Common use of Information Privacy and Security Compliance Clause in Contracts

Information Privacy and Security Compliance. (a) Since January 1, 2020, except for such failures that, individually or in the aggregate, have not had and would not reasonably be expected to have a Company Material Adverse Effect, the collection, use, analysis, disclosure, retention, storage, security and dissemination of Personal Information by the Company or any Company Subsidiary complies with, and has not violated, (i) any applicable Contract, (ii) any applicable Law, including Privacy/Data Security Laws, (iii) any person’s right of publicity or (iv) any published privacy policy of the Company or any Company Subsidiary, then in effect. (b) Since January 1, 2020, the Company has maintained commercially reasonable security measures to protect the confidentiality, integrity and availability of Personal Information and non-public information in its or any Company Subsidiary’s possession or control. (c) Since January 1, 2020, to the knowledge of the Company, no person has gained unauthorized access to or made any unauthorized use of any Personal Information or other non-public information maintained by the Company or any Company Subsidiary and, to the knowledge of the Company, neither the Company nor any Company Subsidiary has been legally required to provide notice to any individuals, customers, third parties, or any Governmental Authority, nor has the Company or any Company Subsidiary provided any such notice relating to any unauthorized access to or use of Personal Information or other non-public information. (d) To the knowledge of the Company, since January 1, 2020, (i) there have been no material security breaches in the Business Systems used by the Company or any Company Subsidiary, and (ii) the Business Systems and all Software owned by the Company or any Company Subsidiary is free from any material software defect, and does not contain any virus, software routine or hardware component designed to permit unauthorized access or to disable or otherwise harm any computer, systems or software. (e) To the knowledge of the Company, (i) no Company Shareholder is under investigation by any Governmental Authority for a violation of any Privacy/Data Security Laws; (ii) since January 1, 2020, neither the Company nor any Company Subsidiary has received any written notices from any Governmental Authority relating to any such violations; and (iii) to the Company’s knowledge, since January 1, 2020, no representative of the Company or any Company Subsidiary has acted in a manner that would trigger a notification or reporting requirement under any Contract, or any Privacy/Data Security Laws related to the collection, use, disclosure, or security of Personal Information.

Information Privacy and Security Compliance. (a) Since January 1, 2020, except for such failures that, individually or in the aggregate, have not had and would not reasonably be expected to have a Company Material Adverse Effect2018, the collection, use, analysis, disclosure, retention, storage, security and dissemination of Personal Information by the Company or any Company Subsidiary materially complies with, and has not materially violated, (i) any applicable Contract, (ii) any applicable Law, including Privacy/Data Security Privacy Laws, (iii) any person’s right of publicity publicity, or (iv) any published privacy policy of the Company or any Company SubsidiaryCompany, then in effect. The Company has posted in accordance with Privacy Laws a privacy policy governing its use of Personal Information on its websites and if required by Contract, on websites it maintains on behalf of customers, and has materially complied at all times with such privacy policy. (b) Since January 1, 20202018, the Company has maintained commercially reasonable security measures to protect the confidentiality, integrity and availability of Personal Information and non-public information in its or any Company Subsidiary’s possession or control. (c) Since January 1, 20202018, to the knowledge of the Company, no person has gained unauthorized access to or made any unauthorized use of any Personal Information or other non-public information maintained by the Company or any Company Subsidiary and, to the knowledge of the Company, neither and the Company nor any Company Subsidiary has not been legally required to provide notice to any individuals, customers, third parties, or any Governmental Authority, nor has the Company or any Company Subsidiary provided any such notice relating to any unauthorized access to or use of Personal Information or other non-public information. (d) To the knowledge of the Company, since January 1, 20202018, (i) there have been no material security breaches in the Business Systems information technology systems used by the Company or any Company SubsidiaryCompany, and (ii) the Business Systems and all Software owned by the Company or any Company Subsidiary is free from any material software defect, and does not contain any virus, software routine or hardware component designed to permit unauthorized access or to disable or otherwise harm any computer, systems or software. (e) To the knowledge of the Company, (i) no member of the Company Shareholder is under investigation by any Governmental Authority for a violation of any Privacy/Data Security Privacy Laws; (ii) since January 1, 20202018, neither the Company nor any Company Subsidiary has not received any written notices from the Department of Justice, Federal Trade Commission, or the Attorney General of any Governmental Authority state relating to any such violations; and (iii) to the Company’s knowledge, since January 1, 20202018, no representative of the Company or any Company Subsidiary has acted in a manner that would trigger a notification or reporting requirement under any Contract, or any Privacy/Data Security Privacy Laws related to the collection, use, disclosure, or security of Personal Information. (f) Since January 1, 2018, the Company has materially complied with all applicable Privacy Laws.

