Common use of Privacy and Cybersecurity Clause in Contracts

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and have at all times been in material compliance with (i) Privacy Laws, (ii) policies, notices, statements and representations relating to the Processing of Personal Information, (iii) any privacy choices required by applicable Law, including opt-out preferences offered by the Company or its Subsidiaries to end users relating to Personal Information, and (iv) any contractual commitment made by the Company or any Subsidiary of the Company that is applicable to Personal Information, including contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ((i)-(iv) together with Privacy Laws, the “Company Privacy Commitments”). (b) The execution and delivery by the Company of this Agreement and the applicable Ancillary Agreements and the consummation of the transactions contemplated hereby and thereby do not and will not (i) require the delivery of any notice to or consent from any Person relating to Personal Information and (ii) conflict with or materially violate any Company Privacy Commitments. For the avoidance of doubt, to the extent Personal Information held or controlled by the Company is “personal information” under the CCPA, such data is an asset as contemplated by section 1798.140(t)(2)(D). The Company and its Subsidiaries currently make, and have at all times made, available to individuals (in each case, at or before the moment of collection of Personal Information) privacy policies and such policies are, and have at all times been, accurate, complete and not misleading (including by omission) of the Company’s and its Subsidiaries’ practices in relation to Personal Information and inclusive of all disclosures required by Privacy Laws. (c) The Company and its Subsidiaries have implemented and maintained, and have required their vendors and any other third Person with whom Personal Information is shared or who processes Personal Information on or on behalf of the Company’s or the Subsidiaries’ behalf to implement and maintain, commercially reasonable technical, physical and organizational measures, security systems and technologies to protect such Personal Information owned or controlled by the Company and/or its Subsidiaries and computers, networks, software and systems used by the Company or any Subsidiary of the Company from loss, theft, unauthorized access, use, disclosure or modification (a “Security Incident”). (d) Where the Company or any of its Subsidiaries uses a processor to process Personal Information, the processor has provided commercially reasonable guarantees, warranties or covenants in relation to processing of Personal Information, confidentiality, security measures and agreed to compliance with those obligations that are materially sufficient for the Company’s and its Subsidiaries’ compliance with applicable Privacy Laws, and there is in existence a written Contract between the Company and each such processor that complies with the requirements of applicable Privacy Laws. To the knowledge of the Company, such processors have not breached any such Contracts pertaining to Personal Information processed by such Persons on behalf of the Company or any of its Subsidiaries. The term “processor” has the meaning assigned to it in the GDPR and the UK DPA as well as “service provider” under the CCPA, as applicable. (e) In the past three (3) years, there have been no material Security Incidents and no such Security Incidents are currently threatened. To the knowledge of the Company, no circumstance has arisen in which Company Privacy Commitments would require the Company or any Subsidiary of the Company to notify a Governmental Authority or other third Person of a Security Incident. There are no Actions by any Person (including any Governmental Authority) pending to which the Company or any of its Subsidiaries is a named party and, to the knowledge of the Company, no Actions have been threatened against the Company or any of its Subsidiaries alleging a violation of any Company Privacy Commitments. To the knowledge of the Company, no facts or circumstances exist that would give rise to any such Action.

