Common use of Privacy and Personal Data Clause in Contracts

Privacy and Personal Data. The privacy and security practices of the Company and each Subsidiary, including the Company Privacy Policies, conform, and at all times have conformed, to all Applicable Laws. The Company and each Subsidiary has at all times (i) provided adequate notice and obtained any necessary consents from end users required for the processing of personal data as conducted by or for the Company or any Subsidiary and (ii) abided by any privacy choices (including opt-out preferences) of end users relating to personal information (such obligations along with those contained in the Company’s Privacy Policies, collectively, “Company Privacy Commitments”). The Company and each Subsidiary has established and maintained appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Applicable Laws and Company Privacy Commitments that are designed to protect personal information collected by the Company or any Subsidiary against accidental, unauthorized, or unlawful disclosure or use. Except as set forth in Schedule 3.10(o) of the Company Disclosure Letter, no breach, security incident or violation of any data security policy in relation to personal information collected by the Company or any Subsidiary has occurred or, to the Knowledge of the Company, is threatened, and, to the Knowledge of the Company, there has been no unauthorized or illegal processing of any personal information by the Company or any Subsidiary. No circumstance has arisen in which Applicable Laws would require the Company or any Subsidiary to notify a Governmental Entity of a data security breach or security incident. Neither the Company nor any Subsidiary has received any written complaints regarding the collection, use or disclosure of personal information, and the Company is not aware of any basis for any such complaints

Privacy and Personal Data. The privacy and security practices (a) Section 4.13(a) of the Company and each Subsidiary, including Disclosure Schedule describes the Company Privacy Policies, conform, and categories of Personal Data at all times have conformed, to all Applicable Laws. The Company and each Subsidiary has at all times (i) provided adequate notice and any time collected or obtained any necessary consents from end users required for the processing of personal data as conducted by or for the Company or any Subsidiary and (ii) abided used, analyzed, scanned, transmitted, or otherwise processed by any privacy choices or for the Company (including opt-out preferenceson behalf of its customers or users) and identifies all current Company Databases, the types of end users relating to personal information (Personal Data and Company Product Data in each such obligations along with those contained Company Database, the means by which the Personal Data and Company Product Data in such Company Databases was collected or obtained, and the Company’s Privacy Policies, collectively, “Company Privacy Commitments”). The Company and each Subsidiary has established security policies that have been adopted and maintained appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Applicable Laws and respect to such Company Privacy Commitments that are designed to protect personal information collected by the Company or any Subsidiary against accidental, unauthorized, or unlawful disclosure or useDatabases. Except as set forth in Schedule 3.10(o) of the Company Disclosure Letter, no breach, security incident No material breach or violation of any data such security policy in relation to personal information collected by the Company or any Subsidiary has occurred or, to the Knowledge Company’s Knowledge, is threatened. There has been no material loss, damage, or unauthorized or illegal use, disclosure, modification, possession, interception, or other processing of or access to, or other misuse of, any of the Personal Data or other data or information in any Company Databases that would require notification to a regulatory authority under any Law. (b) Section 4.13(b) of the Company Disclosure Schedule identifies each Company Privacy Policy in effect since January 1, 2020, and identifies the period of time during which such Company Privacy Policy has been, or was, in effect. The Company has posted the applicable Privacy Policy on or otherwise provided (including to all customers of the Company, is threatened, and, ) in connection with each Company Product in a manner available to visitors and current customers. Each Company Privacy Policy has been made available to the Knowledge Buyer. The Company has, in the last three (3) years, complied in all material respects with: (i) all Company Privacy Policies and (ii) all Privacy Legal Requirements. The Company has at all times complied in all material respects with any privacy or data protection related obligations under the terms of any agreements to which the Company is a party or which otherwise bind the Company, there or to which the Company previously was a party or under which the Company otherwise was bound. Section 4.13(b) of the Company Disclosure Schedule accurately identifies (and the Company has made available a true, correct and complete copy of) each letter or other written or electronic communication that has been no unauthorized sent or illegal processing otherwise delivered by or to the Company regarding any actual, alleged or suspected violation of any personal information Privacy Legal Requirement by the Company or any SubsidiaryPerson performing for the Company, any of their respective customers or users (to the extent relating to a Company Product or any activities of any Person performing for the Company) or any Company Product, and provides a brief description of the current status of the matter referred to in such letter or communication. No circumstance has arisen To the Company’s Knowledge, there is no complaint to, or any audit, proceeding, investigation (formal or informal) or Action, in which Applicable Laws would require each case, currently pending against the Company or, to the Company’s Knowledge, any of its vendors, consultants, contractors, subcontractors or customers (in the case of vendors, consultants, contractors, subcontractors or customers, to the extent relating to any Company Product) by any individual, private or other third party, the U.S. Federal Trade Commission, any state attorney general or any Subsidiary other Governmental Entity, with respect to notify a Governmental Entity of a data security breach or security incident. Neither the Company nor any Subsidiary has received any written complaints regarding the collection, use obtainment, storage, hosting, use, disclosure, transmission, transfer, disposal, possession, interception, analysis, scanning other processing or disclosure of personal information, and the Company is not aware security of any basis for Personal Data or Company Product Data by the Company. There has been no Order or government or third party settlement directly relating to the collection, obtainment, storage, hosting, use, disclosure, transmission, transfer, disposal, possession, interception, analysis, scanning other processing or security of any such complaintsPersonal Data or Company Product Data by the Company.

