Common use of Data Privacy and Information Security Clause in Contracts

Data Privacy and Information Security. (a) The Borrower and its Subsidiaries maintain appropriate data security policies, processes, and controls and an appropriate comprehensive privacy program, all of which meet or exceed any requirements of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present time. None of the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptive, and the contemplated transactions to be consummated hereunder as of the Closing will not violate any privacy statements, other consumer-facing disclosures or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against the Borrower or its Subsidiaries with respect to privacy or data security, and, to the knowledge of the Borrower, neither the Borrower nor any Subsidiary nor any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information. (b) The Borrower and its Subsidiaries have contractually obligated all Data Processors to commercially reasonable contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance with applicable Privacy Laws in all material respects, (ii) implementation of a commercially reasonable information security program that includes administrative, technical, and physical safeguards to protection the applicable data and/or systems, (iii) restricting processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying or guaranteeing the return or adequate disposal or destruction of Personal Data. The Borrower and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow and the Subsidiaries in all material respects. To the knowledge of the Borrower, neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower and its Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates and sufficient to maintain the operation of the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower and the Subsidiaries. (d) The Borrower, its Subsidiaries, and, to the knowledge of Borrower, any Data Processors have implemented and maintained organizational, physical, administrative and technical measures consistent with generally accepted standards for the industry in which the Borrower operates to protect the operation, confidentiality, integrity, and security of all Confidential Business Information, Personal Data and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) against unauthorized access, acquisition, interruption, alteration, modification, or use. To the knowledge of the Borrower, no Person has obtained unauthorized access to or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 months. (e) The Borrower and its Subsidiaries have taken or caused to be taken commercially reasonable precautions to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, and (ii) are fully functional and operate and run in a commercially reasonable manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material disruption or material interruption in the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow and the Subsidiaries.

Data Privacy and Information Security. (a) The Borrower Company and its Subsidiaries maintain industry appropriate data security policies, processes, and controls and an industry appropriate comprehensive privacy program, all of which meet or exceed any comply with the requirements of applicable Applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present time. None of the BorrowerCompany’s or any Subsidiary’s privacy statements or disclosures have been in the past five (5) years or are misleading or deceptivedeceptive in any material respect, and the contemplated transactions to be consummated hereunder as of the Closing Effective Date or on the First Purchaser Payment Date, the Second Purchaser Payment Date or the Third Purchaser Payment Date will not violate any privacy statementsstatements of the Company, other consumer-facing disclosures or of the Company or, to the Knowledge of the Company any Applicable Laws, in each case in any material respect. There is not currently pending and there has not been in the past five (5) years any action, proceeding, suit or claim against the Borrower Company or its Subsidiaries with respect to privacy or data security, and, to the knowledge Knowledge of the BorrowerCompany, neither none of the Borrower nor Company or any Subsidiary nor any Products Product Assets have experienced in the past five (5) years any material security incident breach in which an unauthorized party accessed or acquired Personal Data Data, IT Assets or Confidential Business Information. (b) The Borrower Company and its Subsidiaries have contractually obligated all material Data Processors that process Personal Data on behalf of the Company or any of its Subsidiaries to commercially reasonable contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance comply with applicable Privacy Laws in all material respects, (ii) implementation of a commercially reasonable information security program that includes administrative, technical, and physical safeguards to protection the applicable data and/or systems, (iii) restricting processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying or guaranteeing the return or adequate disposal or destruction of Personal DataLaws. The Borrower Company and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower Company and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow Company and the Subsidiaries in all material respectsSubsidiaries. To the knowledge Knowledge of the BorrowerCompany, neither the IT Assets nor any Products Core Assets contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower Company and its Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted industry standards for (given the industry in which nature and size of the Borrower operates business of the Company and its Subsidiaries), and sufficient to reasonably maintain the operation of the business of the Borrower Company and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower Company and the Subsidiaries. (d) The Borrower, Company and its Subsidiaries, and, to the knowledge of Borrower, any Data Processors Subsidiaries have implemented and maintained reasonable and appropriate organizational, physical, administrative and technical measures consistent with generally accepted standards for the industry in which the Borrower Company operates and with the nature and size of the business of the Company and its Subsidiaries to protect the operation, confidentiality, integrity, and security of all Confidential Business Information, Personal Data and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) against unauthorized access, acquisition, interruption, alteration, modification, or use. To the knowledge of the Borrower, no Person has obtained unauthorized access to or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 months. (e) The Borrower Company and its Subsidiaries have taken or caused to be taken all commercially reasonable precautions consistent with the nature and size of the business of the Company and its Subsidiaries to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other material defect, and (ii) are fully functional and operate and run in a commercially reasonable and efficient business manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material disruption or material interruption in the BorrowerCompany’s or any Subsidiary’s use thereof or to the business of the Borrow Company and the Subsidiaries.