Privacy and Cybersecurity. (a) The Except as would not have a Company Material Adverse Effect, the Group Companies are, and its Subsidiaries maintain and during the three (3) years prior to the date of this Agreement have at all times been been, in material compliance with (i) Privacy Obligations, Cybersecurity Laws and Data Security Laws, (ii) policies, notices, statements and representations relating to the Processing of Personal Information, (iii) any privacy choices required by applicable Law, including opt-out preferences offered by the Company or its Subsidiaries to end users relating to Personal Information, and (iv) any contractual commitment made by the Company or any Subsidiary of the Company that is applicable to Personal Information, including contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ((i)-(iv) together with Privacy Laws, the “Company Privacy Commitments”). (b) The execution and delivery To the extent required by applicable Privacy Obligations, the Company Group Companies have provided notice to individuals about whom the Group Companies Process or direct the Processing of this Agreement and Personal Data regarding the applicable Ancillary Agreements and the consummation of the transactions contemplated hereby and thereby do not and will not (i) require the delivery of any notice to or consent from any Person relating to Group Company’s Personal Information and (ii) conflict with or materially violate any Company Privacy Commitments. For the avoidance of doubt, to the extent Personal Information held or controlled by the Company is “personal information” under the CCPA, such data is an asset as contemplated by section 1798.140(t)(2)(D). The Company and its Subsidiaries currently makeData Processing activities, and such notice fully and accurately discloses in all material respects how the Group Companies Process Personal Data about such individuals. Complete and correct copies of all written privacy notices have at all times made, been made available to individuals (in each case, at or before the moment of collection of Personal Information) privacy policies and such policies are, and have at all times been, accurate, complete and not misleading (including by omission) of the Company’s and its Subsidiaries’ practices in relation to Personal Information and inclusive of all disclosures required by Privacy LawsSPAC. (c) The Group Companies have, where required by Privacy Laws, contractually obligated third parties Processing Personal Data on behalf of the Group Companies to comply with applicable Privacy Laws. (d) The Group Companies have taken reasonable steps to protect and secure Business Data from loss, theft, unauthorized or unlawful Processing. (e) The Group Companies have contractually obligated all third parties Processing material Business Data on behalf of the Group Companies to (i) comply with applicable Privacy Obligations and (ii) take reasonable steps to protect and secure Business Data from loss, theft, unauthorized or unlawful Processing or other misuse. (f) The Group Companies have obtained or will obtain any and all necessary rights, approvals, permissions, and consents relating to its Processing of Personal Data necessary in connection with the transactions contemplated by this Agreement such that the transaction will not violate in any material respect any Privacy Laws, except to the extent attributable to the actions or omissions of a third party, including the Merger Subs and/or SPAC. (g) The Group Companies have implemented and maintained a written information security program that is comprised of reasonable and appropriate policies and technical, physical, administrative and organizational security measures designed to ensure a level of protection, security, confidentiality, integrity and availability of the information technology software and systems utilized by any Group Company in the operation of the business of the Company and its Subsidiaries have implemented and maintained(“IT Systems”) as appropriate for the risk, and have required their vendors and any other third Person with whom Personal Information is shared or who processes Personal Information on or on behalf of the Company’s or the Subsidiaries’ behalf to implement and maintain, commercially reasonable technical, physical and organizational measures, security systems and technologies including by being designed to protect such Personal Information owned or controlled by the Company and/or its Subsidiaries and computersall Business Data Processed thereby, networks, software and systems used by the Company or any Subsidiary of the Company from against loss, theft, unauthorized access, use, unauthorized disclosure or modification unlawful Processing, or other misuse, as reasonably consistent with (a “Security Incident”)i) reasonable practices in the industry in which the Group Companies operate, and (ii) the Group Companies’ Privacy Obligations, including, but not limited to, business continuity and disaster recovery plans. (dh) Where Except as would not have a Company Material Adverse Effect, during the Company or any of its Subsidiaries uses a processor to process Personal Information, the processor has provided commercially reasonable guarantees, warranties or covenants in relation to processing of Personal Information, confidentiality, security measures and agreed to compliance with those obligations that are materially sufficient for the Company’s and its Subsidiaries’ compliance with applicable Privacy Laws, and there is in existence a written