Common use of Privacy and Security Clause in Contracts

Privacy and Security. (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each The Company and its Subsidiaries, and each of their respective officers, employees, and, to the Knowledge of the Company, any processors when acting on their behalf, are in compliance in all material respects with, and for the past three (3) years have been in compliance in all material respects with, all Data Security Requirements. The Company and its Subsidiaries have established and maintain appropriate technical, physical and organizational measures and security systems and technologies in compliance with all Data Security Requirements in all material respects. In the past three (3) years all Personal Information has been collected, processed, transferred, disclosed, shared, stored, protected and used by the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects accordance with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersData Security Requirements. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person Except as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business disclosed on Section 4.26(b) of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledgeDisclosure Letter, the Company and its Subsidiaries take have in place policies and procedures for the proper collection, processing, transfer, disclosure, sharing, storing, security and use of Personal Information that comply with all commercially reasonable steps applicable Data Security Requirements in all material respects. The Company and its Subsidiaries have established and maintain appropriate technical, physical and organizational measures and security systems and technologies designed to protect ensure the operation, confidentiality, integrity and security of their respective business systems and websites Personal Information and all information Company and transactions stored Subsidiary data and to prevent any destruction, loss, alteration, corruption or contained therein misuse of or transmitted thereby against any unauthorized disclosure or improper use, access, transmittal, interruption, modification or corruption, and access thereto in compliance with all Data Security Requirements in all material respects. (c) In the past three (3) years there have has been no material breaches incident, including any breach of same. Without limiting security involving the generality disclosure of or access to Personal Information owned, stored, used, maintained or controlled by or on behalf of the Company or its Subsidiaries or (ii) unauthorized access to or disclosure of the Company’s confidential information (“Security Incident”) and the Company is not aware of any facts suggesting the likelihood of the foregoing. No circumstance has arisen in which Data Security Requirements would require the Company or its Subsidiaries to notify a person or Governmental Authority of a Security Incident. (d) In the past three (3) years, each of the Company and its Subsidiaries have not been and are not currently: (i) uses industry standard encryption technology to the Knowledge of the Company, under audit or investigation by any authority, including regarding collection, processing, transfer, disclosure, sharing, storing, protection and use of Personal Information, or (ii) has implemented a comprehensive security plan subject to any notices, claims, demands, audits, or Actions initiated against the Company or its Subsidiaries by any third party, including any Governmental Authority, alleging that (1) identifies internal the Company or its Subsidiaries have collected, processed, transferred, disclosed, shared, stored, or used Personal Information in violation of any Data Security Requirements, and external risks to the security Knowledge of the Company’s , no specific facts or its Subsidiaries’ confidential information and Personal Information and circumstances exist that might give rise to such a claim. (2e) implements, monitors and improves adequate and effective safeguards to control those risksThe performance of this Agreement will not violate any Data Security Requirement.

Privacy and Security. (a) Each The Company and each Subsidiary have, at all times, complied with applicable privacy and data security Laws and regulations, including all privacy and security rules of the Company Health Insurance Portability and its Subsidiaries complies Accountability Act of 1996, as amended (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) and their respective internal privacy policies, except where any such noncompliance would not be material to the Company and its Subsidiaries taken as a whole. The Company and each Subsidiary have been and are in material compliance with respect to: (i) all of the terms of all Contracts to which the Company or any Subsidiary is a party relating to the use, collection, storage, disclosure and transfer of any personally identifiable information (including namecollected, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used obtained by the Company or any Subsidiary or by third parties having authorized access to the records of the Company or any Subsidiary, except where any such noncompliance would not be material to the Company and its Subsidiaries taken as a whole. Each of the Websites owned or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used operated by the Company or any Subsidiary has in the past three years maintained a publicly posted privacy policy that describes the Company’s practices with respect to the collection, use and disclosure of its Subsidiaries or any of their respective business partners. (b) personally identifiable information collected by such Websites, the disclosures in which privacy policy are accurate and not misleading. Neither the Company nor any Subsidiary has in the past three years received a written complaint regarding actual, alleged or suspected violation of any Privacy Law by the Company, any of its Subsidiaries usesSubsidiaries, collectsany of their customers or any users of any Company Product. To the Knowledge of the Company, or receives the use, collection, storage, disclosure and transfer of any Personal Information or sensitive non-personally identifiable information and does not become aware collected, accessed or obtained by third parties having authorized access to the records of the identity Company or location ofany Subsidiary has, or identify or