Data Privacy and Information Security. (a) The Borrower and its the Subsidiaries maintain appropriate data security policies, processes, and controls and an appropriate appropriate, comprehensive privacy program, all of which meet or exceed any requirements of applicable Law in all material respectsLaw. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present time. None of the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptive, and the contemplated transactions to be consummated hereunder as of the Closing Date will not violate any privacy statements, other consumer-facing disclosures or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against the Borrower or its the Subsidiaries with respect to privacy or data security, and, to the knowledge of the Borrower, neither none of the Borrower nor or any Subsidiary nor or any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information. (b) The Borrower and its the Subsidiaries have contractually obligated all Data Processors to commercially reasonable appropriate contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance comply with applicable Privacy Laws in all material respectsLaws, (ii) implementation of a commercially reasonable implement an appropriate information security program that includes reasonable administrative, technical, and physical safeguards to protection the applicable data and/or systems, (iii) restricting restrict processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying certify or guaranteeing guarantee the return or adequate disposal or destruction of Personal Data. The Borrower and its the Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow Borrower and the Subsidiaries in all material respectsSubsidiaries. To the knowledge of the Borrower, neither Neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower and its the Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates standards, and sufficient to reasonably maintain the operation of the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower and the Subsidiaries. (d) The Borrower, its the Subsidiaries, and, to the knowledge of Borrower, and any Data Processors have implemented and maintained reasonable and appropriate organizational, physical, administrative and technical measures consistent with generally accepted standards the state of the art for the industry in which the Borrower or any Subsidiary operates to protect the operation, confidentiality, integrity, and security of all Confidential Business Information, Personal Data and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) against unauthorized access, acquisition, interruption, alteration, modification, or use. To the knowledge of the Borrower, no No Person has obtained unauthorized access to or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 monthsAssets. (e) The Borrower and its the Subsidiaries have taken or caused to be taken commercially all reasonable precautions to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, and (ii) are fully functional and operate and run in a commercially reasonable and efficient business manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material substantial disruption or material substantial interruption in the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow Borrower and the Subsidiaries.

Data Privacy and Information Security. (a) The Borrower and its Subsidiaries maintain appropriate data security policies, processes, and controls and an appropriate appropriate, comprehensive privacy program, all of which meet or exceed any requirements of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each Each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present timetime has been delivered to the Lender. None of the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptivedeceptive in any material respect, and the contemplated transactions to be consummated hereunder as of the Closing Date will not violate any privacy statements, other consumer-facing disclosures or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against the Borrower or its Subsidiaries with respect to privacy or data security, and, to the knowledge of the Borrower, neither the Borrower nor any Subsidiary nor any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information. (b) The Borrower and its Subsidiaries have contractually obligated all Data Processors to commercially reasonable contractual terms that are appropriate in all material respects for contracts relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance comply with applicable Privacy Laws in all material respectsLaws, (ii) implementation of a commercially reasonable implement an appropriate information security program that includes reasonable administrative, technical, and physical safeguards to protection the applicable data and/or systems, (iii) restricting restrict processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying certify or guaranteeing guarantee the return or adequate disposal or destruction of Personal Data. The Borrower and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied in all material respects with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary in all material respects to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow Borrower and the Subsidiaries in all material respectsSubsidiaries. To the knowledge of the Borrower’s knowledge, neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower and its Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates standards, and sufficient to reasonably maintain the operation of the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower and the Subsidiaries. (d) The Borrower, its Subsidiaries, and, to the knowledge of Borrower, and any Data Processors have implemented and maintained reasonable and appropriate in all material respects organizational, physical, administrative and technical measures consistent with generally accepted industry standards for the industry in which the Borrower operates to protect the operation, confidentiality, integrity, and security of all Confidential Business Information, Personal Data and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) against unauthorized access, acquisition, interruption, alteration, modification, or use. To the knowledge of the BorrowerExcept as set forth on Schedule 6.23(d), no Person has obtained unauthorized access to or use of any Confidential Business Informationinformation, Personal Data and or IT Assets in the past 24 monthsAssets. (e) The Borrower and its Subsidiaries have taken or caused to be taken commercially all reasonable precautions to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, and (ii) are fully functional and operate and run in a commercially reasonable and efficient business manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material substantial disruption or material substantial interruption in the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow Borrower and the Subsidiaries.

