Common use of Data Security and Privacy Clause in Contracts

Data Security and Privacy. (a) Each Credit Party and its Subsidiaries will maintain compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws relating to cross-border transfers of Personal Data; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) the Privacy Agreements. (b) Each Credit Party and its Subsidiaries will maintain compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Party and its Subsidiaries. In connection with the Credit Parties’ and their Subsidiaries’ uses of the Personal Data as permitted by the Privacy Policies, each Credit Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws. All Privacy Policies in place will make appropriate disclosures to users, customers, employees, and other individuals as required by Data Protection Laws. (c) Each Credit Party and its Subsidiaries will maintain and comply in all material respects with its Security Program. Any Security Program of the Credit Parties or their Subsidiaries will at all times (i) comply in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, integrity and confidentiality of all Personal Data or Company Sensitive Information in such Credit Party’s or Subsidiary’s possession or control, and each Credit Party and its respective Subsidiaries will use industry best practices to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) The Credit Parties shall take commercially reasonable steps designed to ensure that no material (i) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with a Credit Party or a Subsidiary or any of their contractors or (ii) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occur. (e) Each Credit Party and its Subsidiaries will have a valid and legal right (whether contractually, by Applicable Law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses. (f) The Borrower will promptly give notice to the Administrative Agent upon any Credit Party becoming aware of any pending, written demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceeding, including any notices of any investigation or other legal proceedings, regarding a Credit Party or a Subsidiary and of which it becomes aware, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, in any material respect.

Data Security and Privacy. (a) Each Credit Loan Party and its Subsidiaries will maintain compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Datatransfers; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Loan Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Loan Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Loan Party or a Subsidiary is a party; and (iii) the Privacy Agreements. (b) Each Credit Loan Party and its Subsidiaries will maintain compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Loan Party and its Subsidiaries. In connection with the Credit Loan Parties’ and their Subsidiaries’ uses of the Personal Data as permitted by the Privacy Policies, each Credit Loan Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws. All Privacy Policies in place will make appropriate all material disclosures to users, customers, employees, and or other individuals as required by Data Protection Laws. (c) Each Credit Loan Party and its Subsidiaries will maintain and comply with its Security Program in all material respects with its Security Programrespects. Any Security Program of the Credit Loan Parties or their Subsidiaries will at all times (i) comply in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, integrity and confidentiality of all Personal Data or Company Sensitive Information in such Credit Loan Party’s or Subsidiary’s possession or control, control and each Credit Loan Party and its respective Subsidiaries will use industry best practices to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) The Credit Loan Parties shall take commercially reasonable steps designed to ensure that no material (i) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with a Credit Loan Party or a Subsidiary or any of their contractors or (ii) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occur. (e) Each Credit Loan Party and its Subsidiaries will have a valid and legal right (whether contractually, by Applicable Law applicable law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Loan Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses. (f) The Borrower will promptly give notice to the Administrative Agent Bank upon any Credit Loan Party becoming aware of any pending, written complaints, claims, demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceedingnotices, including any notices of any investigation or other legal proceedings, regarding a Credit Loan Party or a Subsidiary and of which it becomes aware, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Loan Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, in any material respect.

Data Security and Privacy. (a) Each Credit Loan Party and its Subsidiaries will maintain compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Data; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a partytransfers; and (iiiii) the Privacy Agreements. (b) Each Credit Loan Party and its Subsidiaries will maintain compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Loan Party and its Subsidiaries. In connection with the Credit Parties’ and their Subsidiaries’ uses of the Personal Data as permitted by the Privacy Policies, each Credit Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws. All Privacy Policies in place will make appropriate disclosures to users, customers, employees, and other individuals as required by Data Protection Laws. (c) Each Credit Loan Party and its Subsidiaries will maintain and comply in all material respects with its Security Program. Any Security Program of the Credit Loan Parties or their Subsidiaries will at all times (i) comply in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, integrity and confidentiality of all Personal Data or Company Sensitive Information in such Credit Loan Party’s or Subsidiary’s possession or control, and each Credit Loan Party and its respective Subsidiaries will use industry best commercially reasonable practices to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) The Credit Loan Parties shall shall, in accordance with its reasonable business judgment, take commercially reasonable steps designed to ensure that no material (i) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with a Credit Loan Party or a Subsidiary or any of their contractors or (ii) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occur. (e) Each Credit Loan Party and its Subsidiaries will will, in accordance with its reasonable business judgment, have a valid and legal right (whether contractually, by Applicable Law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Loan Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses, except as could not reasonably be expected to result in a Material Adverse Effect. (f) The Borrower will promptly give notice to the Administrative Agent upon any Credit Loan Party becoming aware of any pending, written demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceeding, including any notices of any investigation or other legal proceedings, regarding a Credit Loan Party or a Subsidiary and of which it becomes aware, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Loan Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, or (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, in any material respect.

