Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all times within the past three years have been, in compliance in all material respects with all applicable state, federal, and international data privacy, security and consumer protection laws and regulations, including without limitation applicable requirements of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, “HIPAA”) and the European Union General Data Protection Regulation (“GDPR”) collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company and its subsidiaries have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifiable” information as applied by the Federal Trade Commission; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR; and (v) any other information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries have at all times during the past three years made all disclosures to users or customers required by applicable Privacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge of the Company, been inaccurate or in violation of any applicable Privacy Laws in any material respect. Within the past three years, neither the Company nor any subsidiary: (i) has received notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law. Any certificate signed by or on behalf of the Company and delivered to the Representatives or to counsel to the Underwriters pursuant to this Section 3 shall be deemed to be a representation and warranty by the Company to each Underwriter as to the matters covered thereby.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, have a Material Adverse Effect, (A) the Company and its subsidiaries are, and at all times within in the past three five (5) years have beenwere, in compliance in with all material respects with all applicable state, federal, federal and international data privacy, privacy and data security and consumer protection laws and regulations, including without limitation applicable requirements of the Health Insurance Portability and Accountability Act of 1996limitation, as amended by applicable, HIPAA, the Health Information Technology for Economic and Clinical Health Act (collectivelyHITECH Act, “HIPAA”) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) and the California Consumer Privacy Act of 2018 (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, ; and (B) the Company and its subsidiaries have in place place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply ensure compliance in all material respects with their policies and procedures relating to data privacy and security and with respect to the collection, storage, use, disclosure, handling, transfer and analysis of Personal Data (the “Policies”)Data. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifiableidentifying information” information as applied by under the Federal Trade CommissionCommission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR; and (v) any other piece of information that allows the identification of identifies such natural person. Except as would not, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries have at all times during the past three years made all disclosures to users or customers required by applicable Privacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge of the Company, been inaccurate individually or in violation of any applicable Privacy Laws in any material respect. Within the past three yearsaggregate, have a Material Adverse Effect, neither the Company nor any subsidiary: of its subsidiaries (iX) has have at any time in the past five (5) years received written notice of any actual or potential liabilityreasonably likely material liability of the Company or its subsidiaries relating to any violation of any Privacy Laws, including, but not limited to any such liability relating to any security or data privacy breaches suffered by the Company or its subsidiaries or other unauthorized or improper access to, use of, or destruction of its Personal DataData owned or controlled by the Company or its subsidiaries; (Y) other than pursuant to its compliance efforts in the ordinary course of business, under or relating is currently conducting, subject to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any material investigation, remediation, or other corrective action pursuant to resulting from the Company’s or its subsidiaries’ non-compliance with any Privacy Law; or (iiiZ) is has in the past five (5) years been a party to any order, decree, settlement agreement, or agreement judgment from a governmental entity that imposes any obligation or liability under any Privacy Law. Any certificate signed by or on behalf of the Company and delivered to the Representatives or to counsel to the Underwriters pursuant to this Section 3 shall be deemed to be a representation and warranty by the Company to each Underwriter as to the matters covered thereby.

Data Privacy and Security Laws. The Company and its subsidiaries Subsidiaries are, and at all prior times within the past three years have beenwere, in material compliance in all material respects with all applicable state, federalstate and federal data privacy and security laws and regulations in the United States, and international all applicable provincial and federal data privacy, privacy and security and consumer protection laws and regulationsregulations in Canada, including without limitation applicable requirements of the Health Insurance Portability Personal Information Protection and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Electronic Documents Act (collectivelyS.C. 2000, c. 5) (“HIPAAPIPEDA”) ); and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate ensure compliance with the Privacy Laws, the Company and its subsidiaries Subsidiaries have in place place, comply with, and take commercially reasonable appropriate steps reasonably designed to comply ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifiableidentifying information” information as applied by under the Federal Trade CommissionCommission Act, as amended; (iii) Protected Health Information “personal information”, “personal health information”. and “business contact information” as defined by HIPAAXXXXXX; (iv) “personal data” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries Subsidiaries have at all times during the past three years made all disclosures to users or customers required by applicable Privacy Lawslaws and regulatory rules or requirements, and none of such disclosures made or contained in any such disclosures Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Privacy Laws laws and regulatory rules or requirements in any material respect. Within the past three years, The Company further certifies that neither the Company it nor any subsidiarySubsidiary: (i) has received notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law. Any certificate signed by or on behalf of the Company and delivered to the Representatives or to counsel to the Underwriters pursuant to this Section 3 shall be deemed to be a representation and warranty by the Company to each Underwriter as to the matters covered thereby.

Data Privacy and Security Laws. The Company and its subsidiaries areis, and at all prior times within the past three years have beenwas, in compliance in all material respects with all applicable state, federal, federal and international data privacy, security and, with respect to data privacy and security, consumer protection laws and regulations, including without limitation applicable requirements of the Health Insurance Portability and Accountability Act of 1996, 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (collectivelyAct, “HIPAA”) and since May 25, 2018, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”), except to the extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. To facilitate compliance with the Privacy LawsExcept as would not reasonably be expected to have a Material Adverse Effect, the Company (i) has in place, complies with, and its subsidiaries have in place and take commercially takes reasonable steps to comply in all material respects ensure compliance with their its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”), and (ii) implements and maintains (I) information technology and equipment, computer systems, networks, software, websites, applications, and databases (collectively, “IT Systems”) commercially reasonable for the operation of the business of the Company as currently conducted and (II) commercially reasonable controls and safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data within its operational control used in connection with its businesses. “Personal Data” means means, as applicable, (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifiableidentifying information” information as applied by under the Federal Trade CommissionCommission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related relates to an identified person’s health or sexual orientation. The Company and its subsidiaries have has at all times during the past three years made all disclosures to users or customers required by applicable Privacy Laws, and none of such disclosures made or contained in any such disclosures have, to the knowledge privacy policy of the Company, Company have been inaccurate or in violation of any applicable Privacy Laws Laws, except in any material respecteach case as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Within Except as would not, individually or in the past three yearsaggregate, neither reasonably be expected to have a Material Adverse Effect, the Company nor any subsidiaryCompany: (i) has not received written notice of any actual or potential liabilityliability of the Company relating to, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, of or destruction of its confidential information or Personal Data, or under or relating to, or to any actual or potential violation by the Company of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action required by any governmental entity pursuant to any Privacy Law, other than in the ordinary course of business; or (iii) is not a party to any order, decree, or agreement with any governmental entity that imposes any obligation or liability under any Privacy Law. Any certificate signed by or on behalf of the Company and delivered to the Representatives or to counsel to the Underwriters pursuant to this Section 3 shall be deemed to be a representation and warranty by the Company to each Underwriter as to the matters covered thereby.