Data Privacy and Information Security. 12.1 To the extent that Company or Company’s Affiliates provides to Service Provider, or Service Provider otherwise accesses Personal Data (aas defined below) The Borrower about Company’s employees, customers, or other individuals in connection with this Agreement, Service Provider represents and warrants that: (i) Service Provider will only use Personal Data for the purposes of fulfilling its Subsidiaries maintain appropriate data security policies, processesobligations or exercising its rights under the Agreement, and controls Service Provider will not disclose or otherwise process such Personal Data except upon Company’s instructions in writing or for the purposes of fulfilling its obligations under the Agreement; (ii) Service Provider will notify Company in writing and obtain Company’s consent before sharing any Personal Data with any government authorities or other third parties (if legally permissible); and (iii) it has and will continue to have during the term of this Agreement an appropriate comprehensive adequate and current Safe Harbor certification with the United States Department of Commerce applicable to the Personal Data (“Safe Harbor Certification”), will provide Company with no less than ninety (90) days written notice (in accordance with Section 14.4 herein) prior to any date on which the Safe Harbor Certification ends (“Safe Harbor Certification End Date”), and will promptly execute any supplemental privacy programand security terms as Company may direct in its sole judgment prior to any such Safe Harbor Certification End Date, all including but not limited to the Standard Contractual Clauses for the Transfer of which meet Personal Data to Processors established in Third Countries, dated 5 February 2010 (2010/87/EU) as amended from time to time and other forms of data transfer agreements as may be required for cross-border data transfers outside the EU; and (iv) Service Provider agrees to adhere to additional contractual terms and conditions related to Personal Data as Company may instruct in writing that Company deems necessary, in its reasonable discretion, to address applicable data protection, privacy, or exceed any requirements information security laws or requirements.; and (iv) Service Provider agrees to adhere to additional contractual terms and conditions related to Personal Data as Company may instruct in writing that Company deems necessary, in its sole discretion, to address applicable data protection, privacy, or information security laws or requirements. [OF Internal Note: Xxxx should weigh in on the following, if he needs Xxxxxxxx to also weigh in, ask her. I think it is probably okay or close to okay.]Notwithstanding the foregoing, Service Provider shall have the right to collect and analyze data and other information relating to the provision, use and performance of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present time. None various aspects of the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptiveProducts and Services and related systems and technologies, and Service Provider will be free to (i) use such information and data (during and after the contemplated transactions Term) solely in an aggregate or other de-identified form (that does not and cannot be used to be consummated hereunder as of the Closing will not violate identify any privacy statements, other consumer-facing disclosures or Laws. There individual and it is not currently pending associated with the Company) to improve and there has enhance the Products and Services and for other development, diagnostic and corrective purposes in connection with the Products and Services and other Service Provider offerings, and (ii) disclose such data solely in aggregate or other de-identified form (that does not been identify and cannot be used to identify any individual and is not associated with the Company) in connection with its business. [MM Internal Note: OK. Confirm with Xxxxxxxx.] 12.2 In the past five years event that (i) Service Provider discovers any actionConfidential Information or Personal Data is disclosed by Service Provider (including its agents or subcontractors), proceeding, suit in violation of this Agreement or claim against the Borrower or its Subsidiaries with respect applicable laws pertaining to privacy or data security, or (ii) Service Provider (including its agents or Subcontractors) discovers, is notified of, or suspectsof, or suspects that unauthorized access, acquisition, disclosure or use of Confidential Information or Personal Data has occurred (“Security Incident”), Service Provider shall notify Company immediately promptly in writing of any such Security Incident. Service Provider shall cooperate fully in the investigation of the Security Incident, and, to the knowledge extent such Security Incident is caused by Service Provider, Service Provider shall indemnify and hold Company harmless for any and all damages, losses, fees or costs payable to any third party and (whether direct, indirect, special or consequential) incurred from any third party claims (whether direct, indirect, special or consequential) as a result of such Security Incident,. provided that Company promptly notifies Service Provider in writing of such claim, permits Service Provider sole control of the Borrowerdefense and settlement thereof, neither and Company cooperates in the Borrower nor defense thereof at Service Provider’s request and expenseThe foregoing shall be subject to Section 10.3 herein; provided that for the avoidance of doubt, any Subsidiary nor such claims that may arise from government agencies or other third parties that are not subject to defense shall not be subject to Section 10.3 herein, and remedy any Products have experienced harm or potential harm caused by such Security Incident. 