Common use of Privacy and Cybersecurity Clause in Contracts

Privacy and Cybersecurity. (a) During the past three (3) years, the Company and each of its Subsidiaries are in material compliance with and have at all times complied in all material respects with all Privacy Commitments. The Company and each of its Subsidiaries has established and maintains commercially reasonable technical, physical and organizational measures designed to protect Company Data to which the Company or any of its Subsidiaries has access or otherwise Processes, including against Data Security Breaches. (b) The Company and each of its Subsidiaries in all material respects (i) have obtained all necessary rights, permissions, and consents to permit the transfer of Personal Information in connection with the transactions contemplated by this Agreement; and (ii) will, immediately following the Closing Date, continue to be permitted to Process Personal Information on substantially the same terms to those in effect as of the date of this Agreement. (c) There has been no material Data Security Breach. (d) Neither the Company nor any of its Subsidiaries has received any order, request, warning, reprimand, inquiry, notification, allegation or claims (i) from a Governmental Authority regarding data privacy, cybersecurity, or its data handling or data sharing practices, or (ii) from any Person alleging that it is in violation of or has not complied in any respect with any Privacy Commitment. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries is currently and has not previously been under investigation, or subject to any complaint, audit, proceeding, investigation, enforcement action, inquiry or claim, initiated by any (a) Governmental Authority, (b) state, federal or foreign self-regulating body, or (c) any Person, regarding or alleging that the Processing of Personal Information by the Company or any of its Subsidiaries is in violation of any Privacy Commitment. During the last three (3) years, neither the Company nor any of its Subsidiaries has received a claim in writing from any Person that claimed or threatened to claim any material amount of compensation (or an offer for compensation) from the Company or any of its Subsidiaries under or in connection with any actual or alleged violation of any Privacy Commitment.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries are in material compliance with, and during the three (3) years preceding the date of this Agreement have been in material compliance with, (i) all applicable Privacy Laws, including requirements thereunder to maintain privacy policies and notices regarding Personal Information, (ii) all of the Company’s and its Subsidiaries’ posted or publicly facing privacy policies and notices regarding Personal Information, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, including with respect to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure, or transfer (including cross-borders) of Personal Information. The Company has implemented and maintained policies, procedures and systems as are required by Privacy Laws for receiving and appropriately responding to requests from individuals concerning their Personal Information. None of the Company’s posted or public facing privacy policies or notices regarding Personal Information have contained any material representation or omission likely to mislead any Person acting reasonably under the circumstances to whom such policies or notices are directed. There are no Actions by any Person (including any Governmental Authority), to which the Company or any of the Company’s Subsidiaries is a named party, pending or to the knowledge of the Company threatened against the Company or its Subsidiaries alleging a violation of (i) any Privacy Laws, including with respect to any third Person’s privacy or Personal Information, (ii) applicable privacy policies, or (iii) contractual commitments of the Company or any of the Company’s Subsidiaries with respect to any Personal Information. (b) During the three (3) years preceding the date of this Agreement, (i) there have been no material instances of data breaches, security incidents, or misuse of or unauthorized use of, access to, intrusions into, disruptions of, or data loss involving Company Systems that have not been completely remediated, (ii) the Company and its Subsidiaries have implemented and, for at least the past three (3) years, the Company and each of its Subsidiaries are in material compliance with and have at all times complied in all material respects with all Privacy Commitments. The Company and each of its Subsidiaries has established and maintains commercially reasonable technical, physical and organizational maintained measures designed to protect Personal Information in their possession or control against loss, theft, unauthorized access, use, modification, alteration, destruction, disclosure, or other misuse, including through administrative, technical, and physical safeguards, and (iii) neither the Company Data nor any Subsidiary of the Company has (A) experienced any material incident involving loss, theft, misuse of or unauthorized access to which or disclosure of any Personal