Common use of Data Security and Privacy Clause in Contracts

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since the Look-Back Date has been, in compliance in all material respects with all Data Security Requirements; and (ii) since the Look-Back Date, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems; and (B) Sensitive Data Processed by the Company or any of its Subsidiaries from unauthorized use, access, disclosure, theft, and modification. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority, and, since the Look-Back Date, no fines or other penalties have been imposed on or claims for compensation have been received by the Company or any Subsidiary, in connection with any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, (1) experienced any Specified Data Breaches; or (2) experienced any unauthorized access or acquisition of any Sensitive Data Processed by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by any Company Group member or any Specified Data Breaches or been required by applicable Laws, Governmental Authority or other Data Security Requirements to notify, any Person of any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, neither (i) the execution, delivery, or performance of this Agreement by the Company or (ii) the consummation of any of the transactions contemplated hereby, will result in any breach or violation of any Data Security Requirement.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since the Look-Back Date January 4, 2021 has been, in material compliance in all material respects with all Data Security Requirements, except for noncompliance that would have a Company Material Adverse Effect; and (ii) since the Look-Back DateJanuary 4, 2021, has taken commercially reasonable steps consistent with standard industry practice by companies of similar sizesize and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business SystemsSystems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Sensitive Data Personally Identifiable Information Processed by the Company or any of its Subsidiaries such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft, and modification. Except , except in each case as would not, individually or in the aggregate, not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member . As of the Company Group. Except date hereof, except as would notnot have a Company Material Adverse Effect, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental AuthorityAuthority and (ii) since January 4, and, since the Look-Back Date2021, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, in connection with relating to any Specified Data Breach. Except The Company and each of its Subsidiaries have not since January 4, 2021, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not, individually or in the aggregate, not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, (1) experienced any Specified Data Breaches; or (2) experienced any unauthorized access or acquisition of any Sensitive Data Processed by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by any Company Group member or any Specified Data Breaches or been required by applicable Laws, Governmental Authority or other Data Security Requirements to notify, any Person of any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, neither (i) the execution, delivery, or performance of this Agreement by the Company or (ii) the consummation of any of the transactions contemplated hereby, will result in any breach or violation of any Data Security Requirement.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since the Look-Back Date August 14, 2020 has been, in material compliance in all material respects with all Data Security Requirements; and (ii) since the Look-Back DateAugust 14, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar sizesize and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business SystemsSystems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Sensitive Data Personally Identifiable Information Processed by the Company or any of its Subsidiaries such Subsidiary from unauthorized use, access, disclosure, theft, and modification. Except , except in each case as would notnot be material to the business of the Company Group, individually or in taken as a whole. As of the aggregatedate hereof, except as would not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental AuthorityAuthority and (ii) since August 14, and, since the Look-Back Date2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. Except The Company and each of its Subsidiaries have not since August 14, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not, individually or in the aggregate, not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, (1) experienced any Specified Data Breaches; or (2) experienced any unauthorized access or acquisition of any Sensitive Data Processed by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by any Company Group member or any Specified Data Breaches or been required by applicable Laws, Governmental Authority or other Data Security Requirements to notify, any Person of any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, neither (i) the execution, delivery, or performance of this Agreement by the Company or (ii) the consummation of any of the transactions contemplated hereby, will result in any breach or violation of any Data Security Requirement.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since the Look-Back IPO Date has been, in material compliance in all material respects with all Data Security Requirements; and (ii) since the Look-Back IPO Date, has taken commercially reasonable steps consistent with standard industry practice by companies of similar sizesize and maturity, and in compliance in all material respects with the Data Security Requirements Requirements, to protect (A) the confidentiality, integrity, availability, and security of its Business SystemsSystems that are involved in the Processing of Personally Identifiable Information and in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Sensitive Data Personally Identifiable Information Processed by the Company or any of its Subsidiaries such Subsidiary from unauthorized use, access, disclosure, theft, and modification. Except , except in each case as would notnot be material to the business of the Company Group, individually or in taken as a whole. As of the aggregatedate hereof, except as would not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority, and, Authority and (ii) since the Look-Back IPO Date, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the The Company and each of its Subsidiaries have not since the Look-Back IPO Date, (1) experienced any Specified Data Breaches; or (2) experienced been involved in any unauthorized access or acquisition Legal Proceedings related to any violation of any Sensitive Data Processed Security Requirements by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except Specified Data Breaches, each except as would not, individually or in the aggregate, not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by any Company Group member or any Specified Data Breaches or been required by applicable Laws, Governmental Authority or other Data Security Requirements to notify, any Person of any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, neither (i) the execution, delivery, or performance of this Agreement by the Company or (ii) the consummation of any of the transactions contemplated hereby, will result in any breach or violation of any Data Security Requirement.