12.3 To the extent that a Security Incident gives rise to a need, in Company’s sole judgment, to provide (A) notification to public authorities, individuals, or other persons, or (B) undertake other remedial measures (including, without limitation, notice, credit monitoring services and the establishment of a call center to respond to inquiries (each of the foregoing a "Remedial Action")), at Company’s request, Service Provider shall, at Service Provider’s cost, cooperate with Company in undertaking such Remedial Actions. The timing, content and manner of effectuating any security incident notices shall be determined by Company in which an unauthorized party accessed its sole discretion.Intentionally xxxxxxx.Xx the extent that a Security Incident gives rise to a need, in Company’s sole judgment, to provide (A) notification to public authorities, individuals, or acquired other persons, or (B) undertake other remedial measures (including, without limitation, notice, credit monitoring services and the establishment of a call center to respond to inquiries (each of the foregoing a "Remedial Action")), at Company’s request, Service Provider shall, at Service Provider’s cost, undertake such Remedial Actions. The timing, content and manner of effectuating any notices shall be determined by Company in its sole discretion. 12.4 [OF Internal Note: Xxxx][MM Internal Note: see edits]To the extent that Company provides to Service Provider, or Service Provider otherwise accesses Confidential Information or Personal Data about Company’s employees, customers, or Confidential Business Information. (b) The Borrower and its Subsidiaries have contractually obligated all Data Processors to commercially reasonable contractual terms relating to the protection and use of Personal Data and IT Assetsother individuals in connection with this Agreement, including without limitation obligations substantially similar to the following: (i) compliance with applicable Privacy Laws in all material respects, (ii) implementation of Service Provider shall implement a commercially reasonable written information security program programpractices (“Information Security Program”) that includes administrative, technical, and physical safeguards to protection the applicable data and/or systems, (iii) restricting processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying or guaranteeing the return or adequate disposal or destruction of Personal Data. The Borrower and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow and the Subsidiaries in all material respects. To the knowledge of the Borrower, neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower and its Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for : ensure the industry in which the Borrower operates and sufficient to maintain the operation of the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower and the Subsidiaries. (d) The Borrower, its Subsidiaries, and, to the knowledge of Borrower, any Data Processors have implemented and maintained organizational, physical, administrative and technical measures consistent with generally accepted standards for the industry in which the Borrower operates to protect the operation, confidentiality, integrity, and security availability of all Confidential Business InformationInformation and Personal Data, protect against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of the Confidential Information and Personal Data Data, and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) protect against unauthorized access, acquisitionuse, interruptiondisclosure, alteration, modification, or use. To the knowledge destruction of the BorrowerConfidential Information and Personal Data. In particular, no Person has obtained unauthorized access the Service Provider’s Information Security Program shall include, but not be limited, to or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 months. (e) The Borrower and its Subsidiaries have taken or caused to be taken following safeguards where commercially reasonable precautions appropriate or necessarypursuant to industry standards to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, the protection of Confidential Information and (ii) are fully functional and operate and run in a commercially reasonable manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material disruption or material interruption in the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow and the Subsidiaries.Personal Data:

Data Privacy and Information Security. 12.1 To the extent that Company or Company’s Affiliates provides to Service Provider, or Service Provider otherwise accesses Personal Data (aas defined below) The Borrower about Company’s employees, customers, or other individuals in connection with this Agreement, Service Provider represents and warrants that: (i) Service Provider will only use Personal Data for the purposes of fulfilling its Subsidiaries maintain appropriate data security policies, processesobligations under the Agreement, and controls Service Provider will not disclose or otherwise process such Personal Data except upon Company’s instructions in writing; (ii) Service Provider will notify Company in writing and obtain Company’s consent before sharing any Personal Data with any government authorities or other third parties; (iii) it has and will continue to have during the term of this Agreement an appropriate comprehensive privacy programadequate and current Safe Harbor certification with the United States Department of Commerce applicable to the Personal Data (“Safe Harbor Certification”), all of will provide Company with no less than ninety (90) days written notice (in accordance with Section 14.4 herein) prior to any date on which meet or exceed any requirements of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program Safe Harbor Certification ends (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present time. None of the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptive“Safe Harbor Certification End Date”), and will promptly execute any supplemental privacy and security terms as Company may direct in its sole judgment prior to any such Safe Harbor Certification End Date, including but not limited to the contemplated transactions Standard Contractual Clauses for the Transfer of Personal Data to be consummated hereunder Processors established in Third Countries, dated 5 February 2010 (2010/87/EU) as amended from time to time; and (iv) Service Provider agrees to adhere to additional contractual terms and conditions related to Personal Data as Company may instruct in writing that Company deems necessary, in its sole discretion, to address applicable data protection, privacy, or information security laws or requirements. 