Common use of Privacy and Data Protection Clause in Contracts

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote compliance with the laws and regulations that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of personally identifiable information, protected health information, and information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries), except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have has operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data, including, HIPAA, HITECH, the FTC Act, the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and all applicable national laws implementing or supplementing the GDPR and all related national laws, regulations and secondary legislation. The Company and its Subsidiaries have has been and are is in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have has been and are is in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have has taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and personal data, consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries Company and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have has used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its SubsidiariesCompany. The Company and its Subsidiaries have has not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information have not been notified of their respective customersand have no knowledge of any event or condition that would reasonably be expected to result in any security breaches, employees, suppliers, vendors and any third party data maintained, processed compromises or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)incidents, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have has not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Pricing Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly individually or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries the Subsidiary have operated their business in a manner compliant in all material respects with all United States federal, state, state and local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries the Subsidiary have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect the integrity and security of the data collected, handled or stored in connection with its their business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries the Subsidiary have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, take and have taken reasonably appropriate steps designed to attain compliance with such policies and procedures. The Company and its Subsidiaries the Subsidiary have taken commercially reasonable steps to maintain the confidentiality of the personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries the Subsidiary and any third parties in its their possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries the Subsidiary (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries the Subsidiary as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries the Subsidiary have used reasonable efforts to establish, and have established, established commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiariesthe Subsidiary. The To the Company’s knowledge, after due inquiry, (A) the Company and its Subsidiaries the Subsidiary have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries), except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse EffectData; and (B) there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries the Subsidiary have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, state and local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its their business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of their personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its their possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries), except where such breaches, compromises or incidents would not reasonably be expected to, singly individually or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote compliance with the laws and regulations that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries, and the Company and its Subsidiaries have been and are in compliance with internal policies and procedures reasonably designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken, reasonably appropriate steps designed to assure compliance with such policies and procedures. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries), except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse EffectData; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party; in each case, except where such unauthorized or illegal breaches, compromises, incidents, use or access access, would not reasonably be expected tonot, singly individually or in the aggregate, result in a Material Adverse Effectbe material to the Company or any of its Subsidiaries. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data. The Company is presently in material compliance with all applicable laws and contractual obligations relating to the privacy and security of the Company IT Assets and Sensitive Company Data.