Information, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any such incident, nor has any such notice or complaint been threatened in writing against the Company or any of its Subsidiaries has access or otherwise Processes, including against Data Security Breaches. (b) The Company and each of its Subsidiaries in all material respects (i) have obtained all necessary rights, permissions, and consents to permit the transfer of Personal Information in connection with the transactions contemplated by this Agreement; and (ii) will, immediately following the Closing Date, continue to be permitted to Process Personal Information on substantially the same terms to those in effect as of the date of this Agreement. (c) There has been no material Data Security Breach. (d) Company’s Subsidiaries. Neither the Company nor any of its Subsidiaries have provided or been required to provide any notification to any Person in connection with any unlawful, unauthorized or unintended disclosure of Personal Information. The Company has received made available to Acquiror summaries of the results of all penetration tests performed on Company Systems by third parties on behalf of the Company in the past three (3) years and has resolved or remediated any ordervulnerabilities identified therein rated high or critical, request, warning, reprimand, inquiry, notification, allegation or claims implemented compensating controls to mitigate risk to Company Systems or Personal Information arising from such vulnerabilities. Neither the Company nor any third party acting at the direction or authorization of the Company has paid (i) from a Governmental Authority regarding any perpetrator of any data privacy, cybersecurity, breach incident or its data handling or data sharing practices, cyber-attack or (ii) from any Person alleging that it is in violation of third party with actual or has not complied in alleged information about any respect with any Privacy Commitment. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries is currently and has not previously been under investigation, data breach incident or subject to any complaint, audit, proceeding, investigation, enforcement action, inquiry or claim, initiated by any (a) Governmental Authority, (b) state, federal or foreign selfcyber-regulating body, or attack. (c) To the extent required by applicable Privacy Laws, all third-party services providers, outsourcers, processors or other third parties who process, store or otherwise handle any Person, regarding or alleging that the Processing of Personal Information by for or on behalf of the Company or any of its Subsidiaries is in violation have contractually agreed to comply with applicable Privacy Laws and maintain the confidentiality of any Privacy Commitment. During the last three (3) years, neither the Company nor any Personal Information processed on behalf of its Subsidiaries has received a claim in writing from any Person that claimed or threatened to claim any material amount of compensation (or an offer for compensation) from the Company or any of its Subsidiaries, and to protect and secure such Personal Information from loss, theft, misuse or unauthorized access, use, modification, alteration, destruction or disclosure. To the knowledge of the Company, no (i) third party who has provided any Personal Information to the Company and its Subsidiaries under or has done so in connection with any actual or alleged violation of applicable Privacy Laws, including requirements thereunder requiring providing any notice and obtaining any consent required and (ii) Person acting for or on behalf of the Company and any of its Subsidiaries has violated any of the requirements or obligations described in Section 4.22(a). (d) The Company is not subject to any contractual requirements or other legal obligations that, following the Closing, would prohibit Purchaser or Company from receiving, accessing, storing or using any Personal Information in the manner in which the Company received, accessed, stored and used such Personal Information prior to the Closing. The execution, delivery and performance of this Agreement by the Company does not violate its obligations under applicable Privacy CommitmentLaws, the Company’s privacy policies and applicable contractual obligations of the Company regarding its collection, use or disclosure of Personal Information.

Privacy and Cybersecurity. (a) The Group Companies are in material compliance with, and have during the past three (3) years materially complied with: (i) all applicable Privacy Laws; (ii) all of the Group Companies’ policies and notices regarding Personal Information and cybersecurity (“Group Companies’ Privacy Notices”); and (iii) all of the Group Companies’ obligations regarding Personal Information and cybersecurity under any Contracts (collectively, the “Privacy/Data Security Requirements”). None of the Group Companies have received in the three years prior to the date hereof any notice of any claims, charges, inquiries or investigations (including notice from third Persons acting on its or their behalf), relating to, any actual or alleged violation of, any Privacy Laws or contractual