12.2 In the event that (i) any Confidential Information or Personal Data is disclosed by Service Provider (including its agents or subcontractors), in violation of the Closing will not violate any privacy statements, other consumer-facing disclosures this Agreement or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against the Borrower or its Subsidiaries with respect applicable laws pertaining to privacy or data security, and, to the knowledge of the Borrower, neither the Borrower nor any Subsidiary nor any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information. (b) The Borrower and its Subsidiaries have contractually obligated all Data Processors to commercially reasonable contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance with applicable Privacy Laws in all material respects, (ii) implementation Service Provider (including its agents or Subcontractors) discovers, is notified of, or suspects that unauthorized access, acquisition, disclosure or use of Confidential Information or Personal Data has occurred (“Security Incident”), Service Provider shall notify Company immediately in writing of any such Security Incident. Service Provider shall cooperate fully in the investigation of the Security Incident, indemnify and hold Company harmless for any and all damages, losses, fees or costs (whether direct, indirect, special or consequential) incurred as a result of such Security Incident, and use commercially reasonable means to remedy any harm or potential harm caused by such Security Incident. 12.3 To the extent that a Security Incident gives rise to a need, in Company’s sole judgment, to provide (A) notification to public authorities, individuals, or other persons, or (B) undertake other remedial measures (including, without limitation, notice, credit monitoring services and the establishment of a commercially call center to respond to inquiries (each of the foregoing a "Remedial Action")), at Company’s request, Service Provider shall, at Service Provider’s cost, undertake such Remedial Actions. The timing, content and manner of effectuating any notices shall be determined by Company in its sole reasonable discretion. 12.4 To the extent that Company provides to Service Provider, or Service Provider otherwise accesses Confidential Information or Personal Data about Company’s employees, customers, or other individuals in connection with this Agreement, Service Provider shall implement a written information security program (“Information Security Program”) that includes administrative, technical, and physical safeguards to protection that ensure the applicable data and/or systems, (iii) restricting processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying or guaranteeing the return or adequate disposal or destruction of Personal Data. The Borrower and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow and the Subsidiaries in all material respects. To the knowledge of the Borrower, neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower and its Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates and sufficient to maintain the operation of the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower and the Subsidiaries. (d) The Borrower, its Subsidiaries, and, to the knowledge of Borrower, any Data Processors have implemented and maintained organizational, physical, administrative and technical measures consistent with generally accepted standards for the industry in which the Borrower operates to protect the operation, confidentiality, integrity, and security availability of all Confidential Business InformationInformation and Personal Data, protect against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of the Confidential Information and Personal Data Data, and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) protect against unauthorized access, acquisitionuse, interruptiondisclosure, alteration, modification, or use. To the knowledge destruction of the BorrowerConfidential Information and Personal Data. In particular, no Person has obtained unauthorized access the Service Provider’s Information Security Program shall include, but not be limited, to the following safeguards where appropriate or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 months. (e) The Borrower and its Subsidiaries have taken or caused to be taken commercially reasonable precautions necessary to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, the protection of Confidential Information and (ii) are fully functional and operate and run in a commercially reasonable manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material disruption or material interruption in the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow and the Subsidiaries.Personal Data:

Data Privacy and Information Security. (a) The Parent, the Borrower and its the Subsidiaries maintain appropriate data security policies, processes, and controls and an appropriate appropriate, comprehensive privacy program, all of which meet or exceed any requirements of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present timeLaw. None of the Parent’s, the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptive, and the contemplated transactions to be consummated hereunder as of the Closing Date will not violate any privacy statements, other consumer-facing disclosures or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against the Parent, the Borrower or its the Subsidiaries with respect to privacy or data security, and, to the knowledge of the Parent and the Borrower, neither none of the Parent, the Borrower nor or any Subsidiary nor or any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information. (b) The Parent, the Borrower and its the Subsidiaries have contractually obligated all Data Processors to commercially reasonable appropriate contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance