reasonably be likely to have a Material Adverse Effectactivity. The Company and its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and and, to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch IT Systems or Personal Data, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost such IT Systems or liability to the CompanyPersonal Data. The Company and its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or statutes applicable to the Company or its Subsidiaries and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authorityauthority having jurisdiction over the Company or its Subsidiaries, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are commercially reasonably adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all material IT Systems and data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, knowledge there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any material incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except as would not, individually or in the aggregate have a Material Adverse Effect. Any certificate signed by an officer of the Company and delivered to Xxxxx or to counsel for Xxxxx shall be deemed to be a representation and warranty by the Company to Xxxxx as to the matters set forth therein. The Company acknowledges that Xxxxx and, for purposes of the opinions to be delivered pursuant to Section 7 hereof, counsel to the Company and counsel to Xxxxx, will rely upon the accuracy and truthfulness of the foregoing representations and hereby consents to such reliance.

Cybersecurity; Data Protection. The Company’s Except as disclosed in the Registration Statement, the Pricing Disclosure Package and the Prospectus, (i) the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , are, to the knowledge of the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their protect, in all material confidential information and respects, the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no material breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any material incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all necessary actions to prepare to comply, in all material respects, with the European Union General Data Protection Regulation (and to prepare to comply with all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) as soon they take effect.

Cybersecurity; Data Protection. The Company’s Except as disclosed in the Registration Statement and the Prospectus or as would not, individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect, (i) the Company and each of its subsidiariesSubsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases used to process, store, maintain and operate data, information and functions (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and each of its subsidiaries Subsidiaries as currently conducted. To , (ii) the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and each of its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards reasonably consistent with industry standards and practices, or as required by applicable regulatory standards, to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and (iii) to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch IT Systems, except for those that have been remedied without material cost or liability and (iv) to the Company’s knowledge, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and each of its subsidiaries Subsidiaries are presently in material compliance with all applicable laws or laws, statutes and all regulations and any judgments, orders, orders or rules and regulations of any court or court, arbitrator or governmental regulatory authority having lawful jurisdiction over the Company or regulatory authorityany of its Subsidiaries, internal policies and any contractual obligations relating to the privacy and security of such IT Systems Systems. The Company acknowledges that the Agents, the Forward Sellers and Personal Data the Forward Purchasers and, for purposes of the opinions to be delivered pursuant to Sections 5 and 6 hereof, counsel to the protection Company and counsel to the Agents, the Forward Sellers and the Forward Purchasers, will rely upon the accuracy and truthfulness of the foregoing representations and hereby consents to such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationreliance.

Cybersecurity; Data Protection. The Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of, to the knowledge of the Company, all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that wouldcorruptants. Except as would not reasonably be expected, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The , (i) the Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and all personal data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used maintained or processed by the Company and its subsidiaries in connection with their businessesbusinesses (collectively, the “Confidential Data”), and (ii) to the knowledge of the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samesuch Confidential Data, except for those that have been remedied without material cost or liability or the duty to notify any other person. Except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, to the knowledge of the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, and all internal policies and contractual obligations relating to of the Company and its subsidiaries, governing the privacy and security of IT Systems and Personal Confidential Data and to the protection of such IT Systems and Personal Confidential Data from unauthorized use, access, misappropriation or modification. Any certificate signed by an officer of the Company and delivered to the Agents, or to counsel for the Agents, pursuant to or in connection with this Agreement, shall be deemed to be a representation and warranty by the Company to the Agents as to the matters set forth therein.

Cybersecurity; Data Protection. The Company’s Except as would not reasonably be expected to result in a Material Adverse Change, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To , and to the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to except as has been disclosed in the Company’s knowledgeRegistration Statement and the Prospectus, there have been no breaches, violations, outages or known unauthorized uses of or known accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries have complied, and are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, and all industry guidelines, standards, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except where the failure to be in compliance would not reasonably be expected to result in a Material Adverse Change. The Company and its subsidiaries have implemented backup and disaster recovery technology consistent with industry standards and practice.

Cybersecurity; Data Protection. The Company’s Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, except for those that have been remedied without material cost or liability or the duty to the Companynotify any other person, and there are no nor any incidents under internal review or investigation investigations relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The Company and its subsidiaries have taken all necessary actions to comply with all applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability, as soon they take effect.