locateat all times, complied with such privacy policies and Privacy Laws, except where any particular Person as a result of any receipt of such Personal Information, in a manner which noncompliance would materially breach or violate any Privacy Laws and materially and adversely impact the business of not be material to the Company and its Subsidiaries, Subsidiaries taken as a whole. (cb) To The Company and each Subsidiary exercises ordinary and reasonable care with respect to the security of any personally identifiable information in the Company’s knowledgeor such Subsidiary’s possession, Persons with which the Company custody or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the control. The Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries Subsidiary (i) uses industry standard encryption technology implements and (ii) has implemented a comprehensive security plan that (1) identifies monitors administrative, electronic and physical safeguards to control the internal and external risks to the security of any personally identifiable information in the possession of the Company or any of its Subsidiaries; and (ii) maintains notification procedures in material compliance with Privacy Laws in the case of any breach of security compromising data containing personally identifiable information. To the Knowledge of the Company during the prior three years, neither the Company nor any Subsidiary has experienced any material breach of security or other unauthorized access by third parties to any personally identifiable information in the Company’s or its Subsidiaries’ confidential information any Subsidiary’s possession, custody or control. (c) For purposes of this Agreement, “Websites” means all Internet websites, including content, text, graphics, images, audio, video, data, databases, Software and Personal Information related items included on or used in the operation of and (2) implementsmaintenance thereof, monitors and improves adequate all documentation, ASP, HTML, DHTML, SHTML, and effective safeguards XML files, cgi and other scripts, subscriber data, archives, and server and traffic logs and all other tangible embodiments related to control those risksany of the foregoing.

Privacy and Security. (a) Each The Company and certain of its Subsidiaries are “covered entities” or “business associates” as such terms are defined under HIPAA, its implementing regulations, and the HITECH Act. The Company and its Subsidiaries complies (and requires and monitors the are in compliance of applicable third parties) in all material respects and heretofore have complied with all laws pertaining to the applicable Laws relating to privacy or data HIPAA privacy, security, and reputable industry practice, transaction standards, self-governing rules breach notification standards and policies any other related regulations, guidance, provisions and their own publishedrequirements and any comparable state Legal Requirements. Neither the Company nor any of its Subsidiaries has received any written (or, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all to the Knowledge of the foregoing collectivelyCompany, “Privacy Laws”oral) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and communication from any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by Governmental Authority that alleges that the Company or any of its Subsidiaries is not in compliance with the applicable privacy, security, transaction standards, breach notification and other provisions and requirements of HIPAA or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the comparable state Legal Requirements. In instances where Company or any of its Subsidiaries is a business associate, the Company or any such Subsidiary have the requisite privacy and security policies, procedures and systems to comply with the terms of their respective its business partnersassociate agreements. (b) Neither the Company nor any of its Subsidiaries useshas received any written (or, collectsto the Knowledge of the Company, oral) material complaints, or receives notices of inquiry or investigation, from any Personal Information Person, patient, client or sensitive non-personally identifiable information and does not become aware customer regarding its or any of the identity its agents, employees or location contractors’ uses or disclosures of, or identify security practices regarding, Protected Health Information (“PHI”), individually identifiable health information or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach other medical or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholepersonal information. (c) To The Company and its Subsidiaries have policies, procedures and systems in place to ensure the Company’s knowledgeprivacy and security of all business, Persons proprietary, individually identifiable, personal, medical and any other private information, in compliance with which Legal Requirements. In addition, the Company and its Subsidiaries have adequate policies, procedures and systems in place to prevent improper use or disclosure of, or access to, all business, proprietary, individually identifiable, personal, medical and any other private information. No breach has occurred with respect to any unsecured PHI maintained by or for the Company or any of its Subsidiaries have contractual relationships have not breached any agreements that is subject to the notification requirements, under HIPAA, the HITECH Act, or any Privacy Laws pertaining to Personal Information related regulations and to non-personally identifiable informationno information security or privacy breach event has occurred that would require notification under any comparable Legal Requirements. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each Except as would not reasonably be expected to be material to the business of the Company or the Subsidiaries, taken as a whole, (i) the Company’s and the Subsidiaries’ receipt, access, acquisition, collection, compilation, use, storage, alteration, combination processing, safeguarding, security, disposal, deletion, destruction, disclosure, sale, rental, transfer, transmission, dissemination, or otherwise making available, in each case whether or not by automated means (collectively, “Handling”), of Personal Data has been and is in compliance with all Privacy Obligations applicable to such Personal Data, (ii) the Company and the Subsidiaries maintain policies and procedures (copies of which have been made available to Parent) regarding the protection of Personal Data and reasonable and appropriate administrative, technical and physical safeguards, including implementing reasonable disaster recovery and security plans and procedures so that the Company and its Subsidiaries complies (are and requires and monitors the remain in compliance of applicable third parties) in all material respects with all Privacy Obligations applicable Laws relating to privacy them. (iii) each such policy and procedure and all materials distributed or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used marketed by the Company or any of its Subsidiaries have at all times made all disclosures to users or any of their respective business partners; customers required by its Privacy Obligations, and (iiiv) non-personally identifiable informationnone of such disclosures has been inaccurate, whether misleading or deceptive or in violation of any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersPrivacy Obligation. (b) Neither To the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware Knowledge of the identity or location Company, there has been no unauthorized acquisition of, access to, loss of or identify misuse (by any means) of Personal Data or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries’ Information Technology (and similar or related infrastructure including all associated data contained therein, taken as cloud (including public cloud), as-a-service product or service) (each a whole“Security Breach”). The Company and its Subsidiaries have not been notified in writing by any Person of, or been required by any Privacy Obligation to notify in writing any Person of, any Security Breach. The Company and its Subsidiaries have not received any notice of any material Security Breach or any claims, investigations (including investigations by a Governmental Body) or alleged material violations of Privacy Obligations with respect to Personal Data handled by any of them. No internal or independent third party audit reports have identified material security vulnerabilities in the Company and its Subsidiaries’ Information Technology (and similar or related infrastructure including all associated data contained therein, cloud (including public cloud), as-a-service product or service) or material violations of any Privacy Obligation, or documented any material compliance gaps. (c) To The Company and its Subsidiaries have obtained all requisite consents of Governmental Bodies or other authorizations of Governmental Bodies and all requisite consents from each Person that is the Company’s knowledgesubject of the Personal Data (including, Persons in each case, any required notices to such Persons) to the extent required under all Privacy Obligations. The execution, delivery and performance of this Agreement, including the transfer of data or databases or the change of data controller and data processor related thereto, complies with all Privacy Obligations. None of the Company or its Subsidiaries are subject to any contractual requirements or other legal obligations that, following the Closing, would prohibit Parent or the Surviving Corporation from receiving or using Personal Data in the manner in which the Company or any of and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining received and used such Personal Data prior to Personal Information and to non-personally identifiable informationthe Closing. (d) To the Knowledge of the Company’s knowledge, there have been no complaints, claims or warnings made or concerns raised by any Person in respect of any Personal Data, and no enforcement notice has been served on the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the Company and its Subsidiaries complies Group Companies is in compliance with (and requires and monitors supervises the compliance of applicable relevant third partiesparties with) in all material respects with all applicable Laws relating to privacy or data securitysecurity (including the Civil Code of the People's Republic of China, Personal Information Protection Law of the People's Republic of China, Data Security Law of the People's Republic of China, Law of the People's Republic of China on the Protection of Consumer Rights and Interests), and reputable industry practicepractices, standards, self-governing autonomous rules and policies and their own respective published, posted distributed and internal agreements and policies (which are in conformance consistent with reputable industry practicepractices) (all of the foregoing collectively, “above are collectively referred to as "Privacy Laws”) with Laws")with respect to: (i) sensitive personal information such as personally identifiable information (including namenames, addressaddresses, telephone numbernumbers, electronic mail addressemail addresses, social security numbernumbers, bank account number or credit card numbernumbers), sensitive personal information medical health information, and any special categories category of personal information regulated thereunder or covered thereby (“"Personal Information”)") (including the personal information of visitors to the Target Company or its Subsidiaries' respective websites, suppliers, customers and distributors) regardless of whether any of same such information is accessed or used by the Target Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including the personal information of visitors to the Target Company or its Subsidiaries' respective websites, suppliers, customers and distributors) regardless of whether any of same such non-personally identifiable information is accessed or used by the Target Company or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the purchase or placement of advertisements from reputable persons and websites; (v) internet searches relating to or using specific words or terms; (vi) the sending of solicited or unsolicited email messages; and (vii) general privacy. (b) Neither The Group Companies have published on their respective websites all policies relating to the Company nor any matters listed in Section 3.21 (a) in order to comply with the Privacy Laws. None of its Subsidiaries usesthe Group Companies is using, collects, collecting or receives receiving any Personal Information or sensitive non-personally identifiable information and does not become aware of information, or knows the identity or location of, or identify or locate, of any particular specific Person as a result of any receipt of receiving such Personal Information, in a manner which would materially breach or violate identifies or locates any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholespecific Person. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information information, personal information, or personal data as defined in applicable Privacy Laws (including but not limited to name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Websites, suppliers, clients, employees, contractors, and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s Websites, suppliers, clients, employees, contractors, and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) Neither The Company post all policies with respect to the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, matters set forth in a manner which would materially breach or violate any Section 3.31(a) on their respective Websites in conformance with Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeLaws. (c) (i) To the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to Software downloads that resulted in the installation of the Company’s tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take takes all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks. (e) The Company and its businesses, products and services, is in compliance with and has at all times complied with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all (if any) such cardholder data that has come into its possession. The Company has not received notice that it is in non-compliance with any PCI DSS standards. The Company has never experienced a security breach involving any such cardholder data. No claims have been asserted or are threatened against the Company by any Person alleging a violation of any of the foregoing and there have been no known incidents of breach of any of the foregoing by the Company. For purposes of this Section 3.31, “Software” shall mean any and all computer programs, software (in object and source code), firmware, middleware, applications, API’s, web widgets, code and related algorithms, models and methodologies, files, documentation and all other tangible embodiments thereof.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data securityLaws, and reputable industry practice, standards, self-governing rules and policies and their its own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: to (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and , (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners, (iii) spyware and adware, (iv) the procurement or placement of advertising from or with reputable Persons and websites, (v) the use of internet searches associated with or using particular words or terms, (vi) the sending of solicited or unsolicited electronic mail messages and (vii) privacy generally. The Company posts all policies with respect to the matters set forth in this Section 3.21(a) on its websites in conformance with Privacy Laws. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (ci) To the knowledge of the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not materially breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable software that launches without a user’s express activation and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to software downloads that resulted in the installation of any of the Company’s tracking technologies. (dc) To Except as set forth on Section 3.21(c) of the Company’s knowledgeDisclosure Schedules, the Company and its Subsidiaries take all commercially takes reasonable steps to protect the operation, confidentiality, integrity and security of their respective business its software, systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each The Seller has made available or delivered to the Purchaser true and correct copies of all material terms and conditions, terms of service, and privacy notices or similar policies that relate to the privacy, security, or Processing of Personal Information by the Seller in the Business and, to the Knowledge of the Company and its Subsidiaries complies (and requires and monitors the compliance Seller, none of applicable third parties) in all material respects with all applicable Laws relating to privacy those documents contain any representations or data securitystatements that are or were inaccurate, and reputable industry practicemisleading, standardsunfair, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersdeceptive when made. (b) Neither To the Company nor any Knowledge of its Subsidiaries usesthe Seller, collectsthe Seller, or receives any with respect to the Business and each Seller Product, has always been and is currently in compliance with all applicable Privacy Laws and the Seller’s Personal Information or sensitive Obligations in all material respects, including, without limitation, as may relate to the privacy, security, and Processing of Personal Information relating to clinical trial participants, patients, and end users of the Seller Products. The Seller has not received any written notice from any Person (including any Government Entity) with respect to any non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate compliance with any Privacy Laws and materially and adversely impact or the business of Seller’s Personal Information Obligations, in each case with respect to the Company and its Subsidiaries, taken as a wholeBusiness. (c) To the Company’s knowledgeKnowledge of the Seller, Persons with which respect to the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Business, no Personal Information and has ever been disclosed by the Seller or transferred from the Seller to non-personally identifiable informationany Person or to any jurisdiction in any material respect, except (A) where the Seller had all necessary rights, authorizations, permissions, or consents to do so, or (B) where such disclosure or transfer was permitted by applicable Privacy Laws. (d) To the Company’s knowledgeKnowledge of the Seller, neither the execution nor delivery of this Agreement, the Company transactions contemplated hereby, the performance of the Seller’s obligations hereunder, nor the transfer of any Personal Information to the Purchaser will violate any Privacy Laws or the Seller’s Personal Information Obligations in any material respect or require notice to or consent from any