Data Security and Privacy. (a) Each Credit Loan Party and its Subsidiaries will maintain is in compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Datatransfers; and (ii) all applicable data transfer agreements and data processing agreements required to be implemented pursuant to applicable Data Protection Laws, including the EU standard contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) clauses, to which a Credit Loan Party or a Subsidiary is a party; and party (iii) the clause (ii), “Privacy Agreements”). (b) Each Credit Loan Party and its Subsidiaries will maintain is in compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Party applicable written internal and its Subsidiaries. In connection with the Credit Parties’ public-facing privacy policies and their Subsidiaries’ uses notices of the Personal Data as permitted by the Privacy Policies, each Credit Party Loan Parties and its Subsidiaries will obtain regarding the appropriate consent from collection, retention, use, processing, disclosure and distribution of Personal Data by the applicable data subject necessary for such usesLoan Parties or their Subsidiaries (collectively, to the extent required under applicable Data Protection Laws. All “Privacy Policies in place will make appropriate disclosures to users, customers, employees, and other individuals as required by Data Protection LawsPolicies”). (c) Each Credit Loan Party and its Subsidiaries will maintain has in place, maintains, and comply complies in all material respects with its with, a comprehensive written information security program (“Security Program. Any Security Program of the Credit Parties or their Subsidiaries will at all times ”) that (i) comply complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, security and integrity and confidentiality of all Personal Data and any other sensitive or Company Sensitive Information in such Credit Party’s confidential information or Subsidiary’s possession or control, and data related to each Credit Loan Party and its respective Subsidiaries will use industry best practices in the Loan Parties’ or its Subsidiaries’ possession or control (collectively, “Company Sensitive Information”) and to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) The Credit Parties shall take commercially reasonable steps designed Since January 1, 2021, to ensure that no material the knowledge of the Loan Parties, there has been (i) no actual or alleged material incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with owned or controlled by a Credit Loan Party or a Subsidiary or any of their contractors or Subsidiary, and (ii) no actual or alleged material incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occurInformation. (e) Each Credit Loan Party and its Subsidiaries will have has a valid and legal right (whether contractually, by Applicable Law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Loan Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses. (f) The Borrower will promptly give notice to the Administrative Agent upon any Credit Party becoming aware of any pending, written demands, inquiries, proceedings, or other notices that except as could not reasonably be expected to result in an investigation or other legal proceeding, including any notices of any investigation or other legal proceedings, regarding a Credit Party or a Subsidiary and of which it becomes aware, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, in any material respectMaterial Adverse Effect.

