Common use of IT Systems; Data Security and Privacy Clause in Contracts

IT Systems; Data Security and Privacy. (a) The IT Systems (i) are in good repair and operating condition and are suitable (including with respect to working condition, performance and capacity) for the purposes for which they are being currently used and (ii) to the Knowledge of the Company, do not contain any Malware that would reasonably be expected to interfere with the ability of the Company and its Subsidiaries to conduct business or present a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information or other non-public information. (b) The Company and its Subsidiaries have, in accordance with applicable Data Security Requirements, implemented, maintained, and complied with commercially reasonable written information security, business continuity, back-up and disaster recovery plans and procedures. Since April 29, 2017, (i) to the Knowledge of the Company, there has been no security breach or unauthorized access or use, affecting any of the IT Systems and (ii) neither the Company nor any of its Subsidiaries have been notified by any third party (including pursuant to an audit by such third party) of, nor does the Company have any knowledge of, any data or information security breach with respect to the IT Systems, in each case of clauses (i) and (ii), that has caused any material disruption to the conduct of the business or presented a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information. (c) Since April 29, 2017, the Company has been in material compliance (i) with applicable Data Security Requirements and other Laws, specifically in relation to the collection, storage, protection, security, use, disclosure, distribution, transmission, maintenance, disposal and processing of Personal Information and (ii) its posted privacy policies and other internal policies and procedures with respect to Personal Information. (d) Since April 29, 2017, neither the Company nor any of its Subsidiaries, nor, to the Knowledge of the Company, any third party engaged in the processing of Personal Information on behalf of the Company, has received any written claims alleging that the Company or any of its Subsidiaries violated any applicable Data Security Requirement. To the Knowledge of the Company, neither this Agreement nor the transactions contemplated by this Agreement will violate any applicable Data Security Requirement in any material respect. (e) The Company and its Subsidiaries have cybersecurity and data breach insurance that is commercially reasonable in light of the current IT Systems and the nature and volume of applicable collected, stored, used, maintained, transmitted or processed Personal Information.

IT Systems; Data Security and Privacy. (a) The IT Systems Systems, in each case, to the extent owned, operated by or under the control of the Company or its Subsidiaries (i) are in good repair and operating condition and are adequate and suitable (including with respect to working condition, performance and capacity) for the purposes for which they are being currently used used, except, in each case, as would not be material to the Company or its Subsidiaries and (ii) to the Knowledge of the Company, do not contain any Malware that would reasonably be expected to interfere with the ability of the Company and or any of its Subsidiaries to conduct its business or present a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information or other non-public information. The Company and its Subsidiaries maintain operating procedures and documentation needed for the operation of the IT Systems operated by them in the ordinary course of business. (b) The Company and its Subsidiaries (i) have implemented, maintain, and comply with commercially reasonable technical, organizational and administrative security measures and policies, including written information security, business continuity and backup and disaster recovery plans and procedures that are consistent with applicable Laws, and (ii) have taken commercially reasonable steps to assess and test such plans and procedures on no less than an annual basis, and such plans and procedures have been proven effective upon such testing in all material respects. Since January 1, 2018, (x) there has been no failure, breakdown, persistent substandard performance affecting any of the IT Systems, in each case, to the extent owned, operated by or under the control of the Company or its Subsidiaries, and (y) neither the Company nor any of its Subsidiaries has been notified by any third party (including pursuant to an audit of the Company or any of its Subsidiaries by such third party) of, nor to the knowledge of the Company has there been any data security, information security or other breach or unauthorized access or use or technological deficiency with respect to such IT Systems, in each case of clauses (x) and (y) above, that has caused or could reasonably be expected to cause any material disruption to the operations of the Company and its Subsidiaries or present a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information or other non-public information. (bc) The Since January 1, 2018, the Company and its Subsidiaries have, in accordance with applicable Data Security Requirements, have implemented, maintained, maintained and materially complied with commercially reasonable written information securitytheir own privacy policies and procedures and materially complied with any and all applicable Laws, business continuitycontractual requirements, back-up terms of use and disaster recovery plans and procedures. Since April 29, 2017, (i) industry standards with which they are required to the