Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, the identification of such natural person, or his or her family or household, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has made all disclosures to individuals required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any of the Company’s policies or notices relating to data privacy and security have been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the Company nor any of its subsidiaries (i) have received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and (iii) are a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including, including without limitation, limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), ; and the California Consumer Privacy Act of 2018 (“CCPA”)Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) ), the California Consumer Protection Act of 2018 and all other applicable laws and regulations with respect to Personal Data and that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (viv) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have at all times made all disclosures to individuals users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the The Company further certifies that neither it nor any of its subsidiaries subsidiary: (i) have has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including, including without limitation, limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), ) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, the identification of such natural person, or his or her family or household, or permits the collection or analysis of any data related relates to an identified person’s health or sexual orientationidentifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Laws. The Company and each of its subsidiaries has have at all times made all required disclosures to and obtained all necessary consents from individuals required by pursuant to applicable laws and regulatory rules or requirements, and none of such disclosures no disclosure made or contained in pursuant to any Policy has, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the The Company further certifies that neither it nor any of its subsidiaries subsidiary: (i) have has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is currently conducting or paying for, in whole or in part, any investigation, remediation, remediation or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times werewithin the past three years have been, in compliance in all material compliance respects with all applicable state, federal, and international data privacy privacy, security and security consumer protection laws and regulations, including, including without limitation, limitation applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (the collectively, “HITECH ActHIPAA”), the California Consumer Privacy Act of 2018 (“CCPA”), ) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company and its subsidiaries have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying informationidentifiable” under information as applied by the Federal Trade Commission Act, as amendedCommission; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; and (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have at all times during the past three years made all disclosures to individuals users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. Neither Within the past three years, neither the Company nor any of its subsidiaries subsidiary: (i) have has received notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law. Any certificate signed by or on behalf of the Company and delivered to the Representatives or to counsel to the Underwriters pursuant to this Section 3 shall be deemed to be a representation and warranty by the Company to each Underwriter as to the matters covered thereby.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times werehave been, in material compliance with all applicable laws and regulations relating to data privacy and security laws and regulationsSensitive Data (defined below) that have been in effect and that have been announced as of the date hereof as becoming effective within 15 months after the date hereof, including, including without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), limitation the California Consumer Privacy Act of 2018 (“CCPA”), and HIPAA, HITECH Act, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) ), and the GDPR as it forms part of the law of the United Kingdom (collectively, the “Privacy Laws”). The Company and its subsidiaries have in place, comply with, and take appropriate steps to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Sensitive Data (the “Policies”). At all times since inception, the Company and its subsidiaries have provided all required notices of its Policies and obtained all necessary consents from individuals. None of the disclosures made or contained in any of the Policies have been inaccurate, misleading, deceptive, incomplete, or in violation of any Privacy Laws or Policies. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) any other information that constitutes “personal data” as defined by the GDPR; (v) ”, “personal information” as defined by the CCPA; ”, “personally identifiable information”, “nonpublic personal information”, “customer proprietary network information”, “individually identifiable health information”, “protected health information”, or similar information under Privacy Laws, and (viv) any other piece of information that allows, directly or indirectly, allows the identification of such a natural person, or his or her family or householdfamily, device, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. “Sensitive Data” means all confidential, proprietary, or otherwise sensitive information (including Personal Data). The Company execution, delivery and each performance of its subsidiaries has made all disclosures this Agreement or any other agreement referred to individuals required by applicable laws and regulatory rules or requirements, and none in this Agreement will not result in a breach of such disclosures made or contained in any of the Company’s policies or notices relating to data privacy and security have been inaccurate or in violation of any applicable laws and regulatory rules Privacy Laws or requirements in any material respectPolicies. Neither the Company nor any of its subsidiaries subsidiary: (i) have has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event fact, event, or condition that would reasonably be expected to result in any such notice; (ii) are is currently participating in, subject to, conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries Subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state, federal, and international data privacy privacy, security and security consumer protection laws and regulations, including, without limitation, applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (the collectively, “HITECH ActHIPAA”), ; and the California Consumer Privacy Act of 2018 (“CCPA”)Company and its Subsidiaries have taken commercially reasonable actions to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company and its Subsidiaries have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying informationidentifiable” under information as applied by the Federal Trade Commission Act, as amendedCommission; (iii) “Protected Health Information Information,” as defined by HIPAA; (iv) “personal data,” as defined by the GDPR; and (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has Subsidiaries have, at all times prior hereto, made all material disclosures to individuals users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. Neither the Company nor any of its subsidiaries subsidiary: (iA) have has received written notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (iiB) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iiiC) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including, including without limitation, limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have at all times made all disclosures to individuals users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the The Company further certifies that neither it nor any of its subsidiaries subsidiary: (i) have has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times weresince May 25, 2018 have been, in material compliance with all applicable data privacy and security laws and regulations, including, including without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), limitation the California Consumer Privacy Act of 2018 (“CCPA”)Act, HIPAA, HITECH Act, and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws or Policies. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the unfair and deceptive trade practice authority of the Federal Trade Commission (“FTC”) pursuant to the FTC Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; , (v) “personal information” as defined by the California Consumer Privacy Act (“CCPA; ”) and (vi) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has made all disclosures to individuals required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any of the Company’s policies or notices relating to data privacy and security have been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the Company nor any of its subsidiaries (i) have received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and (iii) are a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state, federal, and international data privacy privacy, security and security consumer protection laws and regulations, including, without limitation, applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (the collectively, “HITECH ActHIPAA”), ; and the California Consumer Privacy Act of 2018 (“CCPA”)Company and its subsidiaries have taken commercially reasonable actions to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company and its subsidiaries have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying informationidentifiable” under information as applied by the Federal Trade Commission Act, as amendedCommission; (iii) “Protected Health Information Information,” as defined by HIPAA; (iv) “personal data,” as defined by the GDPR; and (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have, at all times prior hereto, made all material disclosures to individuals users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. Neither the Company nor any of its subsidiaries subsidiary: (iA) have has received notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (iiB) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iiiC) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, the identification of such natural person, or his or her family or household, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has made all disclosures to individuals required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any of the Company’s policies or notices relating to data privacy and security have been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the Company nor any of its subsidiaries (i) have has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times during the past three (3) years preceding the end of the most recent fiscal year were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) regulations (collectively, the “Privacy Laws”) except where the noncompliance would not, individually or in the aggregate, have a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply in material respects with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” for protection under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPAapplicable Privacy Laws; and (viiii) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have made all disclosures to individuals users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the Company nor any of its subsidiaries subsidiary: (i) have has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The To the knowledge of the Company, the Company and each of its subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state, federal, and international data privacy privacy, security and security consumer protection laws and regulations, including, without limitation, applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (the collectively, “HITECH ActHIPAA”), ; and the California Consumer Privacy Act of 2018 (“CCPA”)Company and its subsidiaries have taken commercially reasonable actions to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To the extent required by the Privacy Laws, the Company and its subsidiaries have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data. “Personal Data” means (iA) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (iiB) any information which would qualify as “personally identifying informationidentifiable” under information as applied by the Federal Trade Commission Act, as amendedCommission; (iiiC) “Protected Health Information Information,” as defined by HIPAA; (ivD) “personal data,” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (viE) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have, at all times prior hereto, made all material disclosures to individuals users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. Neither the Company nor any of its subsidiaries subsidiary: (i1) have has received written notice of any actual or potential liability alleged liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of to the Privacy Laws, and has knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii2) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii3) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times were, in compliance in all material compliance respects with all applicable state, federal and international data privacy, security and, with respect to data privacy and security security, consumer protection laws and regulations, including, including without limitation, limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and since May 25, 2018, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”), except to the extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except as would not reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries (i) have in place, complies with, and takes reasonable steps to ensure compliance with its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”), and (ii) implement and maintain (I) information technology and equipment, computer systems, networks, software, websites, applications, and databases (collectively, “IT Systems”) commercially reasonable for the operation of the business of the Company as currently conducted and (II) commercially reasonable controls and safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data within its operational control used in connection with its businesses. “Personal Data” means means, as applicable, (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (viv) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related relates to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have at all times made all disclosures to individuals users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any privacy policy of the Company’s policies or notices relating to data privacy and security Company have been inaccurate or in violation of any applicable laws