Data Security and Privacy. (a) Each Credit Loan Party and its Subsidiaries will maintain compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Datatransfers; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Loan Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Loan Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Loan Party or a Subsidiary is a party; and (iii) the Privacy Agreements, in each case except as would not reasonably be expected to result in a Material Adverse Change. (b) Each Credit Loan Party and its Subsidiaries will maintain compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Loan Party and its Subsidiaries. In connection with the Credit Loan Parties’ and their Subsidiaries’ uses of the Personal Data as permitted by the Privacy Policies, each Credit Loan Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws, in each case except as would not reasonably be expected to result in a Material Adverse Change. All Privacy Policies in place will make appropriate all material disclosures to users, customers, employees, and or other individuals as required by Data Protection Laws, in each case except as would not reasonably be expected to result in a Material Adverse Change. (c) Each Credit Loan Party and its Subsidiaries will maintain and comply in all material respects with its Security ProgramProgram except as would not reasonably be expected to result in a Material Adverse Change. Any Security Program of the Credit Loan Parties or their Subsidiaries will at all times (i) comply in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, integrity and confidentiality of all Personal Data or Company Sensitive Information in such Credit Loan Party’s or Subsidiary’s possession or control, control and each Credit Loan Party and its respective Subsidiaries will use industry best practices to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage, in each case except as would not reasonably be expected to result in a Material Adverse Change. (d) The Credit Loan Parties shall take commercially reasonable steps designed to ensure that no material (i) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with a Credit Loan Party or a Subsidiary or any of their contractors or (ii) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occur, in each case except as would not reasonably be expected to result in a Material Adverse Change. (e) Each Credit Loan Party and its Subsidiaries will have a valid and legal right (whether contractually, by Applicable Law applicable law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Loan Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses, in each case except as could not reasonably be expected to cause a Material Adverse Change. (f) The Borrower will promptly give notice to the Administrative Agent Bank upon any Credit Loan Party becoming aware of any pending, written complaints, claims, demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceedingnotices, including any notices of any investigation or other legal proceedings, regarding a Credit Loan Party or a Subsidiary and of which it becomes aware, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Loan Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, case except as would not reasonably be expected to result in any material respecta Material Adverse Change.

Data Security and Privacy. (a) Each Credit Loan Party and its Subsidiaries will maintain is in compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Datatransfers; and (ii) all applicable data transfer agreements and data processing agreements required to be implemented pursuant to applicable Data Protection Laws, including the EU standard contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) clauses, to which a Credit Loan Party or a Subsidiary is a party; and party (iii) the clause (ii), “Privacy Agreements”). (b) Each Credit Loan Party and its Subsidiaries will maintain is in compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Party applicable written internal and its Subsidiaries. In connection with the Credit Parties’ public-facing privacy policies and their Subsidiaries’ uses notices of the Personal Data as permitted by the Privacy Policies, each Credit Party Loan Parties and its Subsidiaries will obtain regarding the appropriate consent from collection, retention, use, processing, disclosure and distribution of Personal Data by the applicable data subject necessary for such usesLoan Parties or their Subsidiaries (collectively, to the extent required under applicable Data Protection Laws. All “Privacy Policies in place will make appropriate disclosures to users, customers, employees, and other individuals as required by Data Protection LawsPolicies”). (c) Each Credit Loan Party and its Subsidiaries will maintain has in place, maintains, and comply complies in all material respects with its with, a comprehensive written information security program (“Security Program. Any Security Program of the Credit Parties or their Subsidiaries will at all times ”) that (i) comply complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, security and integrity and confidentiality of all Personal Data and any other sensitive or Company Sensitive Information in such Credit Party’s confidential information or Subsidiary’s possession or control, and data related to each Credit Loan Party and its respective Subsidiaries will use industry best practices in the Loan Parties’ or its Subsidiaries’ possession or control (collectively, “Company Sensitive Information”) and to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) The Credit Parties shall take commercially reasonable steps designed Since January 1, 2021, to ensure that no material the knowledge of the Loan Parties, there has been (i) no actual or alleged material incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with owned or controlled by a Credit Loan Party or a Subsidiary or any of their contractors or Subsidiary, and (ii) no actual or alleged material incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occurInformation. (e) Each Credit Loan Party and its Subsidiaries will have has a valid and legal right (whether contractually, by Applicable Law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Loan Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses, except as could not reasonably be expected to result in a Material Adverse Effect. (f) The Borrower will promptly give notice No Loan Party nor any Subsidiary of a Loan Party has received any, nor to the Administrative Agent upon any Credit Party becoming aware knowledge of the Loan Parties are there any pending, written complaints, claims, demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceeding, including any notices of any investigation or other legal proceedings, regarding a Credit Loan Party or a Subsidiary and of which it becomes awareany Loan Party, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Loan Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, or (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, case in any material respect.