Knowledge of the Company, there has been no security breach or unauthorized access or use, affecting any of the IT Systems and (ii) neither the Company nor any of its Subsidiaries have been notified by any third party comply (including pursuant to an audit by such third party) of, nor does the Company have any knowledge of, any data or information security breach with respect to the IT SystemsPayment Card Industry Security Standards (PCI-DSS)), in each case of clauses (i) and (ii), that has caused any material disruption to the conduct of the business or presented a material risk of unauthorized accessextent applicable to their collection, disclosure, use, corruption, destruction or loss of any Personal Information. (c) Since April 29, 2017, the Company has been in material compliance (i) with applicable Data Security Requirements and other Laws, specifically in relation to the collectionretention, storage, protection, security, use, disclosure, distribution, transmission, maintenancemaintenance and disposal (collectively, disposal and processing “Use”) of Personal Information (collectively, “Data Privacy and (ii) its posted privacy policies and other internal policies and procedures with respect to Personal InformationSecurity Requirements”). (d) Since April 29From January 1, 20172018 to the date hereof, neither the Company nor any of its Subsidiaries, nor, to the Knowledge knowledge of the Company, any third party engaged in the processing of Personal Information working on behalf of the Companyany of them, has received any written claims alleging that claims, notices or complaints, regarding the Company Company’s or any of its Subsidiaries violated any applicable Data Security Requirement. To Subsidiaries’ or (to the Knowledge extent relating to work on behalf of the CompanyCompany or its Subsidiaries) such third party’s Use of any Personal Information, neither or alleging a violation of any Data Privacy and Security Requirements, including from the Federal Trade Commission, any similar foreign bodies, or any other Governmental Authority. Neither this Agreement nor the transactions contemplated by this Agreement will violate the privacy policies of the Company or any applicable Data Security Requirement in of its Subsidiaries as they currently exist. Since January 1, 2018, there has been no material unauthorized access to Personal Information maintained by or on behalf of the Company or any material respectof its Subsidiaries. (e) The Company and its Subsidiaries have cybersecurity and data breach insurance that is commercially reasonable in light respect of the current IT Systems Systems, in each case, to the extent owned, operated by or under the control of the Company or its Subsidiaries and the nature Personal Information and volume of applicable collected, stored, used, maintained, transmitted or processed Personal Informationother non-public information stored therein.

IT Systems; Data Security and Privacy. (a) The IT Systems (i) are in good repair and operating condition and are adequate and suitable (including with respect to working condition, security, performance and capacity) in all material respects, individually, for the purposes for which they are being currently used or held for use, and, collectively, for the operation of the Business, and (ii) to the Knowledge of the CompanySeller Parent, do not contain any Malware that would reasonably be expected to materially adversely interfere with the ability conduct of the Company Business or present a material risk of business interruption or of unauthorized access, disclosure, use, corruption, destruction or loss of any personally identifiable information, data or non-public information. (b) The Business Subsidiaries and its Subsidiaries Asset Sellers (to the extent relating to the Business) (i) have implemented, maintain, and comply with written security, business continuity and backup and disaster recovery plans and procedures with respect to the IT Systems, and (ii) have taken steps to test such plans and procedures. During the thirty-six (36) months preceding the date of this Agreement, (x) there has been no material failure, breakdown, persistent substandard performance, unauthorized access or use, or other adverse event affecting any of the IT Systems, and (y) no Business Subsidiary or Asset Seller to the extent relating to the Business has been notified in writing by any third Person (including pursuant to an audit of the Business by such third Person) of, nor to the Knowledge of Seller Parent is there, any material data security, information security or other technological deficiency with respect to the IT Systems, in each case of (x) and (y), that has caused or could reasonably be expected to cause any material disruption to the conduct business of the Business or present a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information personally identifiable information, data or other non-public information. (bc) The Company and its Subsidiaries have, in accordance with applicable Data Security Requirements, implemented, maintained, and complied with commercially reasonable written information security, business continuity, backDuring the thirty-up and disaster recovery plans and procedures. Since April 29, 2017six (36) months preceding the date of this Agreement, (i) a privacy statement regarding the use, including the collection, security, and disclosure, of the personally identifiable information, data and non-public information of individuals who are visitors to the Knowledge websites or users of the Company, there has been no security breach or unauthorized access or use, affecting any applications of the IT Systems Business Subsidiaries and the