Common use of Privacy and Cybersecurity Clause in Contracts

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or would not reasonably be expected to be material to the Company and its Subsidiaries taken as a whole. There are no material Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named party, or as to which the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three (3) years (i) there have been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years preceding the date hereof have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of clauses (i)-(iiii) through (iii) above, other than any non-compliance that, individually or in the aggregate, has not been or and would not reasonably be expected to be material to the Company and its Subsidiaries taken as a wholeSubsidiaries. There are no material Actions actions by any Person (including any Governmental AuthorityEntity) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which the knowledge of the Company, threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three (3) years preceding the date of this Agreement (i) to the Knowledge of the Company, there have been, been no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To Other than as disclosed on Schedule 4.15(b) of the Company Disclosure Letter, to the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company Parent and its Subsidiaries maintain and are in compliance with, and during the last three (3) years preceding the date hereof have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the CompanyParent’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the CompanyParent’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the CompanyParent’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or and would not reasonably be expected to be material to the Company Parent and its Subsidiaries taken as a wholeSubsidiaries. There are no material Actions actions by any Person (including any Governmental AuthorityEntity) pending to which the Company Parent or any of the CompanyParent’s Subsidiaries is a named partyparty or, to the knowledge of Parent, threatened in writing against Parent or as to which the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three (3) years preceding the date of this Agreement (i) to the Knowledge of Parent, there have been, been no material breaches of the security of the information technology systems of the Company Parent and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the CompanyParent’s and its Subsidiaries’ business or operations. The Company Parent and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the CompanyParent, neither the Company Parent nor any Subsidiary of the Company Parent has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company Parent or any of the CompanyParent’s Subsidiaries.

Privacy and Cybersecurity. (a) The Except as set forth on Section 4.23(a) of the Company Disclosure Letter, the Company and its Subsidiaries maintain and are in compliance withhave since January 1, 2018 maintained privacy policies consistent with applicable Law, and during the last three (3) years have maintained and been in compliance with, (i) all applicable Laws Law relating to the privacy and/or security of personal information, and (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iiii) and (ii) above, other than any non-compliance that, individually or in the aggregate, has not been or and would not reasonably be expected to be result in material liability to the Company and its Subsidiaries. The Company and its Subsidiaries taken as a whole. There have not received written notice of any Action since January 1, 2018, and there are no material no, and since January 1, 2018 there have not been any, Actions for which the Company or its Subsidiaries have received written notice currently pending, by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which the knowledge of the Company, threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During To the last three (3) years knowledge of the Company, since January 1, 2018 (i) there have been, been no material breaches of the security of the information technology systems of the Company and or its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and or its Subsidiaries’ business businesses or operations. The Company and its Subsidiaries take have since January 1, 2018 taken commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its their possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any material incident in which such personally identifiable information was stolen or improperly accessedaccessed by an unauthorized Person, including in connection with a breach of security, or (B) received any written notice or complaint from any Person (including any Governmental Authority) with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance withmaintain, and during the last three (3) years preceding the date of this Agreement, have maintained adopted, implemented and been maintained, a data privacy and security compliance program that (i) complies in all material respects with all applicable Privacy/Cybersecurity Requirements; (ii) protects the Company's information technology systems in its possession and control against reasonably anticipated threats, hazards to their security and the unauthorized use or disclosure of thereof; and (iii) includes commercially reasonable plans, policies, procedures and administrative, technical and physical safeguards designed for the integrity, operation, redundancy, disaster recovery and security of their information technology systems. (b) The Company and its Subsidiaries are in compliance with, in all material respects with (i) all applicable Laws relating to the privacy and/or security of personal informationPrivacy/Cybersecurity Requirements, (ii) the Company’s 's and its Subsidiaries’ posted or ' publicly facing privacy policies, and (iii) the Company’s 's and its Subsidiaries’ ' contractual obligations concerning cybersecurity, data security and the security of the Company’s 's and each of its Subsidiaries’ ' information technology systems, in each case of . (i)-(iiic) above, other than any non-compliance that, individually or in the aggregate, has not been or would not reasonably be expected to be material to the Company and its Subsidiaries taken as a whole. There are no material Actions by any Person (including any Governmental Authority) pending as of the date of this Agreement to which the Company or any of the Company’s 's Subsidiaries is a named partyparty or, or as to which the knowledge of the Company, threatened in writing against the Company or any of its Subsidiaries has received a threat in writingSubsidiaries, alleging a violation of any third Person’s 's privacy or personal information rights. (bd) During the last three (3) years preceding the date of this Agreement, (i) there have been, been no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s 's and its Subsidiaries’ ' business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive confidential or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To , in each case, except as would not be expected to be material to the knowledge Company and its Subsidiaries, taken as a whole. (e) The consummation of the Company, neither the Company nor transactions contemplated hereby shall not breach or otherwise cause any Subsidiary violation in any material respect of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s SubsidiariesPrivacy/Cybersecurity Requirements.