obligations with respect to Personal Information or Security Incidents. None of the Group Companies’ Privacy Notices have contained any material omissions. (b) Each of the Group Companies has during the past three (3) years implemented reasonably appropriate security measures regarding the confidentiality, integrity and availability of Company IT Systems and the Personal Information and other confidential business data in its possession, custody, or under its control, including against loss, theft, misuse or accidental or unauthorized access, use, destruction, modification or disclosure. Each of the Group Companies has during the past three (3) years required all third-party service providers, outsourcers, processors or other third Persons who process, store or otherwise handle Personal Information or confidential business data, for or on behalf of such Group Company to comply with applicable Privacy/Data Security Requirements in all material respects and to take appropriate steps to protect and secure the Company IT Systems, and Personal Information and confidential business data in its possession, custody, or under its control, from loss, theft, misuse or accidental or unauthorized access, use, destruction, modification or disclosure. All third-parties who have provided Personal Information to such Group Company during the past three (3) years has done so in compliance in all material respects with applicable Privacy Laws, including providing any notice and obtaining any consent required under such Privacy Laws. (c) During the past three (3) years, there have been no Security Incidents that have compromised the Company confidentiality, integrity, or availability of any Personal Information, or confidential business data, in the possession, custody, or control of any of the Group Companies or collected, used or processed by or on behalf of the Group Companies. None of the Group Companies have provided or been legally or contractually required to provide any notices to any Person in connection with a disclosure of Personal Information, violation of any Privacy Laws, Privacy/Data Security Requirements, or Security Incident in the last three years. During the past three (3) years, the Group Companies have implemented reasonable data security, disaster recovery and each of business continuity plans, procedures, and facilities and taken actions consistent with such plans, to the extent required, to safeguard the data and Personal Information in its Subsidiaries are in material compliance with and have at all times complied in all material respects with all Privacy Commitmentspossession or control. The Company and each of its Subsidiaries has established and maintains conducted commercially reasonable technical, physical data security testing or audits relating to Company IT Systems at reasonable and organizational measures designed to protect Company Data to which the Company appropriate intervals and has resolved or remediated any of its Subsidiaries has access material data security issues or otherwise Processes, including against Data Security Breaches. (b) The Company and each of its Subsidiaries in all material respects (i) have obtained all necessary rights, permissions, and consents to permit the transfer of Personal Information in connection with the transactions contemplated by this Agreement; and (ii) will, immediately following the Closing Date, continue to be permitted to Process Personal Information on substantially the same terms to those in effect as of the date of this Agreement. (c) There has been no material Data Security Breach. (d) Neither the Company nor any of its Subsidiaries has received any order, request, warning, reprimand, inquiry, notification, allegation or claims (i) from a Governmental Authority regarding data privacy, cybersecurity, or its data handling or data sharing practices, or (ii) from any Person alleging that it is in violation of or has not complied in any respect with any Privacy Commitmentvulnerabilities identified. To the Knowledge of the Company, neither any of the Company Group Companies nor any third Person acting at the direction or authorization of its Subsidiaries is currently and such Group Company has not previously been under investigation, paid (i) any perpetrator of any Security Incident or subject to any complaint, audit, proceeding, investigation, enforcement action, inquiry or claim, initiated by any (a) Governmental Authority, (b) state, federal or foreign selfcyber-regulating body, attack or (cii) any Person, regarding or alleging that the Processing of Personal Information by the Company or any of its Subsidiaries is in violation of any Privacy Commitment. During the last three (3) years, neither the Company nor any of its Subsidiaries has received a claim in writing from any third Person that claimed or threatened to claim any material amount of compensation (or an offer for compensation) from the Company or any of its Subsidiaries under or in connection with any actual or alleged violation information about a Security Incident or cyber-attack, pursuant to a request for payment from or on behalf of any Privacy Commitmentsuch perpetrator or other third Person.