comply with applicable Privacy Laws in all material respectsLaws, (ii) implementation of a commercially reasonable implement an appropriate information security program that includes reasonable administrative, technical, and physical safeguards to protection protect the applicable data and/or systems, (iii) restricting restrict processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying certify or guaranteeing guarantee the return or adequate disposal or destruction of Personal Data. The Parent, the Borrower and its the Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Parent, the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow Parent, the Borrower and the Subsidiaries in all material respectsSubsidiaries. To the knowledge of the Borrower, neither Neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Parent, the Borrower and its the Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates standards, and sufficient to reasonably maintain the operation of the business of the Parent, the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Parent, the Borrower and the Subsidiaries. (d) The Parent, the Borrower, its the Subsidiaries, and, to the knowledge of Borrower, and any Data Processors have implemented and maintained reasonable and appropriate organizational, physical, administrative and technical measures consistent with generally accepted standards the state of the art for the industry in which the Parent, the Borrower or any Subsidiary operates to protect the operation, confidentiality, integrity, and security of all Confidential Business Information, Personal Data and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) against unauthorized access, acquisition, interruption, alteration, modification, or use. To the knowledge of the Borrower, no No Person has obtained unauthorized access to or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 monthsAssets. (e) The Parent, the Borrower and its the Subsidiaries have taken or caused to be taken commercially all reasonable precautions to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, and (ii) are fully functional and operate and run in a commercially reasonable and efficient business manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material substantial disruption or material substantial interruption in the Parent’s, the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow Parent, the Borrower and the Subsidiaries.

Data Privacy and Information Security. (a) The Borrower Parent and its the Subsidiaries maintain appropriate data security policies, processes, and controls and an appropriate appropriate, comprehensive privacy program, all of which meet or exceed any program that materially complies with the requirements of applicable Law in all material respectsLaw. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower Parent or a Subsidiary at present time. None of the BorrowerParent’s or any Subsidiary’s privacy statements or disclosures have been or are materially misleading or deceptive, and the contemplated transactions to be consummated hereunder as of the Closing Date will not violate any privacy statements, other consumer-facing disclosures or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against Parent or the Borrower or its Subsidiaries with respect to privacy or data security, and, to the knowledge of Parent or the Borrower, neither the Borrower nor none of Parent or any Subsidiary nor or any Products have experienced any material security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information. (b) The Borrower Parent and its the Subsidiaries have contractually obligated all Data Processors to commercially reasonable appropriate contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance comply with applicable Privacy Laws in all material respectsLaws, (ii) implementation of a commercially reasonable implement an appropriate information security program that includes reasonable administrative, technical, and physical safeguards to protection the applicable data and/or systems, (iii) restricting restrict processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying certify or guaranteeing guarantee the return or adequate disposal or destruction of Personal Data. The Borrower Parent and its the Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower Parent and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow Parent and the Subsidiaries in all material respectsSubsidiaries. To the knowledge of Parent's and the Borrower’s knowledge, neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower Parent and its the Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates standards, and sufficient to reasonably maintain the operation of the business of the Borrower Parent and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower Parent and the Subsidiaries. (d) The BorrowerParent, its the Subsidiaries, and, to the knowledge of Borrower, and any Data Processors have implemented and maintained reasonable and appropriate organizational, physical, administrative and technical measures consistent with generally accepted industry standards for the industry in which the Borrower Parent or any Subsidiary operates to protect the operation, confidentiality, integrity, and security of all Confidential Business Information, Personal Data and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) against material unauthorized access, acquisition, interruption, alteration, modification, or use. To the knowledge of the Borrower, no No Person has obtained material unauthorized access to or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 monthsAssets. (e) The Borrower Parent and its the Subsidiaries have taken or caused to be taken commercially all reasonable precautions to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, and (ii) are fully functional and operate and run in a commercially reasonable and efficient business manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material substantial disruption or material substantial interruption in the BorrowerParent’s or any Subsidiary’s use thereof or to the business of the Borrow Parent and the Subsidiaries.