Contract between the Company and each such processor that complies with the requirements of applicable Privacy Laws. To the knowledge of the Company, such processors have not breached any such Contracts pertaining to Personal Information processed by such Persons on behalf of the Company or any of its Subsidiaries. The term “processor” has the meaning assigned to it in the GDPR and the UK DPA as well as “service provider” under the CCPA, as applicable. (e) In the past three (3) years, years prior to the date of this Agreement there have has been no material Security Incidents and no such Security Incidents are currently threatened. To the knowledge of the Company, no circumstance has arisen in which Company Privacy Commitments would require the Company or any Subsidiary of the Company to notify a Governmental Authority Incident or other breach of security or unauthorized access by third Person of a Security Incident. There are no Actions by any Person parties to (including any Governmental Authorityi) pending to which the Company or any of its Subsidiaries is a named party andIT Systems, to the knowledge of the Company(ii) confidential information, no Actions have been threatened against the Company or any of its Subsidiaries alleging a violation of any Company Privacy Commitments. To the knowledge of the Company, no facts or circumstances exist that would give rise to any such Action.or

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and have at all times been in material compliance with (i) Privacy Laws, (ii) policies, notices, statements and representations relating to the Processing of Personal Information, (iii) any privacy choices required by applicable Lawchoices, including opt-out preferences offered by the Company or its Subsidiaries to end users relating to Personal Information, and (iv) any contractual commitment made by the Company or any Subsidiary of the Company that is applicable to Personal Information, including contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ((i)-(iv) together with Privacy Laws, the “Company Privacy Commitments”). (b) The execution and delivery by the Company of this Agreement and the applicable Ancillary Agreements and the consummation of the transactions contemplated hereby and thereby do not and will not (i) require the delivery of any notice to or consent from any Person relating to Personal Information and (ii) conflict with or materially violate any Company Privacy Commitments. For the avoidance of doubt, to the extent Personal Information held or controlled by the Company is “personal information” under the CCPA, such data is an asset as contemplated by section 1798.140(t)(2)(D). The Company and its Subsidiaries currently make, and have at all times made, available to individuals (in each case, at or before the moment of collection of Personal Information) privacy policies and such policies are, and have at all times been, accurate, complete and not misleading (including by omission) of the Company’s and its Subsidiaries’ practices in relation to Personal Information and inclusive of all disclosures required by Privacy Laws. (c) The Company and its Subsidiaries have implemented and maintained, and have required their vendors and any other third Person with whom Personal Information is shared or who processes Processes Personal Information on or on behalf of the Company’s or the Subsidiaries’ behalf to implement and maintain, commercially reasonable technical, physical and organizational measures, security systems and technologies to protect such Personal Information owned or controlled by the Company and/or its Subsidiaries and computers, networks, software and systems used by the Company or any Subsidiary of the Company from loss, theft, unauthorized access, use, disclosure or modification (a “Security Incident”). (d) Where the Company or any of its Subsidiaries uses a processor to process Personal Information, the processor has provided commercially reasonable guarantees, warranties or covenants in relation to processing of Personal Information, confidentiality, security measures and agreed to compliance with those obligations that are materially sufficient for the Company’s and its Subsidiaries’ compliance with applicable Privacy Laws, and there is in existence a written Contract between the Company and each such processor that complies with the requirements of applicable Privacy Laws. To the knowledge of the Company, such processors have not breached any such Contracts pertaining to Personal Information processed by such Persons on behalf of the Company or any of its Subsidiaries. The term “processor” has the meaning assigned to it in the GDPR and the UK DPA as well as “service provider” under the CCPA, as applicable. (e) In the past three (3) years, there have been no material Security Incidents and no such Security Incidents are currently threatened. To the knowledge of the Company, no No circumstance has arisen in which Company Privacy Commitments would require the Company or any Subsidiary of the Company to notify a Governmental Authority or other third Person of a Security Incident. There are no Actions by any Person (including any Governmental Authority) pending to which the Company or any of its Subsidiaries is a named party and, to the knowledge of the Company, no Actions have been threatened against the Company or any of its Subsidiaries alleging a violation of any Company Privacy Commitments. To the knowledge of the Company, no facts or circumstances exist that would give rise to any such Action.