Privacy and Cybersecurity. (a) During The Company and its Subsidiaries maintain and are in compliance with, and during the past three (3) yearsyears preceding the date of this Agreement have maintained and been in compliance with, (i) all Privacy and Security Laws, (ii) the Company Company’s and its Subsidiaries’ posted or publicly facing privacy policies and any of the Company’s and its Subsidiaries’ written representations and warranties regarding privacy and security practices, (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries are Subsidiaries’ information technology systems, and (iv) all requirements of applicable industry guidelines, standards, and self-regulatory programs to the extent generally complied with by similarly situated companies in material compliance with and have at all times complied the industry in all material respects with all Privacy Commitments. The which the Company and each of its Subsidiaries conduct their respective operations (including, to the extent applicable, the Payment Card Industry Data Security Standards) in each case of (i)-(iv) above, other than any non-compliance that, individually or in the aggregate, has established not been and maintains commercially reasonable technicalwould not reasonably be expected to be material to the Company and its Subsidiaries, physical and organizational measures designed taken as a whole (the foregoing collectively referred to protect Company Data as the “Privacy Obligations”). There are no Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named party or, to the knowledge of the Company, threatened in writing against the Company or its Subsidiaries has access alleging a violation of any third Person’s Personal Information rights or otherwise Processesrelating to the Company’s or its Subsidiaries practices with respect to data privacy, including against Data data protection or data security. The Company and its Subsidiaries (i) maintain, and have at all times during the three (3) years preceding the date of this Agreement maintained and made available, privacy policies describing their collection, use, disclosure, and other processing of Personal Information, and (ii) have made available to Acquiror true and correct copies of all current versions of such material privacy policies. Such privacy policies have not been misleading, deceptive, or in violation of any Privacy and Security BreachesLaw, in each case, in any material respect. The Company’s performance of this Agreement or any of the transactions contemplated herein will not violate, in any material respect, any of the foregoing Privacy Obligations. (b) During the three (3) years preceding the date of this Agreement (i) there have been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, and (ii) there have been no disruptions in any information technology systems that have or would reasonably be expected to have a Company Material Adverse Effect. The Company and each of its Subsidiaries in all material respects (i) have obtained all necessary rightsestablished, permissionsmaintained, and consents complied with a written information security program (other than any non-compliance that, individually or in the aggregate, has not been and would not reasonably be expected to permit be material to the transfer of Personal Information in connection with the transactions contemplated by this Agreement; Company and its Subsidiaries, taken as a whole), and (ii) willhave taken take commercially reasonable measures, immediately following the Closing Datein each case to protect confidential, continue to be permitted to Process sensitive or Personal Information on substantially in its possession or control against unauthorized access, modification, disclosure or other misuse. To the same terms to those in effect as knowledge of the Company, during the three (3) years preceding the date of this Agreement. (c) There has been no material Data Security Breach. (d) Neither the Company nor any of its Subsidiaries has received any order, request, warning, reprimand, inquiry, notification, allegation or claims (i) from a Governmental Authority regarding data privacy, cybersecurity, or its data handling or data sharing practices, or (ii) from any Person alleging that it is in violation of or has not complied in any respect with any Privacy Commitment. To the Knowledge of the Company, neither the Company nor any Subsidiary of its Subsidiaries is currently and the Company has not previously been under investigation(A) experienced any incident in which such information was stolen or improperly accessed, acquired or subject to otherwise processed, including in connection with a breach of security, in each case, in any complaint, audit, proceeding, investigation, enforcement action, inquiry or claim, initiated by any (a) Governmental Authority, (b) state, federal or foreign self-regulating bodymaterial respect, or (cB) received any Personwritten notice or complaint from any Person with respect to any of the foregoing, regarding nor has any such notice or alleging that the Processing of Personal Information by complaint been threatened in writing against the Company or any of its Subsidiaries is in violation of any Privacy Commitment. During the last three (3) years, neither the Company nor any of its Subsidiaries has received a claim in writing from any Person that claimed or threatened to claim any material amount of compensation (or an offer for compensation) from the Company or any of its Subsidiaries under or in connection with any actual or alleged violation of any Privacy CommitmentCompany’s Subsidiaries.