Data Privacy and Information Security. 12.1 To the extent that Company or Company’s Affiliates provides to Service Provider, or Service Provider otherwise accesses Personal Data (aas defined below) The Borrower about Company’s employees, customers, or other individuals in connection with this Agreement, Service Provider represents and warrants that: (i) Service Provider will only use Personal Data for the purposes of fulfilling its Subsidiaries maintain appropriate data security policies, processesobligations under the Agreement, and controls Service Provider will not disclose or otherwise process such Personal Data except upon Company’s instructions in writing; (ii) Service Provider will notify Company in writing and obtain Company’s consent before sharing any Personal Data with any government authorities or other third parties; (iii) it has and will continue to have during the term of this Agreement an appropriate comprehensive privacy programadequate and current Safe Harbor certification with the United States Department of Commerce applicable to the Personal Data (“Safe Harbor Certification”), all of will provide Company with no less than ninety (90) days written notice (in accordance with Section 14.4 herein) prior to any date on which meet or exceed any requirements of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program Safe Harbor Certification ends (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present time. None of the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptive“Safe Harbor Certification End Date”), and will promptly execute any supplemental privacy and security terms as Company may direct in its sole judgment prior to any such Safe Harbor Certification End Date, including but not limited to the contemplated transactions Standard Contractual Clauses for the Transfer of Personal Data to be consummated hereunder Processors established in Third Countries, dated 5 February 2010 (2010/87/EU) as amended from time to time; and (iv) Service Provider agrees to adhere to additional contractual terms and conditions related to Personal Data as Company may instruct in writing that Company deems necessary, in its sole discretion, to address applicable data protection, privacy, or information security laws or requirements. 12.2 In the event that (i) any Confidential Information or Personal Data is disclosed by Service Provider (including its agents or subcontractors), in violation of the Closing will not violate any privacy statements, other consumer-facing disclosures this Agreement or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against the Borrower or its Subsidiaries with respect applicable laws pertaining to privacy or data security, and, to the knowledge of the Borrower, neither the Borrower nor any Subsidiary nor any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information. (b) The Borrower and its Subsidiaries have contractually obligated all Data Processors to commercially reasonable contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance with applicable Privacy Laws in all material respects, (ii) implementation Service Provider (including its agents or Subcontractors) discovers, is notified of, or suspects that unauthorized access, acquisition, disclosure or use of Confidential Information or Personal Data has occurred (“Security Incident”), Service Provider shall notify Company immediately in writing of any such Security Incident. Service Provider shall cooperate fully in the investigation of the Security Incident, indemnify and hold Company harmless for any and all damages, losses, fees or costs (whether direct, indirect, special or consequential) incurred as a result of such Security Incident, and remedy any harm or potential harm caused by such Security Incident. 12.3 To the extent that a Security Incident gives rise to a need, in Company’s sole judgment, to provide (A) notification to public authorities, individuals, or other persons, or (B) undertake other remedial measures (including, without limitation, notice, credit monitoring services and the establishment of a commercially reasonable call center to respond to inquiries (each of the foregoing a "Remedial Action")), at Company’s request, Service Provider shall, at Service Provider’s cost, undertake such Remedial Actions. The timing, content and manner of effectuating any notices shall be determined by Company in its sole discretion. 12.4 To the extent that Company provides to Service Provider, or Service Provider otherwise accesses Confidential Information or Personal Data about Company’s employees, customers, or other individuals in connection with this Agreement, Service Provider shall implement a written information security program (“Information Security Program”) that includes administrative, technical, and physical safeguards to protection that ensure the applicable data and/or systems, (iii) restricting processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying or guaranteeing the return or adequate disposal or destruction of Personal Data. The Borrower and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow and the Subsidiaries in all material respects. To the knowledge of the Borrower, neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower and its Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates and sufficient to maintain the operation of the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower and the Subsidiaries. (d) The Borrower, its Subsidiaries, and, to the knowledge of Borrower, any Data Processors have implemented and maintained organizational, physical, administrative and technical measures consistent with generally accepted standards for the industry in which the Borrower operates to protect the operation, confidentiality, integrity, and security availability of all Confidential Business InformationInformation and Personal Data, protect against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of the Confidential Information and Personal Data Data, and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) protect