Privacy and Cybersecurity. (a) The Each of the Company and its Subsidiaries maintain the PCs is and have at all times has been in material compliance with (i) all applicable Privacy Laws, (ii) policies, notices, statements and representations relating to the Processing of Personal Information, (iii) any privacy choices required by applicable Law, including opt-out preferences offered by the Company or its Subsidiaries to end users relating to Personal Information, and (iv) any contractual commitment made by the Company or any Subsidiary of the Company that is applicable to Personal Information, including contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ((i)-(iv) together with Privacy Laws, the “Company Privacy Commitments”)Obligations. (b) The execution and delivery by Each of the Company of this Agreement and the applicable Ancillary Agreements and PCs has notified individuals about whom such Person Processes or directs the consummation Processing of the transactions contemplated hereby and thereby do not and will not (i) require the delivery of any notice to or consent from any Person relating to Personal Information and (ii) conflict with or materially violate any Company Privacy Commitments. For the avoidance of doubt, Data regarding such Person’s Personal Data Processing activities to the extent Personal Information held or controlled required by and in accordance with all applicable Privacy Obligations. The written privacy notices of the Company is “personal information” under and the CCPA, such data is an asset as contemplated by section 1798.140(t)(2)(D). The PCs fully and accurately disclose how the Company and its Subsidiaries currently make, each PC Processes Personal Data about such individuals. Complete and have at all times made, available to individuals (in each case, at or before the moment of collection of Personal Information) privacy policies and such policies are, and have at all times been, accurate, complete and not misleading (including by omission) of the Company’s and its Subsidiaries’ practices in relation to Personal Information and inclusive correct copies of all disclosures required by Privacy Lawswritten privacy notices have been Made Available to Buyer. (c) The To the extent required by the applicable Privacy Obligation, each of the Company and its Subsidiaries have implemented the PCs has contractually obligated all service providers and maintainedcustomers’ outsourcers, and have required their vendors and any processors or other third Person with whom Persons Processing Personal Information is shared or who processes Personal Information on or Data, in each case on behalf of the Company’s or Company and/or the Subsidiaries’ behalf PCs, to implement and maintain(i) comply with applicable Privacy Obligations, commercially (ii) take reasonable technical, physical and organizational measures, security systems and technologies steps to protect such Personal Information owned or controlled by the Company and/or its Subsidiaries and computers, networks, software and systems used by the Company or any Subsidiary of the Company secure Sensitive Data from loss, theft, unauthorized accessor unlawful Processing or other misuse, use(iii) maintain a written information security program that establishes reasonable and appropriate measures to protect the privacy and security of all Sensitive Data against any Security Breach, disclosure (iv) maintain, a written public-facing privacy policy that fully and accurately disclose how much such Person Processes Personal Data, (v) comply with all obligations required to be incorporated into such Contracts by applicable Privacy Obligations and (vi) include contractual obligations that are no less protective than those in this Section 3.14(c) in agreements with such Person’s agreements with other service providers and customers’ outsourcers, processors, or modification (a “Security Incident”)other Persons Processing Personal Data on its behalf. (d) Where the Company or any Each of its Subsidiaries uses a processor to process Personal Information, the processor has provided commercially reasonable guarantees, warranties or covenants in relation to processing of Personal Information, confidentiality, security measures and agreed to compliance with those obligations that are materially sufficient for the Company’s and its Subsidiaries’ compliance with applicable Privacy Laws, and there is in existence a written Contract between the Company and each such processor that complies the PCs has obtained or will obtain any and all necessary rights, permissions, and Permits to permit the transfer of Personal Data in connection with the requirements of transactions, and such transfer will not violate in any material respect any applicable Privacy Laws. To the knowledge of the Company, such processors have not breached any such Contracts pertaining to Personal Information processed by such Persons on behalf of the Company or any of its Subsidiaries. The term “processor” has the meaning assigned to it in the GDPR and the UK DPA as well as “service provider” under the CCPA, as applicableObligations. (e) In Each of the past three Company and the PCs has implemented, maintains and complies with a privacy compliance program that is comprised of appropriate internal processes, policies and controls designed to comply with applicable Privacy Obligations, including (3i) yearsthe appointment of qualified personnel to govern the administration of the privacy compliance program, there (ii) processes to respond to requests regarding Personal Data, (iii) processes to evaluate risks of Personal Data Processing activities of such Person, (iv) the implementation and maintenance of processes for the diligence, contracting and oversight with respect to Persons Processing Personal Data on behalf of such Person and (v) the completion and maintenance of required data flow maps, data processing inventories or records of processing activities, data protection impact assessments, and any other required privacy compliance program documentation or