Cybersecurity; Data Protection. The Company’s Except as may be described in the Registration Statement, the Pricing Disclosure Package and its subsidiaries’ the Prospectus or as would not have a Material Adverse Effect, the information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases owned or controlled by, or operated on behalf of, the Company, Carnival plc and their respective subsidiaries (collectively, the “IT Systems”) are, in the Company’s reasonable belief, adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company Company, Carnival plc and its their respective subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company Company, Carnival plc and its their respective subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data in their possession or control (including all personal, personally identifiable information and identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the same, nor incidents under internal review or investigation, in each case, except for those that have been remedied without material cost or liability or the duty to the notify any other person. The Company, Carnival plc and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its their respective subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies authority and contractual obligations relating to the privacy privacy, security and security protection of the IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modificationData.

Cybersecurity; Data Protection. The (A) To the knowledge of the Company, there has been no security breach or incident, unauthorized access or disclosure, or other compromise of the Company’s and its subsidiariesor the Subsidiaries’ information technology assets and equipment, computers, computer systems, networks, hardware, software, websitesdata and databases (including the data and information of their respective tenants, applicationscustomers, employees, suppliers, vendors and any third-party data maintained, processed or stored by the Company and the Subsidiaries, and databases any such data processed or stored by third parties on behalf of the Company and the Subsidiaries), equipment or technology (collectively, “IT SystemsSystems and Data”); (B) are, in neither the Company’s reasonable belief, adequate forCompany nor the Subsidiaries have been notified of, and operate have no knowledge of, any event or condition that would result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT Systems and perform in all material respects as required in connection with, the operation of the business of Data; and (C) the Company and its subsidiaries as currently conducted. To the Company’s knowledge, the IT systems are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effect. The Company and its subsidiaries Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures and technological safeguards to maintain and protect their protect, in all material confidential information and respects, the integrity, continuous operation, redundancy and security of all their IT Systems and data (including all personally identifiable information Data reasonably consistent with industry standards and sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and to the Company’s knowledge, there have been no breaches, violations, outages or unauthorized uses of or accesses to the samepractices, except with respect to clauses (A) and (B), for those that any such security breach or incident, unauthorized access or disclosure, or other compromises, as would not have been remedied without a material cost or liability to adverse effect on the Company, and there are no incidents under internal review or investigation relating to the same, except for those that would reasonably be expected to be able to remedied without material cost or liability to the Company. The Company and its subsidiaries the Subsidiaries, taken as a whole. Except as would not have a material adverse effect on the Company and the Subsidiaries, taken as a whole, the Company and the Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Cybersecurity; Data Protection. The Company’s and its subsidiaries’ information technology assets and equipment, including, without limitation, those owned, licensed or otherwise used (excluding any public networks), such as its data communications lines, computers, systems, networks, hardware, servers, software, websites, applications, and databases (collectively, “IT Systems”) are, in the Company’s reasonable belief, are adequate for, and operate and perform in all material respects as required in connection with, with the operation of the business of the Company and its subsidiaries as currently conducted. To conducted and as proposed to be conducted as described in the Company’s knowledge, the IT systems are SEC Filings free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants that would, individually or in the aggregate, reasonably be likely to have a Material Adverse Effectcorruptants. The Company and its subsidiaries have has at all times implemented and maintained commercially reasonable and appropriate controls, policies, procedures procedures, and safeguards consistent with industry standards and practices for similarly situated companies to maintain and protect their material confidential information and the integrity, availability, privacy, continuous operation, redundancy and security of all IT Systems and data (including all personally identifiable information and sensitive, confidential or regulated data and all data that comes within a definition of “personal information,” “personal data” or other similar term under Data Protection Requirements) (collectively, “Personal Company Data”)) used in connection with their businessesbusiness, and to the Company’s knowledge, there have been no breaches, violations, outages outages, compromises, or unlawful or unauthorized acquisitions of, disclosures of, uses of or accesses to the same, except for those that in each case as would not, individually or in the aggregate, reasonably be expected to have been remedied without a material cost or liability to impact on the CompanyCompany and its Subsidiary, and there considered as a whole. There are no privacy or security incidents under internal review or investigation investigations relating to the samesame that would, except for those that would individually or in the aggregate, reasonably be expected to be able to remedied without have a material cost or liability to impact on the Company. The Company and its subsidiaries are Subsidiary, considered as a whole. Except in each case as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company is presently and, at all times, has been in material compliance with all (i) applicable laws or statutes and all laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or court, arbitrator, governmental or regulatory authority, ; and (ii) internal policies and contractual obligations obligations, each (i) and (ii) relating to the privacy and security of IT Systems and Personal Company Data and to the protection of such IT Systems and Personal (“Data from unauthorized use, access, misappropriation or modificationProtection Requirements”).