Common use of Privacy and Information Security Clause in Contracts

Privacy and Information Security. Except as set forth on Schedule 4.18, each Loan Party and each of its Subsidiaries complies, and during the past six years has complied, in all material respects with (i) HIPAA and Other Privacy Laws, (ii) their privacy policies and notices, and (iii) all contracts relating to Processing of Personal Information. No Loan Party nor any of its Subsidiaries, nor, to the knowledge of any Loan Party, any other Person, has received any notice, allegation, complaint or other communication, and to the knowledge of any Loan Party, there is no pending investigation by any Governmental Authority or payment card association, regarding any actual or possible violation of HIPAA and Other Privacy Laws by or with respect to any Loan Party or any of its Subsidiaries. To the knowledge of each Loan Party, after reasonable investigation, no Loan Party nor any of its Subsidiaries has suffered a security breach with respect to any of Personal Information and there has been no unauthorized or illegal use of or access to any Personal Information. Except as set forth on Schedule 4.18, no Loan Party nor any of its Subsidiaries has notified, or been required to notify, any Person of any information security breach involving Personal Information. Each Loan Party and its Subsidiaries employ commercially reasonable security measures that comply in all material respects with HIPAA and Other Privacy Laws to protect Personal Information within their custody or control and require the same of all vendors that Process Personal Information on their behalf. Each Loan Party and its Subsidiaries have provided all requisite notices and obtained all required consents, and satisfied all other requirements (including notification to Governmental Authorities), necessary for such Loan Party’s or such Subsidiary’s Processing (including international and onward transfer) of all Personal Information in connection with the conduct of the business as currently conducted and in connection with the consummation of the transactions contemplated hereunder.

Privacy and Information Security. Except as set forth on Schedule 4.18, each Loan Party Each of Holdings and each of its Subsidiaries complies, and during the past six five (5) years has complied, in all material respects complied with (i) HIPAA all Privacy and Other Privacy LawsInformation Security Requirements, (ii) their its privacy policies and notices, and (iii) all contracts relating to Processing of Personal InformationData, except to the extent that failure to so comply could not be reasonably expected to have a Material Adverse Effect. No Loan Party Neither Holdings nor any of its Subsidiaries, nor, to the knowledge of any Loan Party, any other Person, Subsidiaries has received in the past five (5) years any notice, allegation, complaint or other communication, and to the knowledge of any Loan Partytheir knowledge, there is no pending investigation by any Governmental Authority or payment card associationAuthority, regarding any actual or possible violation of HIPAA any Privacy and Other Privacy Laws Information Security Requirement by or with respect to any Loan Party Holdings or any of its Subsidiaries. To the knowledge of each Loan PartyHoldings and its Subsidiaries, after reasonable investigation, no Loan Party neither Holdings nor any of its Subsidiaries has suffered a security breach with respect to any of Personal Information the Company Data and there has been no unauthorized or illegal use of or access to any Personal InformationCompany Data. Except as set forth on Schedule 4.18, no Loan Party Neither Holdings nor any of its Subsidiaries has notified, or been required to notify, any Person person of any information security breach involving Personal InformationData. Each Loan Party of Holdings and its Subsidiaries employ employs commercially reasonable security measures that comply in all material respects with HIPAA all Privacy and Other Privacy Laws Information Security Requirements to protect Personal Information Company Data within their its custody or control and require requires the same of all vendors that Process Personal Information Company Data on their its behalf, except to the extent that the failure to do so could not reasonably be expected to have a Material Adverse Effect. Each Loan Party of Holdings and its Subsidiaries have has provided all requisite notices and obtained all required consents, and satisfied all other requirements (including but not limited to notification to Governmental Authorities), necessary for such Loan Party’s or such Subsidiary’s Processing (including international and onward transfer) of all Personal Information Data in connection with the conduct of the business as currently conducted and in connection with the consummation of the transactions contemplated hereunder, except to the extent that the failure to do so could not reasonably be expected to have a Material Adverse Effect.

Privacy and Information Security. Except as set forth on Schedule 4.18Each LCV Entity is and, each Loan Party and each of its Subsidiaries compliesfor the last two (2) years, and during the past six years has complied, been in all material respects compliance with (ia) HIPAA all Privacy and Other Privacy LawsInformation Security Requirements, (iib) their its internal and external privacy policies and notices, notices and (iiic) all contracts Contracts relating to the Processing of Personal InformationData. No Loan Party nor any of its Subsidiaries, LCV Entity nor, to the knowledge of any Loan PartyLCV’s Knowledge, any other Person, has received any written notice, allegation, complaint or other communication, and and, to the knowledge of any Loan PartyLCV’s Knowledge, there is no pending investigation by any Governmental Authority or payment card association, regarding any actual or possible alleged violation of HIPAA any Privacy and Other Privacy Laws Information Security Requirement by or with respect to any Loan Party or any of its SubsidiariesLCV Entity. To the knowledge of each Loan Party, after reasonable investigationLCV’s Knowledge, no Loan Party nor any of its Subsidiaries LCV Entity has suffered a security breach with respect to any of Personal Information the LCV Data and there has been no unauthorized or illegal use of or access to any Personal InformationLCV Data. Except as set forth on Schedule 4.18, no Loan Party nor any of its Subsidiaries No LCV Entity has notified, or or, to LCV’s Knowledge, has been required to notify, any Person of any information security breach involving Personal InformationData. Each Loan Party and its Subsidiaries employ LCV Entity employs and, for the last two (2) years, has employed commercially reasonable security measures that materially comply in with all material respects with HIPAA Privacy and Other Privacy Laws Information Security Requirements and are designed to protect Personal Information LCV Data within their its custody or control and require requires the same of all vendors that Process Personal Information LCV Data on their its behalf. Each Loan Party and its Subsidiaries have LCV Entity has provided all requisite notices and obtained all required consents, and satisfied all other requirements (including notification to notify Governmental Authorities), necessary ) to the extent required under the Privacy and Information Security Requirements for such Loan Party’s or such SubsidiaryLCV Entity’s Processing (including international and onward transfer) of all Personal Information Data in connection with the conduct of the business as currently conducted of such LCV Entity. The execution, delivery, performance and in connection with the consummation of the transactions transaction contemplated hereunderhereunder comply with each LCV Entity’s applicable Privacy and Information Security Requirements.