evidence. (f) Each of the Company and the PCs has implemented and maintains a written information security program that is comprised of reasonable and appropriate organizational, physical, administrative and technical safeguards designed to protect the security, confidentiality, integrity and availability of the Company IT Systems including all Sensitive Data Processed thereby against loss, theft, unauthorized or unlawful Processing, or other misuse that are reasonably consistent with (i) reasonable practices in the industry in which such Person operates, (ii) such Person’s Privacy Obligations and (iii) any written public-facing policy adopted by Company related to privacy or information security. Each of the Company and the PCs has implemented reasonable backup and disaster recovery technology and arrangements consistent with industry practices. (g) Each of the Company and the PCs maintains insurance coverage containing industry standard policy terms and limits that are reasonable, appropriate and sufficient to: (i) comply with any Privacy Obligations and (ii) respond to the risk of liability stemming from or relating to any Security Breaches that may impact such Person’s operations or such Person’s IT Assets or from or relating to any violation of applicable Privacy Obligations. (h) Each of the Company and the PCs uses reasonable efforts to inform all employees, agents and consultants to such Person who have access to or Process Sensitive Data of the such Person’s applicable current written privacy and security policies and to execute agreements containing obligations to maintain the confidentiality and security of Sensitive Data. (i) Each of the Company and the PCs has Made Available to Buyer true and complete copies of all current written notices, policies and procedures relating to the Processing and security of Sensitive Data. (j) There have not been no any material Security Incidents and no such Security Incidents are currently threatened. To incidents of, written claims or, to the knowledge Knowledge of the Company, no circumstance has arisen in which Company Privacy Commitments would require oral claims alleging (a) Security Breaches, (b) unauthorized access or unauthorized use of any of the computer systems, network, communication equipment or other technology of the Company or a PC necessary for the operations of such Person, or (c) any Subsidiary unauthorized access or acquisition of any Sensitive Data maintained by the Company or a PC or by any service provider on behalf of such Person. Each of the Company and the PCs has not notified in writing, or been required by applicable Law, Governmental Body or other Privacy Obligation to notify in writing, any Person of any Security Breach. (k) Each of the Company and the PCs has not received any notice of any claims, investigations (including investigations by a Governmental Authority Body), or alleged violations of Laws or other Privacy Obligations with respect to Personal Data under the custody or control of such Person. (l) Each of the Company and the PCs does not, and does not permit any third Person of a Security Incident. There are no Actions by party to, sell, rent or otherwise make available to any Person (including any Governmental Authority) pending to which Personal Data, except as stated in the applicable privacy policies of the Company or any of its Subsidiaries is a named party and, to and the knowledge of the Company, no Actions have been threatened against the Company or any of its Subsidiaries alleging a violation of any Company Privacy Commitments. To the knowledge of the Company, no facts or circumstances exist that would give rise to any such ActionPCs and in compliance with applicable Law.

Privacy and Cybersecurity. (a) The Except as would not have a Company Material Adverse Effect, the Group Companies are, and its Subsidiaries maintain and during the three (3) years prior to the date of this Agreement have at all times been been, in material compliance with (i) Privacy Obligations, Cybersecurity Laws and Data Security Laws, (ii) policies, notices, statements and representations relating to the Processing of Personal Information, (iii) any privacy choices required by applicable Law, including opt-out preferences offered by the Company or its Subsidiaries to end users relating to Personal Information, and (iv) any contractual commitment made by the Company or any Subsidiary of the Company that is applicable to Personal Information, including contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ((i)-(iv) together with Privacy Laws, the “Company Privacy Commitments”). (b) The execution and delivery To the extent required by applicable Privacy Obligations, the Company Group Companies have provided notice to individuals about whom the Group Companies Process or direct the Processing of this Agreement and Personal Data regarding the applicable Ancillary Agreements and the consummation of the transactions contemplated hereby and thereby do not and will not (i) require the delivery of any notice to or consent from any Person relating to Group Company’s Personal Information and (ii) conflict with or materially violate any Company Privacy Commitments. For the avoidance of doubt, to the extent Personal Information held or controlled by the Company is “personal information” under the CCPA, such data is an asset as contemplated by section 1798.140(t)(2)(D). The Company and its Subsidiaries currently makeData Processing activities, and such notice fully and accurately discloses in all material respects how the Group Companies Process Personal Data about such individuals. Complete and correct copies of all written privacy notices have at all times made, been made available to individuals (in each case, at or before the moment of collection of Personal Information) privacy policies and such policies are, and have at all times been, accurate, complete and not misleading (including by omission) of the Company’s and its Subsidiaries’ practices in relation to Personal Information and inclusive of all disclosures