and regulatory rules Privacy Laws, except in each case as would not, individually or requirements in any material respectthe aggregate, reasonably be expected to have a Material Adverse Effect. Neither Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company nor any of and its subsidiaries subsidiaries: (i) have not received written notice of any actual or potential liability of the Company relating to, security or data privacy breaches or other unauthorized or improper access to, use of or destruction of its confidential information or Personal Data, or under or relating to, or to any actual or potential violation by the Company of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action required by any governmental entity pursuant to any Privacy Law, other than in the ordinary course of business; and or (iii) are not a party to any order, decree, or agreement with any governmental entity that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries Subsidiary are, and at all prior times were, in compliance in all material compliance respects with all applicable state, federal, and international data privacy and data security laws and regulations, including, including without limitation, limitation HIPAA and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) ), and the Company and its Subsidiary are currently or have taken commercially reasonable actions to comply with the California Consumer Protection Act of 2018 (collectively, the “Privacy Laws”). To address compliance with the Privacy Laws, the Company and its Subsidiary have in place, comply with, and take commercially reasonable steps designed to achieve compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and transfer of Personal Data. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (viv) any other piece of information that allows, directly or indirectly, the identification of identifies such natural person. At all times, or his or her family or household, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has Subsidiary have made all disclosures to individuals users or customers required by applicable laws Privacy Laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the The Company further certifies that (a) neither it nor any of its subsidiaries subsidiary at any time: (i) have has received written notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of its Personal Data owned or controlled by the Company or its Subsidiary, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are other than pursuant to its ongoing compliance efforts in the ordinary course of business, is currently conducting conducting, subject to, or paying forpaying, in whole or in part, any material investigation, remediation, or other corrective action pursuant to resulting from the Company’s or its Subsidiary’s non-compliance with any Privacy Law; and or (iii) are is a party to any order, decree, settlement agreement, or agreement judgment from a governmental entity that imposes any obligation or liability under any Privacy Law; and (b) it is not aware of any specific events rendering any of the foregoing reasonably likely to occur.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times were, since their inception have been in material compliance with all applicable state, federal or foreign data privacy and security laws and regulations, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and each of its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their internal and external policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or household, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have at all times made all disclosures to individuals required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate inaccurate, misleading, deceptive or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the The execution, delivery, and performance of this Agreement, will not result in a breach or violation of any Privacy Law or Policies. The Company nor any of and its subsidiaries (i) have not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and (iii) are not a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at comply in all prior times were, in material compliance respects with all applicable state and federal data privacy and security laws and regulations, including, including without limitation, limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) (42 U.S.C. Section 17921 et seq.), European Union’s General Data Protection Regulation 2016/679 (“EU GDPR”), the California Consumer Privacy EU GDPR as it forms part of United Kingdom (“UK”) law by virtue of section 3 of the European Union (Withdrawal) Act of 2018 (“CCPAUK GDPR”), and the European Union General Data California Consumer Protection Regulation Act of 2018, as amended by the California Privacy Rights Act of 2020, (“GDPRCPRA”) (EU 2016/679) collectively, “CCPA”); and all applicable laws and regulations with respect to Personal Data and that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). The Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). As used in this Agreement, “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail email address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personal information,” “personally identifying information,” or similar term as defined under the Federal Trade Commission Act, as amendedAct or Privacy Laws; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or household, or permits the collection or analysis of any data related to an identified person’s health or sexual orientationfamily. The Company and each of its subsidiaries has have made all disclosures to individuals users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the The Company further certifies that neither it nor any of its subsidiaries subsidiary: (i) have has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy LawsLaw, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, have a Material Adverse Effect, (A) the Company and each of its subsidiaries are, and at all prior times in the past five (5) years were, in material compliance with all material respects with all applicable state, federal and international data privacy and data security laws and regulations, including, including without limitation, as applicable, HIPAA, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) and the California Consumer Privacy Act of 2018 (collectively, the “Privacy Laws”); and (B) the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security with respect to the collection, storage, use, disclosure, handling, transfer and analysis of Personal Data. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (viv) any other piece of information that allows, directly or indirectly, the identification of identifies such natural person. Except as would not, or his or her family or household, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has made all disclosures to individuals required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any of the Company’s policies or notices relating to data privacy and security have been inaccurate individually or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the aggregate, have a Material Adverse Effect, neither the Company nor any of its subsidiaries (iX) have at any time in the past five (5) years received written notice of any actual or potential reasonably likely material liability under or relating to, or actual or potential violation of, any of the Company or its subsidiaries relating to any violation of any Privacy Laws, and has knowledge of any event or condition that would reasonably be expected including, but not limited to result in any such noticeliability relating to any security or data privacy breaches suffered by the Company or its subsidiaries or other unauthorized or improper access to, use of, or destruction of its Personal Data owned or controlled by the Company or its subsidiaries; (iiY) are other than pursuant to its compliance efforts in the ordinary course of business, is currently conducting conducting, subject to, or paying for, in whole or in part, any material investigation, remediation, or other corrective action pursuant to resulting from the Company’s or its subsidiaries’ non-compliance with any Privacy Law; and or (iiiZ) are has in the past five (5) years been a party to any order, decree, settlement agreement, or agreement judgment from a governmental entity that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all prior times werehave been, in material compliance with all applicable laws and regulations relating to data privacy and security laws and regulationsSensitive Data (defined below) that have been in effect and that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, including, including without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), limitation the California Consumer Privacy Act of 2018 (“CCPA”), and HIPAA, HITECH Act, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) ), and the GDPR as it forms part of the law of the United Kingdom (collectively, the “Privacy Laws”). The Company and its subsidiaries have in place, comply with, and take appropriate steps to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Sensitive Data (the “Policies”). At all times since inception, the Company and its subsidiaries have provided all required notices of its Policies and obtained all necessary consents from individuals. None of the disclosures made or contained in any of the Policies have been inaccurate, misleading, deceptive, incomplete, or in violation of any Privacy Laws or Policies. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) any other information that constitutes “personal data” as defined by the GDPR; (v) ”, “personal information” as defined by the CCPA; ”, “personally identifiable information”, “nonpublic personal information”, “customer proprietary network information”, “individually identifiable health information”, “protected health information”, or similar information under Privacy Laws, and (viv) any other piece of information that allows, directly or indirectly, allows the identification of such a natural person, or his or her family or householdfamily, device, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. “Sensitive Data” means all confidential, proprietary, or otherwise sensitive information (including Personal Data). The Company execution, delivery and each performance of its subsidiaries has made all disclosures this Agreement or any other agreement referred to individuals required by applicable laws and regulatory rules or requirements, and none in this Agreement will not result in a breach of such disclosures made or contained in any of the Company’s policies or notices relating to data privacy and security have been inaccurate or in violation of any applicable laws and regulatory rules Privacy Laws or requirements in any material respectPolicies. Neither the Company nor any of its subsidiaries subsidiary: (i) have has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event fact, event, or condition that would reasonably be expected to result in any such notice; (ii) are is currently participating in, subject to, conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state, federal, and international data privacy privacy, security and security consumer protection laws and regulations, including, without limitation, applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (the collectively, “HITECH ActHIPAA”), ; and the California Consumer Privacy Act of 2018 (“CCPA”)Company and its subsidiaries have taken commercially reasonable actions to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company and its subsidiaries have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (iA) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (iiB) any information which would qualify as “personally identifying informationidentifiable” under information as applied by the Federal Trade Commission Act, as amendedCommission; (iiiC) “Protected Health Information Information,” as defined by HIPAA; (ivD) “personal data,” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (viE) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has have, at all times prior hereto, made all material disclosures to individuals users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. Neither the Company nor any of its subsidiaries subsidiary: (i1) have has received notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii2) are is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and or (iii3) are is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries areis, and at all prior times werewas, in material compliance with all applicable data privacy and security laws and regulations, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vi) any other piece of information that allows, directly or indirectly, the identification of such natural person, or his or her family or household, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has made all disclosures to individuals required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any of the Company’s policies or notices relating to data privacy and security Policy have been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the Company nor any of its subsidiaries (i) have received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and (iii) are a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and each of its subsidiaries areis, and at all prior times werehas been, in material compliance with all applicable state, federal, and international data privacy privacy, security and security consumer protection laws and regulations, including, including without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) limitation HIPAA as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), ; the California Consumer Privacy Act of 2018 (“CCPA”)Company has taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, has been and currently is in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679); and the Company has taken or will take commercially reasonable actions to prepare to comply with the California Consumer Privacy Act of 2018 (“CCPA”) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company has in place, complies with, and takes appropriate steps reasonably designed to ensure compliance in all material respects with its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (viv) any other piece of information that allows, directly or indirectly, allows the identification of such natural person, or his or her family or householdfamily, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and each of its subsidiaries has at all times made all disclosures to individuals users or customers materially required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company’s policies or notices relating to data privacy and security have , been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Neither the The Company nor any of its subsidiaries further certifies that it: (i) have has not received written notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of its IT Systems and Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) are is not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; and (iii) are is not a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.