Information Privacy and Security Compliance. (a) Since January April 1, 20202021, except for such failures that, individually or in to the aggregate, have not had and would not reasonably be expected to have a Company Material Adverse Effectknowledge of the Company, the collection, use, analysis, disclosure, retention, storage, security and dissemination of Personal Information by the Company or any Company Subsidiary materially complies with, and has not materially violated, (i) any applicable Material Contract, (ii) any applicable Law, including Privacy/Data Security Laws, (iii) any person’s right of publicity publicity, or (iv) any published privacy policy of the Company or any Company SubsidiaryCompany, then in effect. The Company has posted in accordance with Privacy/Data Security Laws a privacy policy governing its use of Personal Information on its websites and has materially complied at all times with such privacy policy. (b) Since January April 1, 20202021, to the knowledge of the Company, the Company has maintained commercially reasonable security measures to protect the confidentiality, integrity and availability of Personal Information and non-public information in its or any Company Subsidiary’s possession or control, including maintaining privacy notices, policies and procedures relating to data privacy and security, and any risk assessments or certification reports received by the Company related to data privacy and security. The Company has provided training about compliance with Privacy/Data Security Laws to all employees with access to Personal Information. (c) Since January April 1, 20202021, to the knowledge of the Company, no person has gained unauthorized access to or made any unauthorized use of any Personal Information or other non-public information maintained by the Company or any Company Subsidiary and, to the knowledge of the Company, neither and the Company nor any Company Subsidiary has not been legally required to provide notice to any individuals, customers, third parties, or any Governmental Authority, nor has the Company or any Company Subsidiary provided any such notice relating to any unauthorized access to or use of Personal Information or other non-public information. (d) To Since April 1, 2021, to the knowledge of the Company, since January 1, 2020, (i) there have been no material security breaches in the Business Systems information technology systems used by the Company or any Company SubsidiaryCompany, and (ii) to the Business Systems and Company’s knowledge, all Software software owned by the Company or any Company Subsidiary is free from any material software defect, and does not contain any virus, software routine or hardware component designed to permit unauthorized access or to disable or otherwise harm any computer, systems or software. (e) To the knowledge of the Company, (i) no owner of the Company Shareholder is under investigation by any Governmental Authority for a violation of any Privacy/Data Security Laws; (iii) since January 1, 2020, neither the Company nor any Company Subsidiary has not received any written notices from the Department of Justice, Federal Trade Commission, or the Attorney General of any Governmental Authority state relating to any such violations; and (iiiii) to the Company’s knowledge, since January 1, 2020, no representative of the Company or any Company Subsidiary has acted in a manner that would trigger a notification or reporting requirement under any business associate agreement to which it is a party, any Contract, or any Privacy/Data Security Laws related to the collection, use, disclosure, or security of Personal Information. (f) Since April 1, 2021, the Company has materially complied with all applicable Material Contracts and all Privacy/Data Security Laws. (g) The Company has performed a security risk assessment as required under any other Privacy/Data Security Law, as applicable (the “Security Risk Assessment”). The Company has addressed and remediated or has a plan to address and remediate all threats and deficiencies identified in the applicable Security Risk Assessment.