Privacy and Cybersecurity. (a) During The Company, each of its Subsidiaries and any Person acting for or on the Company’s or any of its Subsidiaries’ behalf complies, and has at all times during the past three (3) yearsyears (in the case of any such Person, during the time such Person was acting for or on behalf of the Company or any of its Subsidiaries) complied, as applicable to the Company or any of its Subsidiaries, in all material respects, with: (i) all applicable Data Protection Laws; (ii) all of the Company’s and each of its Subsidiaries’ policies and notices regarding Personal Information (whether posted to an external-facing website of the Company or any of its Subsidiaries are in material compliance with or otherwise made available or communicated to third parties by the Company or any of its Subsidiaries) (“Company Privacy Notices”); and have at (iii) all times complied in all material respects with all Privacy Commitments. The Company of the Company’s and each of its Subsidiaries has established and maintains commercially reasonable technicalSubsidiaries’ obligations regarding Personal Information, physical and organizational measures designed to protect Company Data to which privacy, or security under any Contract the Company or any of its Subsidiaries has access entered into or otherwise Processesby which it is bound (clauses (i) through (iii), including against collectively, “Data Security BreachesRequirements”). Neither the Company nor any of its Subsidiaries has received in the three (3) years prior to the date of this Agreement any written notice of any investigations, Claims or Assertions (including written notice from third parties acting on its or their behalf) of, or been charged with, the violation of, any Data Security Requirements Laws (and no such investigations, Claim or Assertion or related Legal Proceeding is currently pending or, to the Knowledge of the Company, threatened). The Company Privacy Notices have not contained any material omissions or been inaccurate, misleading or deceptive. (b) The Company and each of its Subsidiaries in all material respects has (i) have obtained implemented and maintained commercially reasonable security regarding the confidentiality, integrity and availability of the Company IT Systems and all necessary rightsinformation stored or transmitted thereon, permissions, and consents including to permit the transfer of protect Personal Information and other confidential business data, in connection with the transactions contemplated by this Agreementits possession, custody, or under its control against loss, theft, misuse or unauthorized access, modification, destruction, or disclosure; and (ii) willensured that all third-party service providers, immediately following the Closing Dateoutsourcers, continue to be permitted to Process processors or other third parties who process, store or otherwise handle Personal Information and other confidential business data for or on substantially the same terms to those in effect as behalf of the date Company or any of this Agreementits Subsidiaries have agreed to (A) comply with applicable Data Protection Laws, and (B) take commercially reasonable steps to protect and secure Personal Information and other confidential business data from loss, theft, misuse or unauthorized access, use, modification, destruction or disclosure. To the Knowledge of the Company, all third parties who have provided Personal Information and other confidential business data to the Company or any of its Subsidiaries during the past three (3) years has done so in compliance with applicable Data Protection Laws, including providing any notice and obtaining any consent required under such Data Protection Laws. (c) There has To the Knowledge of the Company, during the past three (3) years, (i) there have been no breaches, security incidents, misuse of, or unauthorized access to, or unauthorized transfer, destruction, disclosure or modification of the Company IT Systems, or of any Personal Information or other confidential business data in the possession, custody or control of the Company or any of its Subsidiaries or collected, used or processed by or on behalf of the Company or any of its Subsidiaries and (ii) neither the Company nor any of its Subsidiaries has provided or been legally or contractually required to provide any notices to any Person in connection with a disclosure of Personal Information or information technology security related incident. The Company and each of its Subsidiaries has implemented commercially reasonable disaster recovery and business continuity plans, and taken actions consistent with such plans, to the extent required, to safeguard Personal Information and other confidential, business information in its possession, custody or control. The Company and each of its Subsidiaries has conducted commercially reasonable data security testing or audits at reasonable and appropriate intervals and has resolved or remediated any material Data Security Breachdata security issues or vulnerabilities identified thereby. Neither the Company, any of its Subsidiaries nor, to the Knowledge of the Company, third party acting at the direction or authorization of the Company or any of its Subsidiaries has paid: (x) any perpetrator of any data breach incident or cyber-attack; or (y) any third party with actual or alleged information about a data breach incident or cyber-attack, pursuant to a request for payment from or on behalf of such perpetrator or other third party. (d) Neither the Company nor any of its Subsidiaries has received any order, request, warning, reprimand, inquiry, notification, allegation or claims (i) from a Governmental Authority regarding data privacy, cybersecurity, or its data handling or data sharing practices, or (ii) from any Person alleging that it is in violation of or has not complied in any respect with any Privacy Commitment. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries is currently and has not previously been under investigation, or subject to any complaintcontractual requirements or other legal obligations that, auditfollowing the Closing, proceedingwould prohibit Parent from receiving, investigationaccessing, enforcement action, inquiry or claim, initiated by any (a) Governmental Authority, (b) state, federal or foreign self-regulating bodystoring, or (c) any Person, regarding or alleging that the Processing of using Personal Information by in the manner in which the Company and its Subsidiaries received, accessed, stored, and used such Personal Information prior to the Closing. The execution, delivery, and performance of this Agreement complies with all applicable Data Protection Laws, and with the privacy policies and applicable contractual obligations of the Company or any of its Subsidiaries is in violation of any Privacy Commitment. During the last three (3) years, neither the Company nor any of its Subsidiaries has received a claim in writing from any Person that claimed or threatened to claim any material amount of compensation (or an offer for compensation) from the Company or any of its Subsidiaries under or in connection with any actual or alleged violation of any Privacy CommitmentSubsidiaries.