Data Security and Privacy. (a) Each Credit Loan Party and its Subsidiaries will maintain is, and at all times, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including including, to the extent applicable, but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Datatransfers; (ii) all applicable contractual obligations of each Loan Party and its Subsidiaries concerning data privacy and security relating to Personal Data in the possession or control of a Credit Loan Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Loan Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Loan Party or a Subsidiary is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Loan Party or a Subsidiary is a party (collectively, “Privacy Agreements.”), in each case except as would not reasonably be expected to result in a Material Adverse Change: (b) Each Credit Loan Party and its Subsidiaries will maintain is, and has been, in compliance in all material respects with all applicable prior and current written internal and public-facing privacy policies and notices of the Loan Parties and its Subsidiaries regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Loan Parties or their Subsidiaries or their respective agents (collectively, the “Privacy Policies”), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Credit Loan Party and its Subsidiaries, in each case except as would not reasonably be expected to result in a Material Adverse Change. In connection with The Privacy Policies contemplate the Credit Loan Parties’ and their Subsidiaries’ current uses of the Personal Data as permitted by the Privacy PoliciesData, each Credit Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws, each Loan Party and its Subsidiaries has sought and obtained the appropriate consent from the applicable data subject for such uses, in each case except as would not reasonably be expected to result in a Material Adverse Change. All The Privacy Policies in place will make appropriate have made all material disclosures to users, customers, employees, and or other individuals as required by Data Protection Laws, in each case except as would not reasonably be expected to result in a Material Adverse Change. (c) Each Credit Loan Party and its Subsidiaries will maintain has implemented and comply in all material respects with its maintains a commercially reasonable security program (“Security Program. Any Security Program of the Credit Parties or their Subsidiaries will at all times ”) that (i) comply complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, security and integrity and confidentiality of all Personal Data and any other sensitive or confidential information or data related to each Loan Party and its Subsidiaries (collectively, “Company Sensitive Information Information”) in such Credit Loan Party’s or Subsidiary’s its Subsidiaries’ possession or control, control and each Credit Party and its respective Subsidiaries will use industry best practices to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage, in each case except as would not reasonably be expected to result in a Material Adverse Change. (d) The Credit Parties shall take commercially reasonable steps designed to ensure that no material There has been (i) no actual, suspected or alleged (in writing) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with owned or controlled by a Credit Loan Party or a Subsidiary or any of their contractors and used by such contractors on behalf of a Loan Party or a Subsidiary, and (ii) no actual, suspected or alleged (in writing) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occurInformation, in each case that could reasonably be expected to cause a Material Adverse Change. (e) Each Credit Loan Party and its Subsidiaries will have has a valid and legal right (whether contractually, by Applicable Law applicable law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Loan Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses, in each case except as could not reasonably be expected to cause a Material Adverse Change. (f) The Borrower will promptly give notice Except as could not reasonably be expected to have a Material Adverse Change, there is no pending or to the Administrative Agent upon any Credit Party becoming aware knowledge of any pendingLoan Party, written threatened in writing, complaints, claims, demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceedingnotices, including any notices of any investigation or other legal proceedings, regarding a Credit Loan Party or a Subsidiary and of which it becomes awareSubsidiary, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; (ii) any counterparty to, or subject of, a Privacy Agreement; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Loan Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, Policies or (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, in any material respect.