Privacy and Data Protection. The Company and each of its Subsidiaries subsidiaries have operated their business respective businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s Company and its subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries subsidiaries have taken commercially all reasonable steps necessary to maintain the confidentiality of their respective personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries subsidiaries and any third parties in the possession of the Company or any of its possession subsidiaries (“Sensitive Company Data”). Neither the Company nor any of its subsidiaries has received any notice, claim, complaint, demand or letter from any person in respect of their respective businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus. The Company and its Subsidiaries subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and or any of its Subsidiariessubsidiaries. The Neither the Company and nor any of its Subsidiaries have not subsidiaries has suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customersData, employees, suppliers, vendors and nor has there been any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries), except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such breaches, compromises, incidents or unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Neither the Company and nor any of its Subsidiaries have not subsidiaries has been required to notify any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries Subsidiary have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations (“Privacy Laws”), policies and procedures, contractual obligations and applicable industry standards applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal datadata (collectively, the “Data Protection Requirements”). The Company and its Subsidiaries Subsidiary have been implemented and are in compliance in all material respects with internal maintained policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards business in accordance with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below)Privacy Laws; the Company and its Subsidiaries Subsidiary have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures, except where such non-compliance or the failure to take such steps would not, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries Subsidiary have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other sensitive, confidential or regulated information of the Company, its Subsidiaries Subsidiary and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries Subsidiary (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, operate and perform as required for the business of the Company and its Subsidiaries Subsidiary as now currently operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus, and in accordance with their documentation and functional specifications. The Company IT Assets are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its Subsidiaries Subsidiary have used reasonable efforts to establish, established and have establishedmaintained, commercially reasonable disaster recovery and security plans, procedures procedures, safeguards and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its SubsidiariesSubsidiary. The Company and its Subsidiaries Subsidiary have not suffered or incurred any security breachesbreaches or incidents, unauthorized access or disclosure, or compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, incidents, access, disclosure or compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and to the Company’s knowledge there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries Subsidiary have not been notified of, have not been required to notify any individual or governmental or regulatory authority of and have no knowledge of any event or condition that could result in, any information security breach, compromise or incident involving Sensitive Company Data. Neither the Company nor any Subsidiary (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any Data Protection Requirement, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice, (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement, or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental or regulatory authority under any Data Protection Requirement. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of any Data Protection Requirement.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Statement and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are presently in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are presently in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably in all material respects adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data Data, by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not not, to the Company’s knowledge, suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and to the Company’s knowledge, there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s and its Subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote compliance with the laws and regulations that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain compliance with such policies and procedurestheir businesses. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and or its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business businesses of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company and its Subsidiaries have used commercially reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respectspractices, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The To the Company’s knowledge, the Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly individually or in the aggregate, result in have a Material Adverse Effect. The Neither the Company and nor its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries subsidiaries have operated their business businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s and its subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote compliance with the laws and regulations that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain compliance with such policies and procedurestheir businesses. The Company and its Subsidiaries subsidiaries have taken commercially reasonable steps to maintain the confidentiality of personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and or its Subsidiaries subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business businesses of the Company and its Subsidiaries subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, in the General Time of Sale Disclosure Package and in the Prospectus. The Company and its Subsidiaries subsidiaries have used commercially reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respectspractices, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiariessubsidiaries. The To the Company’s knowledge, the Company and its Subsidiaries subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly individually or in the aggregate, result in have a Material Adverse Effect. The Neither the Company and nor its Subsidiaries subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and each of its Subsidiaries subsidiaries have operated their business respective businesses in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s Company and its subsidiaries’ collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries subsidiaries have taken commercially all reasonable steps necessary to maintain the confidentiality of their respective personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries subsidiaries and any third parties in the possession of the Company or any of its possession subsidiaries (“Sensitive Company Data”). Neither the Company nor any of its subsidiaries has received any notice, claim, complaint, demand or letter from any person in respect of their respective businesses under applicable data security and data protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and or any of its Subsidiariessubsidiaries. The Neither the Company and nor any of its Subsidiaries have not subsidiaries has suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customersData, employees, suppliers, vendors and nor has there been any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries), except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such breaches, compromises, incidents or unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Neither the Company and nor any of its Subsidiaries have not subsidiaries has been required to notify any individual or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects complied with all United States federal, state, local and non-United States privacyprivacy (including, but not limited to, the General Data Protection Regulation (EU) 2016/679, “GDPR”), data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data, except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect. The In each case except for any noncompliance that would not reasonably be expected to have a Material Adverse Effect, the Company and its Subsidiaries have been and are in compliance in all material respects with (1) internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical ; and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the 2) internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have the Company has taken reasonably appropriate steps designed to attain assure compliance with such internal policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package Package, the Prospectus and the French Listing Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and to the Company’s knowledge there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its their respective business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the their respective business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.

Privacy and Data Protection. The Company and its Subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its Subsidiaries have been and are presently in compliance in all material respects with internal policies and procedures reasonably designed to protect ensure the integrity and security of the data collected, handled or stored in connection with its business, including administrative, technical and physical safeguards with respect to the security, confidentiality and integrity of transactions and Sensitive Company Data (as defined below); the Company and its Subsidiaries have been and are presently in compliance in all material respects with the internal policies and procedures reasonably designed to promote ensure compliance with the laws and regulations Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to attain assure compliance with such policies and procedures. The Company and its Subsidiaries have taken commercially reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, and consumer information identifiable to a consumer and other confidential information of the Company, its Subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its Subsidiaries (the “Company IT Assets”) are reasonably adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its Subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its Subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its Subsidiaries. The Company and its Subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its subsidiaries)Data, except where such breaches, compromises or incidents would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect; and there has been no unauthorized or illegal use of or access to any Company IT Asset or or, to the knowledge of the Company, any Sensitive Company Data Data, by any unauthorized third party, except where such unauthorized or illegal use or access would not reasonably be expected to, singly or in the aggregate, result in a Material Adverse Effect. The Company and its Subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.