Common use of Privacy and Data Protection Clause in Contracts

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except such breaches, compromises or incidents that have not, singly or in the aggregate, resulted in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has and its subsidiaries have operated its their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has and its subsidiaries have been and is are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company has and its subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company Company, its subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has and its subsidiaries have used commercially reasonable efforts to establish, and has have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the CompanyCompany and its subsidiaries. To the Company’s knowledge, the The Company has and its subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have would not, singly individually or in the aggregate, resulted in a Material Adverse Effectbe material to the Company or any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has and its subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and has taken reasonably appropriate steps designed to assure compliance with such policies and procedures. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has and its Subsidiaries have operated its their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has and its Subsidiaries have been and is are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company has and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package Statement and in the Prospectus. The Company has and its Subsidiaries have used commercially reasonable efforts to establish, and has have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the CompanyCompany and its Subsidiaries. To the Company’s knowledge, the The Company has and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have would not, singly individually or in the aggregate, resulted in a Material Adverse Effectbe material to the Company or any of its Subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its subsidiaries own or have a valid right to access and use all material computer systems, networks, hardware, software, databases, websites, and equipment used to process, store, maintain and operate data, information, and functions used in connection with the business of the Company and its subsidiaries (the “Company IT Systems”). The Company IT Systems (i) are adequate for, and operate and perform in all material respects as required in connection with, the operation of the business of the Company and its subsidiaries as currently conducted, and (ii) are free of any viruses, “back doors,” “Trojan horses,” “time bombs,” “worms,” “drop dead devices” or other software or hardware components that are designed to interrupt use of, permit unauthorized access to, or disable, damage or erase, any software material to the business of the Company or any of its subsidiaries, except in the case of (i) and (ii) as would not be reasonably be expected to result in a Material Adverse Effect. The Company and its subsidiaries have implemented commercially reasonable backup, security and disaster recovery technology consistent in all material respects with applicable regulatory standards and customary industry practices. To the knowledge of the Company, no third party has operated its business breached or compromised the integrity or security of the Company IT Systems in a manner compliant which would reasonably be expected to result in a Material Adverse Effect. The Company and its subsidiaries have at all times complied in all material respects with all United States federal, state, local and non-United States applicable Laws relating to privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis the collection and use of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data information collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable informationused, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business or any of the Company as now operated and as currently proposed to be conducted as described its subsidiaries in the Registration Statementconduct of its business. No claims have been asserted or, in the General Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, threatened against the Company has or any subsidiary alleging a violation of any person’s privacy or personal information or data rights, and the consummation of the transactions contemplated hereby will not suffered breach or incurred otherwise cause any security breachesviolation of any Law related to privacy, compromises data protection, or incidents with respect to the collection and use of personal information collected, used, or held for use by the Company or any Company IT Asset or Sensitive Company Data, except such breaches, compromises or incidents that have not, singly or of its subsidiaries in the aggregate, resulted in a Material Adverse Effect; and there has been no unauthorized or illegal use conduct of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effectits business. The Company has not been required and its subsidiaries take reasonable measures to notify any individual of any ensure that such information security breachis protected against unauthorized access, compromise use, modification, or incident involving Sensitive Company Dataother misuse.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance with such policies and procedures. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the The Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no No unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated and its business in a manner compliant in all material respects Subsidiaries have complied with all United States federal, state, local and non-United States privacyprivacy (including, but not limited to, the General Data Protection Regulation (EU) 2016/679, “GDPR”), data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data, except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect. The In each case except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect, the Company has and its Subsidiaries have been and is are in compliance in all material respects with (1) internal policies and procedures designed to appropriately ensure the integrity and security of the data collected, handled or stored in connection with its business; and (2) internal policies and procedures designed to appropriately ensure compliance with the Health Care Laws that govern privacy and data security and take, and the Company has taken appropriate steps designed to ensure compliance with such internal policies and procedures. The Company has and its Subsidiaries have taken commercially reasonable appropriate steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the French Disclosure Document, the General Disclosure Package and in the Prospectus. The Company has and its Subsidiaries have used commercially reasonable efforts to establish, and has have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the CompanyCompany and its Subsidiaries. To the Company’s knowledge, the The Company has and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and to the Company’s knowledge there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their its documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has and the Subsidiary have operated its their business in a manner compliant in all material respects with all United States federal, state, state and local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has and the Subsidiary have been and is are in compliance in all material respects with internal policies and procedures designed to ensure protect the integrity and security of the data collected, handled or stored in connection with its their business; the Company and the Subsidiary have been and are in compliance in all material respects with internal policies and procedures designed to promote compliance with the Health Care Laws that govern privacy and data security and take and have taken reasonably appropriate steps designed to attain compliance with such policies and procedures. The Company has and the Subsidiary have taken commercially reasonable steps to maintain the confidentiality of its the personally identifiable information, protected health information, consumer information and other confidential information of the Company Company, the Subsidiary and any third parties in its their possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and the Subsidiary (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and the Subsidiary as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, the Subsidiary have established commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the CompanyCompany and the Subsidiary. To the Company’s knowledge, after due inquiry, (i) the Company has and the Subsidiary have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except such breaches, compromises or incidents that have not, singly or in the aggregate, resulted in a Material Adverse Effect; and (ii) there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has and the Subsidiary have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has and its subsidiaries have operated