Person for continued Processing of Personal Information in any material respect. To the Knowledge of the Seller, the Seller has all material appropriate authorizations, consents, certifications, and its Subsidiaries take all rights to Process any Personal Information in the manner in which the Seller has Processed such information with respect to the Business, to continue Processing Personal Information in the same manner after Closing with respect to the Business, and to transfer Personal Information to the Purchaser as contemplated in this Agreement. To the Knowledge of the Seller, the Seller has retained the records of such authorizations or consents with respect to the Business as may be required by applicable Laws. (e) The Seller has established and implemented commercially reasonable steps policies, procedures, and safeguards, consistent with industry standards and any applicable Privacy Laws, to protect the confidentiality, integrity, operation, confidentiality, integrity and security of their respective business systems the material IT Systems used by the Seller (and websites and all the information and transactions stored or contained therein or transmitted thereby processed on those IT Systems), including against any unauthorized Processing, or improper useany interruption, corruption or vulnerability. (f) Except as would not be material to the Seller, to the Knowledge of the Seller, neither the Seller with respect to the Business, nor any Person who Processes Personal Information on behalf of the Seller with respect to the Business, has experienced any loss, damage, unauthorized access, transmittalunauthorized disclosure, interruptionimproper alteration, modification misuse, or corruption, and there have been no material breaches of same. Without limiting the generality breach of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the privacy or security of the Company’s or its Subsidiaries’ confidential information and any Personal Information and (2) implementsin the Seller’s possession, monitors and improves adequate and effective safeguards to control those riskscustody, or control, or that is processed on its behalf.

Privacy and Security. (a) Each of the The Company and each of its Subsidiaries complies (and and, as required by Privacy Laws, requires and monitors the compliance of applicable third partiesparties that process Personal Information on behalf of the Company or a Subsidiary) in all material respects with all applicable U.S., state, foreign and multinational Laws (including Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (General Data Protection Regulation), the Computer Fraud and Abuse Act (and all state and foreign Laws similar thereto), the Children’s Online Privacy Protection Act and the California Consumer Privacy Act) relating to privacy or data security, and reputable binding industry practice, standards, standards and self-governing rules and policies and their the Company’s and each of its Subsidiaries’ own published, posted and internal agreements and policies (which are in conformance with reputable industry practicepractice for similarly-sized companies performing similar services) (all of the foregoing collectively, “Privacy Laws”) with respect to, if and as applicable: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s or its Subsidiaries’ respective Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners;; (ii) spyware and adware; (iii) the procurement or placement of advertising from or with Persons and Websites to the extent required by Privacy Laws; (iv) the use of Internet searches associated with or using particular words or terms to the extent such data is Personal Information; and (iiv) non-personally identifiable information, whether any the sending of same is accessed solicited or used by the Company or any of its Subsidiaries or any of their respective business partnersunsolicited electronic mail messages. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the The Company and its Subsidiaries, taken Subsidiaries post all policies with respect to the matters set forth in Section 3.20(a) on their respective Websites in conformance with and as a wholerequired by Privacy Laws. (c) To the Company’s knowledge, : (i) the advertisers and other Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information processed on behalf of the Company (including Privacy Laws regarding spyware and adware), (ii) neither the Company nor any of its Subsidiaries serves advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) neither the Company nor any of its Subsidiaries has received (and does not have knowledge of) a material volume of consumer complaints relative to non-personally identifiable informationSoftware downloads that resulted in the installation of the Company’s or any of its Subsidiaries’ respective tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially reasonable steps designed to protect the operation, confidentiality, integrity and security of their respective business systems Software, Systems and websites Websites and all information and transactions Personal Information stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, to the extent required by Privacy Laws, each of the Company and its Subsidiaries (i) uses industry standard encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that is designed to (1A) identifies identify internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implementsimplement, monitors monitor and improves adequate and effective improve safeguards to control those risks. (e) To the extent applicable, each of the Company and its Subsidiaries, and each of their respective businesses, products and services, is in compliance in all material respects with and has at all times materially complied with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all (if any) such cardholder data that has come into its possession. Neither the Company nor any of its Subsidiaries has received written notice that it is in non-compliance with any PCI DSS standards. The Company has never experienced a security breach involving any such cardholder data. No written claims have been asserted or, to the knowledge of the Company, are threatened against the Company or any of its Subsidiaries by any Person alleging a violation of any of the foregoing and there have been no known incidents of breach of any of the foregoing by the Company or any of its Subsidiaries.

