Common use of Privacy and Cybersecurity Clause in Contracts

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the three (3) years preceding the date of this Agreement have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information (collectively, “Privacy Laws”), (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been and would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole. There are no Legal Proceedings by any Person (including any Governmental Authority) in connection with which the Company or any of the Company’s Subsidiaries is a named party nor, to the knowledge of the Company, is any such Legal Proceeding threatened in writing against the Company or its Subsidiaries alleging a violation of any Privacy Laws or any third Person’s privacy or personal information rights. (b) During the three (3) years preceding the date of this Agreement (i) there have been no breaches of the security of the information technology systems of the Company and its Subsidiaries, which required notification to any Person (including Governmental Authority) and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations, taken as a whole. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in their possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. Neither the Company nor any Subsidiary of the Company has (A) experienced any data security breach in which personally identifiable information or other sensitive or confidential data was unlawfully accessed, and which required notification to any Person (including Governmental Authority), or (B) received any written notice or complaint from any.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the past three (3) years preceding the date of this Agreement have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information (collectivelyprivacy, “Privacy Laws”)data security, and data protection, (ii) the Company’s and its Subsidiaries’ posted or publicly facing internal and external privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning privacy, data protection, cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been and that would not reasonably be expected to be have a material to effect on the Company and its Subsidiaries, taken Subsidiaries as a whole. There are no Legal Proceedings by any Person (including any Governmental Authority) in connection with pending to which the Company or any of the Company’s Subsidiaries is a named party noror, to the knowledge of the Company, is any such Legal Proceeding threatened in writing against the Company or its Subsidiaries alleging a violation of any Privacy Laws applicable Law relating to privacy, data security, and/or data protection, or of any third Person’s privacy or personal information rightsrights and there have been no such Legal Proceedings during the past three (3) years. (b) During Except as set forth on Section 4.22(b) of the Company Disclosure Letter, during the past three (3) years preceding the date of this Agreement (i) there have been no unauthorized intrusions nor material breaches of the security of the information technology systems of the Company and and/or its Subsidiaries, which required notification to any Person (including Governmental Authority) and (ii) there have been no disruptions in any information technology systems of the Company or its Subsidiaries that materially adversely affected have been material to the Company’s Company and its Subsidiaries’ business or operations, taken Subsidiaries as a whole. The Each of the Company and its Subsidiaries take have implemented (A) commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable personal information in their possession possession, custody, or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards; (B) commercially reasonable security controls and disaster recovery plans and procedures for the Company IT Systems to ensure the confidentiality, integrity and availability of the Company IT Systems and the data processed by such Company IT Systems, including backup, anti-virus, security and disaster recovery technology, policies and procedures consistent with applicable legal and regulatory standards and customary industry practices; and (C) commercially reasonable security designed to prevent unauthorized access to, or control of, the Company’s and its Subsidiaries’ products. (c) Neither the Company nor any Subsidiary of the Company has experienced any material incident impacting the confidentiality, integrity, or availability of any personal information, or any information technology systems, networks, or Software owned and/or used by the Company or any of its Subsidiaries and none of the Company or its Subsidiaries has suffered any other material personal data breach (as defined in the General Data Protection Regulation (EU) 2016/679). Neither the Company nor any Subsidiary of the Company has (A) experienced any data security breach in which personally identifiable information or other sensitive or confidential data was unlawfully accessed, and which required notification to any Person (including Governmental Authority), or (B) received any written notice or complaint from anyany Person, or provided any written notice to any Person, with respect to any material violation of their privacy, data security, and data protection practices or obligations, nor has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the last three (3) years preceding the date of this Agreement have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information (collectivelyinformation, “Privacy Laws”)including the Personal Data Protection Axx 0000 of Singapore, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been and would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole. There are no Legal Proceedings Actions by any Person (including any Governmental Authority) in connection with pending to which the Company or any of the Company’s Subsidiaries is a named party norparty, or as to the knowledge of the Company, is any such Legal Proceeding threatened in writing against which the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any Privacy Laws or any third Person’s privacy or personal information rights. (b) During Except as set forth in Section 5.22(b) of the Company Disclosure Letter, during the last three (3) years preceding the date of this Agreement (i) there have been been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, which required notification to any Person (including Governmental Authority) and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations, taken as a whole. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in their its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. Neither To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any data security breach incident in which personally identifiable such information was stolen or other sensitive or confidential data was unlawfully improperly accessed, and which required notification to any Person (including Governmental Authority)in connection with a material breach of security, or (B) received any written notice or complaint from anyany Person with respect to any of the foregoing, nor has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries, save as would not materially adversely affect the Company’s and its Subsidiaries’ business or operations.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the three (3) years preceding the date of this Agreement since November 18, 2022 have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information (collectivelyinformation, “Privacy Laws”)including the Personal Data Protection Act 2012 of Singapore, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been and would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole. There are no Legal Proceedings Actions by any Person (including any Governmental Authority) in connection with pending to which the Company or any of the Company’s Subsidiaries is a named party norparty, or as to the knowledge of the Company, is any such Legal Proceeding threatened in writing against which the Company or any of its Subsidiaries has received a threat in writing, alleging a violation of any Privacy Laws or any third Person’s privacy or personal information rights. (b) During Except as set forth in Section 5.22(b) of the three (3) years preceding the date of this Agreement Company Disclosure Letter, since November 18, 2022 (i) there have been been, no material breaches of the security of the information technology systems of the Company and its Subsidiaries, which required notification to any Person (including Governmental Authority) and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations, taken as a whole. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in their its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. Neither To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has (A) experienced any data security breach incident in which personally identifiable such information was stolen or other sensitive or confidential data was unlawfully improperly accessed, and which required notification to any Person (including Governmental Authority)in connection with a material breach of security, or (B) received any written notice or complaint from anyany Person with respect to any of the foregoing, nor has any such notice or complaint been threatened in writing against the Company or any of the Company’s Subsidiaries, save as would not materially adversely affect the Company’s and its Subsidiaries’ business or operations.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance with, and during the three (3) years preceding the date of this Agreement have maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information (collectively, “Privacy Laws”)information, (ii) the Company’s and its Subsidiaries’ posted or publicly facing privacy policies, and (iii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, personal information and data privacy and security and the security of the Company’s and each of its Subsidiaries’ information technology systemssystems (collectively, (i)-(iii), “Personal Information Laws and Policies”), in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been and would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole. There are no Legal Proceedings Actions by any Person (including any Governmental Authority) in connection with pending to which the Company or any of the Company’s Subsidiaries is a named party noror, to the knowledge of the Company, is any such Legal Proceeding threatened in writing against the Company or its Subsidiaries alleging a violation of any Privacy Personal Information Laws or and Policies. During the three (3) years preceding the date of this Agreement, neither the Company nor any third Person’s privacy or personal information rightsSubsidiary of the Company has received any written notice from any Person (including any Governmental Authority) relating to an alleged violation of Personal Information Laws and Policies. (b) During the three (3) years preceding the date of this Agreement (i) there have been no material breaches of the security of the information technology systems of the Company and its Subsidiaries, which required notification to any Person (including Governmental Authority) and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s and its Subsidiaries’ business or operations, taken as a whole. The Company and its Subsidiaries take commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in their its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. Neither To the knowledge of the Company, in the three (3) years preceding the date of this Agreement, neither the Company nor any Subsidiary of the Company has (A) experienced any data security breach incident in which personally identifiable such information was stolen or other sensitive or confidential data was unlawfully improperly accessed, and which required notification to any Person (including Governmental Authority)in connection with a breach of security, or (B) received any written notice or complaint from anyany Person (including any Governmental Authority) with respect to any of the foregoing, nor has any such notice or complaint, to the knowledge of the Company, been threatened against the Company or any of the Company’s Subsidiaries.