its their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal datadata except where any noncompliance would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company has and its subsidiaries have been and is are in compliance in all material respects with internal their respective published privacy policies and with their internal security procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its businessbusiness except where any noncompliance would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company has and its subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its the personally identifiable information, protected health information, consumer information and other confidential information that they process in connection with their operation of the Company and any third parties in its possession business (“Sensitive Company Data”). The To the knowledge of the Company, the tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has and its subsidiaries have used commercially reasonable efforts to establish, and has have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the CompanyCompany and its subsidiaries. To the knowledge of the Company’s knowledge, neither the Company nor its subsidiaries has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; ;. For the past three years, to the knowledge of the Company, the Company and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, its subsidiaries have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Company Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse EffectChange; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse EffectChange. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset Assets or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and and, to the Company's knowledge, there has been no unauthorized or illegal use of or access to any Company IT Asset Assets or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset Assets or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset Assets or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Final Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Except where failure to comply would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, in each case, (i) the Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The , and (ii) the Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The Except where failure to comply would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, in each case, (i) the tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Registration StatementStatements, in the General Time of Sale Disclosure Package and in the Prospectus. The , and (ii) the Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have would not, singly individually or in the aggregate, resulted reasonably be expected to result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected tonot, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. The To the Company’s knowledge, the Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data, except where the failure to give such notice would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Privacy and Data Protection. The Company has and its subsidiaries have operated its their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal datadata except where any noncompliance would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company has and its subsidiaries have been and is are in compliance in all material respects with internal their respective published privacy policies and with their internal security procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its businessbusiness except where any noncompliance would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company has and its subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its the personally identifiable information, protected health information, consumer information and other confidential information that they process in connection with their operation of the Company and any third parties in its possession business (“Sensitive Company Data”). The To the knowledge of the Company, the tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has and its subsidiaries have used commercially reasonable efforts to establish, and has have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the CompanyCompany and its subsidiaries. To the knowledge of the Company’s knowledge, neither the Company nor its subsidiaries has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. For the past three years, except where such unauthorized or illegal use or access would not reasonably be expected toto the knowledge of the Company, individually or in the aggregate, Company and its subsidiaries have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Company Registration Statement, in the General Disclosure Package Statement and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse EffectChange; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse EffectChange. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated its business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business. The Company has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and as currently proposed to be conducted as described in the Company Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company. To the Company’s knowledge, the Company has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company has operated and its Subsidiaries operate their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company has been and is its Subsidiaries are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its Subsidiaries are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take reasonably appropriate steps designed to assure compliance with such policies and procedures. The Company has and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Disclosure Package and in the Prospectus. The Company has used commercially reasonable efforts to establish, and has established, its Subsidiaries have established commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the CompanyCompany and its Subsidiaries. To the knowledge of the Company’s knowledge, the Company has and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly individually or in the aggregate, resulted result in a Material Adverse Effect; and to the knowledge of the Company, there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect. The Company has and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Except as would not, individually or in the aggregate, have a Material Adverse Effect, (i) the Company has and its Subsidiaries have operated its their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The , (ii) the Company has and its Subsidiaries have been and is are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of Sensitive Company Data; (iii) the Company and its Subsidiaries have been and are in compliance in all respects with internal policies and procedures designed to ensure compliance by the Company and its Subsidiaries with applicable Health Care Laws that govern privacy and data collectedsecurity and take, handled or stored in connection and have taken reasonably appropriate steps designed to assure compliance with such policies and procedures; and (iv) the Company and its business. The Company has Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, personally identifiable consumer information and other confidential information of the Company Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries and in their possession or otherwise in their operational control (the “Company IT Assets”) are in all material respects adequate with respect to capacity and operational for, in accordance with their documentation and functional specifications, the business of the Company as now operated and its Subsidiaries as currently proposed to be conducted operated as described in the Registration StatementStatement and the Prospectus, except in each case as would not, singly or in the General Disclosure Package aggregate, be expected to be material to the Company and in the Prospectusits Subsidiaries, taken as a whole. The Company has and its Subsidiaries have used commercially reasonable efforts to establish, and has have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respectsbusiness, including, without limitation, for the Company IT Assets and data held Sensitive Company Data, except in each case as would not, singly or used by or for in the Companyaggregate, be expected to be material to the Company and its Subsidiaries, taken as a whole. To the knowledge of the Company’s knowledge, the Company has and its Subsidiaries have not (i) suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents that have notwould not reasonably be expected to, singly or in the aggregate, resulted result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, individually or in the aggregate, (ii) have a Material Adverse Effect. The Company has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data. Any certificate signed by an officer of the Company and delivered to the Agent or to counsel for the Agent pursuant to or in connection with this Agreement shall be deemed to be a representation and warranty by the Company, as applicable, to the Agent as to the matters set forth therein.