Privacy and Personal Data. The privacy and security practices of the Company and each Subsidiary, including the Company Privacy Policies, conform, and at all times have conformed, to all Applicable Laws. The Company and each Subsidiary has at all times (i) provided adequate notice and obtained any necessary consents from end users required for Except as set forth in Section 3.18(q), to the processing Knowledge of personal data as conducted by or for the Company, the Company or any Subsidiary has complied with applicable Law and (ii) abided by any with its internal privacy choices (including opt-out preferences) of end users policies relating to personal information (such obligations along with those contained in the Company’s Privacy Policiesuse, collectivelycollection, “Company Privacy Commitments”). The Company storage, disclosure and each Subsidiary has established and maintained appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Applicable Laws and Company Privacy Commitments that are designed to protect personal information transfer of any Personal Data collected by the Company or any Subsidiary against accidental, unauthorized, or unlawful disclosure or use. by third parties having authorized access to the records of the Company. (ii) Except as set forth in Schedule 3.10(oSection 3.18(q), the execution, delivery and performance of this Agreement by the Company will comply with all applicable Law relating to privacy and with the Company’s privacy policies. The Company has not received any written complaint regarding the Company’s collection, use or disclosure of Personal Data. The appropriate standard terms and conditions and (where applicable) privacy policy of the Company Disclosure Letterfrom time to time, copies of which have been provided to Parent, are properly incorporated into any transaction conducted over the Internet by the Company and govern access to, and use of, any Company Website. (iii) In the past five years, no breach, security incident or violation of any data security policy in relation to personal information collected by the Company or any Subsidiary Data has occurred or, to the Knowledge of the Company, or is threatened, and, to the Knowledge of the Company, and there has been no unauthorized or illegal processing Processing of any personal information by the Company or any SubsidiaryData. No circumstance has arisen in which Applicable which: (A) Privacy Laws would require the Company or any Subsidiary to notify a Governmental Entity of a data security breach or security incident. Neither incident or (B) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company nor or any Subsidiary to notify a Governmental Entity of a data security breach. (iv) Section 3.18(q)(iv) of the Disclosure Schedule identifies and describes each distinct electronic or other database containing (in whole or in part) Personal Data maintained by or for the Company at any time (the “Company Databases”) , the types of Personal Data in each such database, the means by which the Personal Data was collected and the security policies that have been adopted and maintained with respect to each such Company Database. No breach or violation of any such security policy by the Company has received any written complaints regarding the collectionoccurred, use or disclosure of personal informationis threatened, and there has been no unauthorized or illegal use of or access to any of the data or information in any of the Company is not aware of any basis for any such complaintsDatabases.