Privacy and Cybersecurity. (a) During The Company and its Subsidiaries maintain appropriate, and are in compliance with, as applicable, and during the past three (3) yearsyears preceding the date of this Agreement have maintained appropriate, and been in compliance with, as applicable, (i) all applicable Laws, rules, policies, standards and requirements of applicable industry and self-regulatory organizations, (ii) the Company’s and its Subsidiaries’ policies (the “Privacy Policies”), and (iii) the Company’s and its Subsidiaries’ contractual obligations, in each case, concerning cybersecurity, Personal Information (and the collection, processing, storage, use, disclosure, retention, disposal, transfer and/or protection of same (collectively, “Processing”)), data privacy and security and the security of the IT Systems (collectively, (i)-(iii), “Personal Information Laws and Policies”), in each of clauses (i) - (iii), other than any non-compliance that, individually or in the aggregate, would not reasonably be expected to be materially adverse to the Company and each of its Subsidiaries Subsidiaries, taken as a whole. There are in material compliance with and have at all times complied in all material respects with all Privacy Commitments. The Company and each of its Subsidiaries has established and maintains commercially reasonable technical, physical and organizational measures designed to protect Company Data no Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named party or threatened in writing against the Company or its Subsidiaries has access or otherwise Processes, including against Data Security Breaches. (b) The Company alleging a violation of any Personal Information Laws and each of its Subsidiaries in all material respects (i) have obtained all necessary rights, permissionsPolicies, and consents to permit there have been no such Actions brought against the transfer of Personal Information in connection with the transactions contemplated by this Agreement; and (ii) will, immediately following the Closing Date, continue to be permitted to Process Personal Information on substantially the same terms to those in effect as Company or any of the date of this Agreement. (c) There has been no material Data Security Breach. (d) Neither the Company nor any of its Subsidiaries has received any order, request, warning, reprimand, inquiry, notification, allegation or claims (i) from a Governmental Authority regarding data privacy, cybersecurity, or its data handling or data sharing practices, or (ii) from any Person alleging that it is in violation of or has not complied in any respect with any Privacy CommitmentCompany’s Subsidiaries. To the Knowledge knowledge of the Company, neither the Company nor any Subsidiary of the Company has received any written notice from any Person relating to an alleged violation of Personal Information Laws and Policies, other than any claim that, individually or in the aggregate, would not reasonably be expected to be material to the Company and its Subsidiaries is currently and has not previously been under investigationSubsidiaries, or subject to any complaint, audit, proceeding, investigation, enforcement action, inquiry or claim, initiated by any (a) Governmental Authority, taken as a whole. (b) stateThe IT Systems are in good repair and operating condition and are sufficient (including with respect to working condition, federal performance and capacity) in all material respects for the purposes of the business of the Company and its Subsidiaries as currently conducted. During the three (3) years preceding the date of this Agreement (i) there have been no breaches, unauthorized uses of or foreign self-regulating bodyunauthorized access to, breakdowns, malfunctions, persistent substandard performance, data losses, failures or other defects in the IT Systems (or the data Processed thereby), or (c) any other incident that caused any disruption to or interruption in or to the use of such IT Systems or the conduct of the business of the Company and its Subsidiaries other than those that were resolved without material cost, liability or the duty to notify any Person. The Company and its Subsidiaries take, regarding and during the three (3) years preceding the date of this Agreement have taken, commercially reasonable, appropriate and legally compliant measures designed to protect confidential, sensitive or alleging that the Processing of Personal Information Processed by the Company or any of its Subsidiaries is in violation of against unauthorized access, use, modification, loss, disclosure or other misuse, including through administrative, technical and physical safeguards, and the Company and its Subsidiaries have timely and reasonably remediated and addressed any Privacy Commitmentand all material audit findings related to the IT Systems. During the last three (3) years, neither Neither the Company nor any Subsidiary of its Subsidiaries the Company has (A) experienced any incident in which such information was stolen, lost or improperly accessed, including in connection with a breach of security, or (B) received a claim in writing any written notice or complaint or Action from any Person that claimed (including any Governmental Authority) with respect to any of the foregoing, nor has any such notice or complaint or Action been threatened to claim any material amount of compensation (or an offer for compensation) from in writing against the Company or any of its Subsidiaries under or in connection with any actual or alleged violation of any Privacy Commitmentthe Company’s Subsidiaries.