Common use of Privacy and Cybersecurity Clause in Contracts

Privacy and Cybersecurity. (a) Except as disclosed on Section 3.15(a) of the Company Disclosure Letter or as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect, each of the Group Companies, and, to the Knowledge of the Company, any Person acting for or on behalf of any of the Group Companies have in the past three years materially complied with (i) all applicable Privacy Laws, (ii) all of such Group Company’s binding and applicable policies and notices regarding the Processing of Personal Information, and (iii) all of such Group Company’s applicable contractual obligations with respect to cybersecurity and the receipt, collection, compilation, use, storage, Processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) of Personal Information (the items referred to in clauses (i) through (iv), collectively “Privacy and Cybersecurity Requirements”). Except as disclosed on Section 3.15(a) of the Company Disclosure Letter, none of the Group Companies have in the past three years (a) received any written notice of (including from individuals exercising their rights under Privacy Laws), or claims of (including written notice from third parties acting on its or their behalf),a violation of any Privacy and Cybersecurity Requirements, except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect; (b) been subject to any notices or requests from any Governmental Authority in relation to their data Processing activities, except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect; or (c) been subject to any written notice, threatened investigation, investigation or charge from any Governmental Authority regarding any actual or alleged violation of, or failure to comply with, any Privacy and Cybersecurity Requirements, nor, to the Knowledge of the Company, has any Person initiated or pursued any Action relating to actual or alleged non-compliance by any Group Company with respect to Privacy and Cybersecurity Requirements.

Privacy and Cybersecurity. (a) Except The Company and its Subsidiaries maintain appropriate, and are in compliance with, as disclosed on Section 3.15(aapplicable, and during the three (3) years preceding the date of this Agreement have maintained appropriate, and been in compliance with, as applicable, (i) all applicable Laws, rules, policies, standards and requirements of applicable industry and self-regulatory organizations, (ii) the Company’s and its Subsidiaries’ policies (the “Privacy Policies”), and (iii) the Company’s and its Subsidiaries’ contractual obligations, in each case, concerning cybersecurity, Personal Information (and the collection, processing, storage, use, disclosure, retention, disposal, transfer and/or protection of same (collectively, “Processing”)), data privacy and security and the security of the Company Disclosure Letter or as would notIT Systems (collectively, (i)-(iii), “Personal Information Laws and Policies”), in each of clauses (i) - (iii), other than any non-compliance that, individually or in the aggregate, would not reasonably be expected to have be materially adverse to the Company and its Subsidiaries, taken as a whole. There are no Actions by any Person (including any Governmental Authority) pending to which the Company Material Adverse Effect, each or any of the Group CompaniesCompany’s Subsidiaries is a named party or threatened in writing against the Company or its Subsidiaries alleging a violation of any Personal Information Laws and Policies, and, to and there have been no such Actions brought against the Knowledge Company or any of the Company’s Subsidiaries. To the knowledge of the Company, neither the Company nor any Person acting for or on behalf of any of the Group Companies have in the past three years materially complied with (i) all applicable Privacy Laws, (ii) all of such Group Company’s binding and applicable policies and notices regarding the Processing of Personal Information, and (iii) all of such Group Company’s applicable contractual obligations with respect to cybersecurity and the receipt, collection, compilation, use, storage, Processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) of Personal Information (the items referred to in clauses (i) through (iv), collectively “Privacy and Cybersecurity Requirements”). Except as disclosed on Section 3.15(a) Subsidiary of the Company Disclosure Letter, none of the Group Companies have in the past three years (a) has received any written notice of (including from individuals exercising their rights under Privacy Laws), or claims of (including written notice from third parties acting on its or their behalf),a any Person relating to an alleged violation of Personal Information Laws and Policies, other than any Privacy and Cybersecurity Requirements, except as would notclaim that, individually or in the aggregate, would not reasonably be expected to have a Company Material Adverse Effect; (b) been subject to any notices or requests from any Governmental Authority in relation to their data Processing activities, except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect; or (c) been subject to any written notice, threatened investigation, investigation or charge from any Governmental Authority regarding any actual or alleged violation of, or failure to comply with, any Privacy and Cybersecurity Requirements, nor, material to the Knowledge of the CompanyCompany and its Subsidiaries, has any Person initiated or pursued any Action relating to actual or alleged non-compliance by any Group Company with respect to Privacy and Cybersecurity Requirementstaken as a whole.

Privacy and Cybersecurity. The Company Group are presently in compliance with all (ai) Except as disclosed on Section 3.15(aapplicable laws, statutes, regulations, rules, guidelines, standards, judgments, and orders of any Governmental Entity related to data privacy, data protection, or data security (collectively, “Privacy Laws”), (ii) the internal and publicly facing written privacy policies of the Company Disclosure Letter Group, (iii) third party privacy or data security obligations that the Company Group have been or are contractually obligated to comply with, (iv) any rules of any applicable self-regulatory organizations in which the Company Group are or have been a member or are or have been contractually obligated to comply with, and (v) consents or other authorizations obtained by the Company Group that are related to privacy, security, data protection or the processing of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular individual or is otherwise is subject to any applicable Privacy Laws (collectively, “Privacy Obligations”), except for such non-compliance that would not, individually or in the aggregate, reasonably be expected to be material to the Company Group, considered as one enterprise. Except as would not, individually or in the aggregate, reasonably be expected to have a be material to the Company Material Adverse EffectGroup, each considered as one enterprise, (A) there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to any of the Group CompaniesCompany Group’s information technology and computer systems, andnetworks, to hardware, software, data and databases (including the Knowledge data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the CompanyCompany Group, and any Person acting for such data processed or stored by third parties on behalf of any of the Group Companies have in the past three years materially complied with Company Group), equipment or technology (i) all applicable Privacy Lawscollectively, “IT Systems and Data”), (iiB) all of such Group Company’s binding and applicable policies and notices regarding the Processing of Personal Information, and (iii) all of such Group Company’s applicable contractual obligations with respect to cybersecurity and the receipt, collection, compilation, use, storage, Processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) of Personal Information (the items referred to in clauses (i) through (iv), collectively “Privacy and Cybersecurity Requirements”). Except as disclosed on Section 3.15(a) no member of the Company Disclosure LetterGroup has been notified of, none and each of them have no knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT Systems and Data and (C) the Company Group Companies have in implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the past three years (a) received any written notice integrity, continuous operation, redundancy and security of (including from individuals exercising their rights under Privacy Laws)IT Systems and Data reasonably consistent with industry standards and practices, or claims of (including written notice from third parties acting on its or their behalf),a violation of any as required by applicable Privacy and Cybersecurity Requirements, except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect; (b) been subject to any notices or requests from any Governmental Authority in relation to their data Processing activities, except as would not, individually or in the aggregate, reasonably be expected to have a Company Material Adverse Effect; or (c) been subject to any written notice, threatened investigation, investigation or charge from any Governmental Authority regarding any actual or alleged violation of, or failure to comply with, any Privacy and Cybersecurity Requirements, nor, to the Knowledge of the Company, has any Person initiated or pursued any Action relating to actual or alleged non-compliance by any Group Company with respect to Privacy and Cybersecurity RequirementsObligations.