required by Privacy LawsSPAC. (c) The Group Companies have, where required by Privacy Laws, contractually obligated third parties Processing Personal Data on behalf of the Group Companies to comply with applicable Privacy Laws. (d) The Group Companies have taken reasonable steps to protect and secure Business Data from loss, theft, unauthorized or unlawful Processing. (e) The Group Companies have contractually obligated all third parties Processing material Business Data on behalf of the Group Companies to (i) comply with applicable Privacy Obligations and (ii) take reasonable steps to protect and secure Business Data from loss, theft, unauthorized or unlawful Processing or other misuse. (f) The Group Companies have obtained or will obtain any and all necessary rights, approvals, permissions, and consents relating to its Processing of Personal Data necessary in connection with the transactions contemplated by this Agreement such that the transaction will not violate in any material respect any Privacy Laws, except to the extent attributable to the actions or omissions of a third party, including the Merger Subs and/or SPAC. (g) The Group Companies have implemented and maintained a written information security program that is comprised of reasonable and appropriate policies and technical, physical, administrative and organizational security measures designed to ensure a level of protection, security, confidentiality, integrity and availability of the information technology software and systems utilized by any Group Company in the operation of the business of the Company and its Subsidiaries have implemented and maintained(“IT Systems”) as appropriate for the risk, and have required their vendors and any other third Person with whom Personal Information is shared or who processes Personal Information on or on behalf of the Company’s or the Subsidiaries’ behalf to implement and maintain, commercially reasonable technical, physical and organizational measures, security systems and technologies including by being designed to protect such Personal Information owned or controlled by the Company and/or its Subsidiaries and computersall Business Data Processed thereby, networks, software and systems used by the Company or any Subsidiary of the Company from against loss, theft, unauthorized access, use, unauthorized disclosure or modification unlawful Processing, or other misuse, as reasonably consistent with (a “Security Incident”)i) reasonable practices in the industry in which the Group Companies operate, and (ii) the Group Companies’ Privacy Obligations, including, but not limited to, business continuity and disaster recovery plans. (dh) Where Except as would not have a Company Material Adverse Effect, during the Company three (3) years prior to the date of this Agreement there has been no Security Incident or other breach of security or unauthorized access by third parties to (i) the IT Systems, (ii) confidential information, or (iii) any of its Subsidiaries uses a processor Personal Data collected, held, or otherwise managed by or, to process Personal Information, the processor has provided commercially reasonable guarantees, warranties or covenants in relation to processing of Personal Information, confidentiality, security measures and agreed to compliance with those obligations that are materially sufficient for the Company’s and its Subsidiaries’ compliance with applicable Privacy Laws, and there is in existence a written Contract between the Company and each such processor that complies with the requirements of applicable Privacy Laws. To the knowledge Knowledge of the Company, such processors have not breached any such Contracts pertaining to Personal Information processed by such Persons on behalf of any Group Company with respect to the business of any Group Company. During the three (3) years prior to the date of this Agreement, no Group Company has been notified in writing, or been required by any Privacy Obligation or Governmental Authority to notify in writing, any Person of any Security Incident. (i) The Group Companies use reasonable efforts to execute agreements with all employees, agents, and consultants to the Company or any its Subsidiaries who have access to or Process Business Data of the Company’s or its Subsidiaries. The term “processor” has ’ containing obligations to maintain the meaning assigned confidentiality and security of Business Data, and where Personal Data is accessed or processed, to it in inform them of the GDPR and the UK DPA as well as “service provider” under the CCPArelevant written Privacy Policies, as if applicable. (ej) In During the past three (3) years, there have been no material Security Incidents and no such Security Incidents are currently threatened. To years prior to the knowledge date of the Companythis Agreement, no circumstance has arisen in which Group Company has: (i) received any written notice of any claims, investigations (including investigations by a Governmental Authority), or alleged material violations of Privacy Commitments would require the Company Obligations; (ii) received any written complaints, correspondence or other communications from or on behalf of an individual or any Subsidiary other personal claiming a right to compensation under any applicable Privacy Obligation, or alleging any material breach of the Company any applicable Privacy Obligation; or (iii) been subject to notify a Governmental Authority or other third Person of a Security Incident. There are no Actions by any Person data protection enforcement action (including any fine or other sanction) from any Governmental Authority) pending Authority with respect to which Personal Data under the Company custody or any of its Subsidiaries is a named party and, to the knowledge control of the Company, no Actions have been threatened against the Company or any of its Subsidiaries alleging a violation of any Company Privacy Commitments. To the knowledge of the Company, no facts or circumstances exist that would give rise to any such ActionGroup Companies.