Data Security and Privacy. The Company and each of its Subsidiaries (i) isare, and since the Look-Back Date has May 16, 2018 have been, in material compliance in all material respects with all Data Security Requirements; and (ii) since the Look-Back DateMay 16, has 2018, have taken commercially reasonable steps consistent with standard industry practice by companies of similar sizesize and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business SystemsSystems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Sensitive Data Personally Identifiable Information Processed by the Company or any of its Subsidiaries such Subsidiary from unauthorized use, access, disclosure, theft, and modification. Except As of December 11, 2020, except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member of the Company Group. Except as would not, individually or in the aggregate, not be material to the business of the Company Group, taken as a whole, there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental AuthorityAuthority and since May 16, and, since the Look-Back Date2018, no fines or other penalties have been imposed on or claims for compensation under applicable laws have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data BreachBreach or otherwise. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the The Company and each of its Subsidiaries have not since the Look-Back DateMay 16, 2018, (1) to the Knowledge of the Company, experienced any Specified Data Breaches; or (2) experienced any unauthorized access or acquisition of any Sensitive Data Processed by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by any Company Group member Requirements or any Specified Data Breaches or been required by applicable Laws, Governmental Authority or other Data Security Requirements to notify, any Person of any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, neither (i) the execution, delivery, or performance of this Agreement by the Company or (ii) the consummation of any of the transactions contemplated hereby, will result in any breach or violation of any Data Security RequirementBreaches.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since the Look-Back Date January 1, 2020 has been, in material compliance in all material respects with all Data Security Requirements; and (ii) since the Look-Back DateJanuary 1, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar sizesize and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business SystemsSystems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Sensitive Data Personally Identifiable Information Processed by the Company or any of its Subsidiaries such Subsidiary from unauthorized use, access, disclosure, theft, and modification. Except , except in each case as would notnot be material to the business of the Company Group, individually or in taken as a whole. As of the aggregatedate hereof, except as would not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental AuthorityAuthority and (ii) since January 1, and, since the Look-Back Date2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. Except The Company and each of its Subsidiaries have not since January 1, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not, individually or in the aggregate, not be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, (1) experienced any Specified Data Breaches; or (2) experienced any unauthorized access or acquisition of any Sensitive Data Processed by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by any Company Group member or any Specified Data Breaches or been required by applicable Laws, Governmental Authority or other Data Security Requirements to notify, any Person of any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, neither (i) the execution, delivery, or performance of this Agreement by the Company or (ii) the consummation of any of the transactions contemplated hereby, will result in any breach or violation of any Data Security Requirement.

Data Security and Privacy. The Company and each of its Subsidiaries (i) isare, and since the Look-Back Date has May 16, 2018 have been, in material compliance in all material respects with all Data Security Requirements; and (ii) since the Look-Back DateMay 16, has 2018, have taken commercially reasonable steps consistent with standard industry practice by companies of similar sizesize and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business SystemsSystems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Sensitive Data Personally Identifiable Information Processed by the Company or any of its Subsidiaries such Subsidiary from unauthorized use, access, disclosure, theft, and modification. Except As of the date hereof, except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have implemented since the Look-Back Date, and maintain, a written information security program comprising reasonable organizational, administrative, physical, and technical safeguards designed to protect the security, confidentiality, integrity, and availability of its Business Systems and all Sensitive Data it Processes that are consistent with all Laws and Contracts applicable to any member of the Company Group. Except as would not, individually or in the aggregate, not be material to the business of the Company Group, taken as a whole, there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental AuthorityAuthority and since May 16, and, since the Look-Back Date2018, no fines or other penalties have been imposed on or claims for compensation under applicable laws have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data BreachBreach or otherwise. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the The Company and each of its Subsidiaries have not since the Look-Back DateMay 16, 2018, (1) to the Knowledge of the Company, experienced any Specified Data Breaches; or (2) experienced any unauthorized access or acquisition of any Sensitive Data Processed by any member of the Company Group or by any third party service provider on behalf of any member of the Company Group. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries have not since the Look-Back Date, been involved in any Legal Proceedings or received any notice of any claims or investigations related to any violation of any Data Security Requirement by any Company Group member Requirements or any Specified Data Breaches or been required by applicable Laws, Governmental Authority or other Data Security Requirements to notify, any Person of any Specified Data Breach. Except as would not, individually or in the aggregate, be material to the business of the Company Group, taken as a whole, neither (i) the execution, delivery, or performance of this Agreement by the Company or (ii) the consummation of any of the transactions contemplated hereby, will result in any breach or violation of any Data Security RequirementBreaches.