Business has at all times been and is posted and accessible to individuals on each such website or application, and (ii) neither the Company nor any of its Subsidiaries Business Subsidiaries, and Asset Sellers to the extent relating to the Business, have been notified by any third party (including pursuant to an audit by such third party) of, nor does the Company have any knowledge of, any data or information security breach with respect to the IT Systems, in each case of clauses (i) and (ii), that has caused any material disruption to the conduct of the business or presented a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information. (c) Since April 29, 2017, the Company has been are in material compliance with any such privacy statement (ias applicable to any given set of personally identifiable information, data and non-public information collected by or on behalf of any of them) and with any and all applicable Data Security Requirements of Law, contractual requirements and other Lawsterms of use pertaining to personally identifiable information, specifically in relation to the collection, storage, protection, security, use, disclosure, distribution, transmission, maintenance, disposal data and processing of Personal Information and (ii) its posted privacy policies and other internal policies and procedures with respect to Personal Informationnon-public information. (d) Since April 29During the thirty-six (36) months preceding the date of this Agreement, 2017, neither the Company nor any of its Subsidiariesno Business Subsidiary or Asset Seller, nor, to the Knowledge of the CompanySeller Parent, any third party engaged in the processing of Personal Information Person working on behalf of any of them, in each case to the Companyextent relating to the Business, has (i) experienced any material data security breaches that required notice to any client in accordance with any Client Contract or Requirements of Law or (ii) received any written claims claims, notices or complaints regarding its information practices or the use of any personally identifiable information, data and non-public information of individuals, or alleging that a material violation of any individual’s privacy, or confidentiality rights under any applicable privacy statement or otherwise from any Person, including the Company Federal Trade Commission or any of its Subsidiaries violated any applicable Data Security Requirementother Governmental Body. To the Knowledge of the Company, neither Neither this Agreement nor the transactions contemplated by this Agreement will violate any applicable Data Security Requirement in any material respectsuch privacy statements. (e) The Company and its Subsidiaries have cybersecurity and data breach insurance that is commercially reasonable in light of the current IT Systems and the nature and volume of applicable collected, stored, used, maintained, transmitted or processed Personal Information.

IT Systems; Data Security and Privacy. (a) The IT Systems (i) are in good repair and operating condition and are suitable (including with respect to working condition, performance and capacity) for the purposes for which they are being currently used and (ii) to the Knowledge of the Company, do not contain any Malware that would reasonably be expected to interfere with the ability of the Company and its Subsidiaries to conduct business or present a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information or other non-public information. (b) The Company and its Subsidiaries have, in accordance with applicable Data Security Requirements, implemented, maintained, and complied with commercially reasonable written information security, business continuity, back-up and disaster recovery plans and procedures. Since April 29, 2017, (i) to the Knowledge of the Company, there has been no security breach or unauthorized access or use, affecting any of the IT Systems and (ii) neither the Company nor any of its Subsidiaries have been notified by any third party (including pursuant to an audit by such third party) of, nor does the Company have any knowledge of, any data or information security breach with respect to the IT Systems, in each case of clauses (i) and (ii), that has caused any material disruption to the conduct of the business or presented a material risk of unauthorized access, disclosure, use, corruption, destruction or loss of any Personal Information. (c) Since April 29, 2017, the Company has been in material compliance (i) with applicable Data Security Requirements and other Laws, specifically in relation to the collection, storage, protection, security, use, disclosure, distribution, transmission, maintenance, disposal and processing of Personal Information and (ii) its posted privacy policies and other internal policies and procedures with respect to Personal Information. (d) Since April 29, 2017, neither the Company nor any of its Subsidiaries, nor, to the Knowledge of the Company, any third party engaged in the processing of Personal Information on behalf of the Company, has received any written claims alleging that the Company or any of its Subsidiaries violated any applicable Data Security Requirement. To the Knowledge of the Company, neither this the Amended and Restated Agreement nor the transactions contemplated by this the Amended and Restated Agreement will violate any applicable Data Security Requirement in any material respect. (e) The Company and its Subsidiaries have cybersecurity and data breach insurance that is commercially reasonable in light of the current IT Systems and the nature and volume of applicable collected, stored, used, maintained, transmitted or processed Personal Information.