Data Security and Privacy. (a) Each Credit Party and its Subsidiaries will maintain compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Datatransfers; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) the Privacy Agreements. (b) Each Credit Party and its Subsidiaries will maintain compliance in all material respects with all Privacy Policies consistent with the actual practices of each Credit Party and its Subsidiaries. In connection with the Credit Parties’ and their Subsidiaries’ uses of the Personal Data as permitted by the Privacy Policies, each Credit Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws. All Privacy Policies in place will make appropriate all disclosures to users, customers, employees, and or other individuals as required by Data Protection Laws. (c) Each Credit Party and its Subsidiaries will maintain and comply in all material respects with its Security Program. Any Security Program of the Credit Parties or their Subsidiaries will at all times (i) comply in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include and incorporate commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, integrity and confidentiality of all Personal Data or Company Sensitive Information in such Credit Party’s or Subsidiary’s possession or control, control and each Credit Party and its respective Subsidiaries will use industry best practices to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) The Credit Parties shall take commercially reasonable steps designed to ensure that no material (i) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with a Credit Party or a Subsidiary or any of their contractors or (ii) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occur. (e) Each Credit Party and its Subsidiaries will have a valid and legal right (whether contractually, by Applicable Law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses. (f) The Borrower will promptly give notice to the Administrative Agent upon any Credit Party becoming aware of any pending, written or oral complaints, claims, demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceedingnotices, including any notices of any investigation or other legal proceedings, regarding a Credit Party or a Subsidiary and of which it becomes aware, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, in any material respect.

Data Security and Privacy. (a) Each Credit Party and its Subsidiaries will maintain is, and at all times since January 1, 2021, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws those relating to cross-border transfers of Personal Datatransfers; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Credit Party or a Subsidiary is a party (collectively, “Privacy Agreements”). (b) Each Credit Party and its Subsidiaries will maintain is, and at all times since January 1, 2021, has been, in compliance in all material respects with all applicable prior and current written internal and public-facing privacy policies and notices of the Credit Parties and its Subsidiaries regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Credit Parties or their Subsidiaries or their respective agents (collectively, the “Privacy Policies”), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Credit Party and its Subsidiaries. In connection with The Privacy Policies contemplate the Credit Parties’ and their its Subsidiaries’ current uses of the Personal Data as permitted by the Privacy PoliciesData, each Credit Party and its Subsidiaries will obtain the appropriate consent from the applicable data subject necessary for such uses, to the extent required under applicable Data Protection Laws, each Credit Party and its Subsidiaries has sought and obtained the appropriate consent from the applicable data subject for such uses. All The Privacy Policies in place will make appropriate have since January 1, 2021, made all disclosures to users, customers, employees, and or other individuals as required by Data Protection Laws. (c) Each Credit Party and its Subsidiaries will maintain has in place, maintain, and comply in all material respects with its with, a comprehensive written information security program (“Security Program. Any Security Program of the Credit Parties or their Subsidiaries will at all times ”) that (i) comply complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) include includes and incorporate incorporates commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security, security and integrity and confidentiality of all Personal Data and any other sensitive or Company Sensitive Information in such Credit Party’s confidential information or Subsidiary’s possession or control, and data related to each Credit Party and its respective Subsidiaries will use industry best practices (collectively, “Company Sensitive Information”) in the Credit Parties’ or its Subsidiaries’ possession or control and to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) The Since January 1, 2021, to the knowledge of the Credit Parties shall take commercially reasonable steps designed to ensure that no material Parties, there has been (i) no actual, suspected or alleged incidents of material unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems operated in connection with owned or controlled by a Credit Party or a Subsidiary or any of their contractors or contractors, and (ii) no actual, suspected or alleged incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information shall occurInformation. (e) Each Credit Party and its Subsidiaries will have has a valid and legal right (whether contractually, by Applicable Law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Credit Party or a Subsidiary in connection with the sale, use and/or operation of their products, services and businesses. (f) The Borrower will promptly give notice Neither the Company nor the Company Subsidiary has received any, nor to the Administrative Agent upon any knowledge of the Credit Party becoming aware of Parties are there any pending, written or oral complaints, claims, demands, inquiries, proceedings, or other notices that could reasonably be expected to result in an investigation or other legal proceedingnotices, including any notices of any investigation or other legal proceedings, regarding a Credit Party or a Subsidiary and of which it becomes awareSubsidiary, initiated by (i) any Person; (ii) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; or (iii) any self-regulatory authority or entity, alleging that any activity of a Credit Party or a Subsidiary: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies, (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights, or (5) otherwise constitutes an unfair, deceptive, abusive or misleading trade practice, in each case, in any material respect.