against unauthorized access, acquisitionuse, interruptiondisclosure, alteration, modification, or use. To the knowledge destruction of the BorrowerConfidential Information and Personal Data. In particular, no Person has obtained unauthorized access the Service Provider’s Information Security Program shall include, but not be limited, to the following safeguards where appropriate or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 months. (e) The Borrower and its Subsidiaries have taken or caused to be taken commercially reasonable precautions necessary to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, the protection of Confidential Information and (ii) are fully functional and operate and run in a commercially reasonable manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material disruption or material interruption in the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow and the Subsidiaries.Personal Data:

Data Privacy and Information Security. (a) The Borrower and its Subsidiaries maintain appropriate commercially reasonable data security policies, processes, and controls controls, and an appropriate comprehensive a reasonable privacy program, all of which meet or exceed any program that materially complies with the requirements of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present timePrivacy Laws. None of the Borrower’s or any Subsidiary’s written, public-facing privacy statements or disclosures (“Privacy Policies”) have been or are misleading or deceptive, and the contemplated transactions to be consummated hereunder as of the Closing Date will not violate any privacy statements, other consumer-facing disclosures Privacy Policies or applicable Privacy Laws. There is not currently pending and there has not been in the past five years any written action, proceeding, suit or claim against the Borrower or its Subsidiaries with respect to privacy or data securityviolations of applicable Privacy Laws, and, to the knowledge of the Borrower, neither the Borrower nor Borrower, any Subsidiary nor any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business InformationInformation that would require notification to another Person. (b) The Borrower and its Subsidiaries have contractually obligated all sub-processors who process Personal Data Processors on behalf of the Borrower or its Subsidiaries (“Data Processors”) to commercially reasonable contractual terms relating to the protection and use of Personal Data and IT AssetsData, including without limitation limitation, where required by applicable Privacy Laws, obligations substantially similar to the following: (i) compliance comply with applicable Privacy Laws in all material respectsLaws, (ii) implementation of implement a commercially reasonable information security program that includes reasonable administrative, technical, and physical safeguards designed to protection protect the applicable data and/or systemsPersonal Data, (iii) restricting restrict processing of Personal Data to those personnel authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying certify or guaranteeing guarantee the return or adequate disposal or destruction of Personal Data. The Borrower and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations. (c) The IT Assets are sufficient and operate and perform as is necessary in all material respects to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow Borrower and the Subsidiaries in all material respectsSubsidiaries. To the knowledge of the Borrower’s knowledge, neither the IT Assets nor any Products contain any “virus,” “spyware,” “malware,” “worm,” “Trojan horse” (as such terms are commonly understood in the software industry), disabling codes or instructions, or other similar code or software routines or components that are designed or intended to delete, destroy, disable, interfere with, perform unauthorized modifications to, or provide unauthorized access to any data, files, software, system, network, or other device. The Borrower and its Subsidiaries have established, implemented and tested backup and disaster recovery policies, procedures and systems consistent with generally accepted standards for the industry in which the Borrower operates and sufficient designed to reasonably maintain the operation of the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted in all material respects by the Borrower and the Subsidiaries. (d) The Borrower, its Subsidiaries, and, to the knowledge of Borrower, and any Data Processors have implemented and maintained commercially reasonable organizational, physical, NY: 1219514-6- - administrative and technical measures consistent with generally accepted standards for the industry in which the Borrower operates designed to protect the operation, confidentiality, integrity, and security of all Confidential Business Information, IT Assets and Personal Data and IT Assets (including, for clarity, all information and transactions stored or contained therein or transmitted thereby) against material unauthorized access, acquisition, interruption, alteration, modification, or use. To the knowledge of the Borrower, no Person has obtained unauthorized access to or use of any Confidential Business Information, Personal Data and IT Assets in the past 24 months. (e) The Borrower and its Subsidiaries have taken or caused to be taken commercially all reasonable precautions to ensure that all IT Assets (i) are free from any material defect, bug, virus or programming, design or documentation error or corruption or other defect, and (ii) are fully functional and operate and run in a commercially reasonable and efficient business manner. None of the IT Assets have malfunctioned or failed or have experienced any breakdowns or continued substandard performance in the past 24 months that has caused material substantial disruption or material substantial interruption in the Borrower’s or any Subsidiary’s use thereof or to the business of the Borrow Borrower and the Subsidiaries.