Privacy and Cybersecurity. (a) The Except as would not have a Squirrel Material Adverse Effect, each Squirrel Company maintains and its Subsidiaries maintain and are is in compliance with, and during the last three twelve (312) years have months has maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal informationinformation in the possession or control of such Squirrel Company, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case systems of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or would not reasonably be expected to be material to the Company and its Subsidiaries taken as a wholesuch Squirrel Company. There are no material Actions Legal Proceedings by any Person (including any Governmental AuthorityEntity) pending to which the any Squirrel Company or any of the Company’s Subsidiaries is a named party, or as to which the such Squirrel Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three twelve (312) years months (i) there have been, been no material breaches of the security of the information technology systems under the exclusive control of the Company and its Subsidiariesany Squirrel Company, and (ii) there have been no disruptions in any such information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operationsoperations of such Squirrel Company. The Each Squirrel Company and its Subsidiaries take takes commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the each Squirrel Company, neither the Company nor any Subsidiary of the such Squirrel Company has not (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the such Squirrel Company has any such notice or complaint been threatened in writing against the Company or any of the such Squirrel Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ; in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or would not reasonably be expected to be material to the Company and its Subsidiaries taken as a whole. There are no material Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named party, or as to which the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three (3) years (i) there have been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years preceding the date of this Agreement have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or and would not reasonably be expected to be material to the Company and its Subsidiaries taken as a wholeSubsidiaries. There are no material Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which the knowledge of the Company, threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three (3) years preceding the date of this Agreement (i) there have been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three two (32) years preceding the date of this Agreement have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal informationprivacy, data security, and data protection, (ii) the Company’s and its Subsidiaries’ posted internal or publicly facing external privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning privacy, data protection, cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or would not reasonably be expected to be material to the have a Company and its Subsidiaries taken as a wholeMaterial Adverse Effect. There are no material Actions Legal Proceedings by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any applicable Law relating to privacy, data security, and data protection, or of any third Person’s privacy or personal information rightsrights except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. (b) During Except as set forth on Section 4.22(b) of the last three Company Disclosure Letter, during the two (32) years preceding the date of this Agreement (i) there have been, been no unauthorized intrusions nor material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected resulted in a Company Material Adverse Effect. Each of the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take have implemented (A) commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable personal information in its possession their possession, custody, or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To ; (B) commercially reasonable security controls and disaster recovery plans and procedures for the knowledge Company IT Systems to ensure the confidentiality, integrity and availability of the Companydata and Company IT Systems, neither including backup, anti-virus, security and disaster recovery technology, policies and procedures consistent with applicable legal and regulatory standards and customary industry practices; and (C) commercially reasonable security designed to prevent unauthorized access to, or control of, the Company products. (c) Neither the Company nor any Subsidiary of the Company has (A) experienced any material incident in which such information was stolen or improperly accessedimpacting the confidentiality, including in connection with a breach of securityintegrity, or (B) availability of any personal information or the Company’s information technology systems, networks, software, and products. Neither the Company nor any Subsidiary of the Company has received any written notice or complaint from any Person Person, or provided any notice to any Person, with respect to any material violation of the foregoingtheir privacy, data security, and data protection practices or obligations, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and Group are presently in compliance with, and during the last three (3) years have maintained and been in compliance with, with all (i) all applicable Laws relating laws, statutes, regulations, rules, guidelines, standards, judgments, and orders of any Governmental Entity related to the privacy and/or data privacy, data protection, or data security of personal information(collectively, “Privacy Laws”), (ii) the Company’s internal and its Subsidiaries’ posted or publicly facing written privacy policiespolicies of the Company Group, (iii) third party privacy or data security obligations that the Company Group have been or are contractually obligated to comply with, (iv) any rules of any applicable self-regulatory organizations in which the Company Group are or have been a member or are or have been contractually obligated to comply with, and (iiiv) consents or other authorizations obtained by the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurityCompany Group that are related to privacy, security, data security and protection or the security processing of the Company’s and each information that identifies, relates to, describes, is reasonably capable of its Subsidiaries’ information technology systemsbeing associated with, in each case of or could reasonably be linked to a particular individual or is otherwise is subject to any applicable Privacy Laws (i)-(iii) abovecollectively, other than any “Privacy Obligations”), except for such non-compliance thatthat would not, individually or in the aggregate, has not been or would not reasonably be expected to be material to the Company and its Subsidiaries taken Group, considered as a wholeone enterprise. There are no Except as would not, individually or in the aggregate, reasonably