Privacy and Personal Data. The privacy and security practices of the Company and each Subsidiary, including the Company Privacy Policies, conform, and at all times have conformed, to all Applicable Laws. The Company and each Subsidiary has at all times (i) provided adequate notice The Company has complied with Applicable Law and obtained any necessary consents from end users required for the processing of personal data as conducted by or for the Company or any Subsidiary and (ii) abided by any with its internal privacy choices (including opt-out preferences) of end users policies relating to personal information (such obligations along with those contained in the Company’s Privacy Policiesuse, collectivelycollection, “Company Privacy Commitments”). The Company storage, disclosure and each Subsidiary has established and maintained appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Applicable Laws and Company Privacy Commitments that are designed to protect personal information transfer of any Personal Data collected by the Company or by third parties having authorized access to the records of the Company. The execution, delivery and performance of this Agreement by the Company will comply with all Applicable Law relating to privacy and with the Company’s privacy policies. The Company has not received any Subsidiary against accidentalcomplaint regarding the Company’s collection, unauthorized, use or unlawful disclosure or useof Personal Data. Except as set forth in Schedule 3.10(oThe appropriate standard terms and conditions and (where applicable) privacy policy of the Company Disclosure Letterfrom time to time, no copies of which have been provided to Acquirer, are properly incorporated into any transaction conducted over the Internet by the Company and govern access to, and use of, any Company Website. (ii) No breach, security incident or violation of any data security policy in relation to personal information collected by the Company or any Subsidiary Data has occurred or, to the Knowledge of the Company, or is threatened, and, to the Knowledge of the Company, and there has been no unauthorized or illegal processing Processing of any personal information by the Company or any SubsidiaryData. No circumstance has arisen in which Applicable which: (A) Privacy Laws would require the Company or any Subsidiary to notify a Governmental Entity of a data security breach or security incident. Neither incident or (B) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company nor or any Subsidiary to notify a Governmental Entity of a data security breach. (iii) Schedule 2.9(r)(iii) of the Company Disclosure Letter identifies and describes each distinct electronic or other database containing (in whole or in part) Personal Data maintained by or for the Company at any time (the “Company Databases”), the types of Personal Data in each such database, the means by which the Personal Data was collected and the security policies that have been adopted and maintained with respect to each such Company Database. No breach or violation of any such security policy by the Company has received any written complaints regarding the collectionoccurred, use or disclosure of personal informationis threatened, and there has been no unauthorized or illegal use of or access to any of the data or information in any of the Company is not aware of any basis for any such complaintsDatabases.

Privacy and Personal Data. The privacy and security practices of the Company and each Subsidiary, including the Company Privacy Policies, conform, and at all times have conformed, to all Applicable Laws. (a) The Company has complied with applicable Law in all material respects and each Subsidiary has at all times (i) provided adequate notice and obtained any necessary consents from end users required for the processing of personal data as conducted by or for the Company or any Subsidiary and (ii) abided by any with its internal privacy choices (including opt-out preferences) of end users policies relating to personal information (such obligations along with those contained in the Company’s Privacy Policiesuse, collectivelycollection, “Company Privacy Commitments”). The Company storage, disclosure and each Subsidiary has established and maintained appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Applicable Laws and Company Privacy Commitments that are designed to protect personal information transfer of any Personal Data collected by the Company or by third parties having authorized access to the records of the Company. (b) The execution, delivery and performance of this Agreement by the Company will comply with the Company’s privacy policies. The Company has not received any Subsidiary against accidentalwritten complaint regarding the Company’s collection, unauthorized, use or unlawful disclosure or useof Personal Data. Except as set forth in Schedule 3.10(oStandard terms and conditions and (where applicable) privacy policy of the Company Disclosure Letterfrom time to time, no copies of which have been provided to Purchaser, are incorporated into any applicable sale of Company Products over the Internet by the Company and govern access to, and use of, any Company website. (c) No breach, security incident or violation of any data security policy in relation to personal information collected by Company Data has occurred or is threatened, and there has been no unauthorized or illegal processing of any Company Data. No circumstance has arisen in which: (A) Privacy Laws would require the Company or any Subsidiary to notify a Governmental Authority of a data security breach or security incident or (B) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company or any Subsidiary to notify a Governmental Authority of a data security breach. (d) Section 2.12(d) of the Disclosure Schedule identifies and describes each distinct electronic or other database containing (in whole or in part) Personal Data maintained by or for the Company at any time (the “Company Databases”), the types of Personal Data in each such database, the means by which the Personal Data was collected and the security policies that have been adopted and maintained with respect to each such Company Database. No breach or violation of any such security policy by the Company has occurred or, to the Knowledge of the Company, is threatened, and, to the Knowledge of the Company, and there has been no unauthorized or illegal processing use of or access to any personal of the data or information by in any of the Company or any Subsidiary. No circumstance has arisen in which Applicable Laws would require the Company or any Subsidiary to notify a Governmental Entity of a data security breach or security incident. Neither the Company nor any Subsidiary has received any written complaints regarding the collection, use or disclosure of personal information, and the Company is not aware of any basis for any such complaintsDatabases.