be expected to be material Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyGroup, or considered as to which the Company or any of its Subsidiaries has received a threat in writingone enterprise, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three (3) years (i) there have been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen there has been no security breach or improperly accessedincident, including in connection with a breach of securityunauthorized access or disclosure, or (B) received any written notice other compromise of or complaint from any Person with respect relating to any of the foregoingCompany Group’s information technology and computer systems, nor to networks, hardware, software, data and databases (including the knowledge data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company Group, and any such data processed or stored by third parties on behalf of the Company has any such notice Group), equipment or complaint been threatened in writing against technology (collectively, “IT Systems and Data”), (B) no member of the Company Group has been notified of, and each of them have no knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT Systems and Data and (C) the Company Group have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of the Company’s Subsidiariestheir IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable Privacy Obligations.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years preceding the date of this Agreement have maintained and been in compliance with, : (i) all applicable Laws relating to the privacy and/or security of personal informationprivacy, data security, and data protection; (ii) the Company’s and its Subsidiaries’ posted internal or publicly facing external privacy policies, ; and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning privacy, data protection, cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of clauses (i)-(iiii)—(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or would not reasonably be expected to be material to the have a Company and its Subsidiaries taken as a wholeMaterial Adverse Effect. There are no material Actions Legal Proceedings by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a material violation of any third Person’s privacy or personal information rightsapplicable Law relating to privacy, data security, and data protection. (b) During Except as set forth on Section 4.22(b) of the last three Company Disclosure Letter, during the two (32) years preceding the date of this Agreement, to the knowledge of the Company: (i) there have been, been no material unauthorized intrusions nor breaches of the security of the information technology systems of the Company and its Subsidiaries, IT Systems; and (ii) there have been no disruptions in any information technology systems of the Company IT Systems, including any failures, breakdowns, data loss, or outages, in the case of either of clauses (i) or (ii) that materially adversely affected resulted in a Company Material Adverse Effect. Each of the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take have implemented commercially reasonable and legally compliant security measures designed to protect confidentialthe confidentiality, integrity and availability of the Company IT Systems, Company products, personal information and sensitive or personally identifiable business information in its possession possession, custody, or control control, against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither such as backup, anti-virus, security and disaster recovery technology, policies and procedures consistent with applicable legal and regulatory standards and customary industry practices. (c) Neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint of any claims, investigation or inquiries from any Person Person, or provided any notice to any Person, with respect to any material violation of the foregoingtheir privacy, data security, and data protection practices or obligations, or any information security-related incidents, nor to the knowledge of the Company Company, has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years preceding the date hereof have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or and would not reasonably be expected to be material to the Company and its Subsidiaries taken as a wholeSubsidiaries. There are no material Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which the knowledge of the Company, threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three (3) years preceding the date of this Agreement (i) there have been, been no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three five (35) years preceding the date of this Agreement have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or and would not reasonably be expected to be material to the Company and its Subsidiaries taken as a wholeSubsidiaries. There are no material Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which the knowledge of the Company, threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three five (35) years preceding the date of this Agreement (i) there have been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal informationinformation (including, to the extent constituting such applicable Laws, all related implementing rules, regulations, guidelines and circulars of data privacy regulators implementing or enforcing such Laws), (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ; in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been or would not reasonably be expected to be material to the Company and its Subsidiaries taken as a whole. There are no material Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named partyparty or, or as to which the knowledge of the Company, threatened in writing against the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rightsrights by the Company or its Subsidiaries in connection with the foregoing, except as would not reasonably be expected to be material to the business of the Company and its subsidiaries taken as a whole. (bi) During the last three (3) years (i) years, there have been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) during the last twelve (12) months, there have been no disruptions in any such information technology systems systems; in each case, that materially adversely affected the Company’s and its Subsidiaries’ business or operations, taken as a whole, and have not been remedied in all material respects. The Company and its Subsidiaries take commercially reasonable measures (and legally compliant any other measures required by applicable Law) designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To Except as would not reasonably be expected to be material to the knowledge business of the CompanyCompany and its subsidiaries, taken as a whole, during the last three (3) years, neither the Company nor any Subsidiary of the Company has (A) experienced any material incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoingforegoing incident, nor to the knowledge of the Company has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.