Privacy and Security. (a) Each With respect to any Personal Information collected or processed by or on behalf of the Company and or its Subsidiaries: (i) the Company, its Subsidiaries complies and, to the Company’s knowledge, its vendors and subcontractors (and requires and monitors with respect to work performed on behalf of the compliance of applicable third partiesCompany or its Subsidiaries) at all times have complied in all material respects with all applicable U.S., state and foreign Laws relating to privacy or data security(“Privacy Laws”), and reputable standard industry practice, standards, self-governing rules and policies practices and their own published, posted posted, and internal agreements and policies (which are in conformance material compliance with reputable industry practice) (all of the foregoing collectively, “applicable Privacy Laws”) with respect to: to (iA) personally identifiable information the collection, use, disclosure, protection and transfer of Personal Information; (including name, address, telephone number, B) the sending of solicited or unsolicited electronic marketing communications and electronic mail address, social security number, bank account number or credit card number), messages; (C) spyware and adware; and (D) the confidentiality of sensitive personal information and any special categories of personal information regulated thereunder information; (ii) no written claims have been asserted and, to the Company’s knowledge, no claims are threatened against the Company or covered thereby (“Personal Information”), whether any of same is accessed or used its Subsidiaries by any Person alleging a violation of any Privacy Laws by the Company or any of its Subsidiaries or any Subsidiaries; (iii) without limiting the generality of their respective business partners; and (ii) non-personally identifiable informationthe foregoing, whether any of same is accessed or used by the Company or any and each of its Subsidiaries or any is and at times has been in compliance with all applicable provisions of their respective business partners.the Xxxxx-Xxxxx-Xxxxxx Act and the rules and regulations related thereto; (biv) Neither except as set forth on Schedule 3.20, neither the Company nor any of its Subsidiaries uses, collects, or receives transfers any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of across national borders; and (v) the Company and its Subsidiaries, taken as a wholeSubsidiaries post all policies with respect to the matters set forth in Section 3.20(a)(i) on their websites in conformance with Privacy Laws. (cb) To the Company’s knowledge, the tax preparation firms and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not materially breached any agreements with the Company or its Subsidiaries or any Privacy Laws pertaining to Personal Information and with respect to non-personally identifiable informationthe Company’s relationship with such firm or Person. (dc) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially and have taken reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems Software, Systems and websites and all information and transactions stored or contained therein or transmitted thereby websites, including any of the foregoing that are involved in the collection and/or processing of Personal Information, against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks. The Company and its Subsidiaries have implemented and maintain, consistent with applicable Privacy Laws and their obligations to third parties, backup procedures and disaster recovery plans for their Software, Systems and websites. (d) Neither the Company nor any of its Subsidiaries nor, to the knowledge of the Company, any vendor or subcontractor of the Company or any of its Subsidiaries with respect to work performed on behalf of the Company or such Subsidiary, has: (i) experienced a material security breach of any System or website resulting in the unauthorized acquisition, disclosure or use of Personal Information since the date that is three years prior to the date of this Agreement (in the case of such vendors or subcontractors, that involved Personal Information obtained from or on behalf of the Company or any of its Subsidiaries); (ii) been required pursuant to any Privacy Law to notify customers, consumers or employees of any security breach related to the Personal Information of such customers, consumers or employees; or (iii) been the subject of any inquiry, investigation or enforcement action of any Governmental Authority with respect to compliance with any Privacy Law.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies comply (and requires require and monitors use reasonable efforts to monitor the compliance of applicable third partiesPersons) in all material respects with all applicable federal, state, foreign and multinational Laws relating to privacy or data securitythe privacy, protection security and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) other Processing of Personal Information (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and including obtaining all consents required for compliance in all material respects with Privacy Laws from any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by Person about whom the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersProcesses Personal Information. (b) Neither The Company and its Subsidiaries have since the Lookback Date (i) documented internal and publicly available written policies and procedures relating to the Processing of Personal Information of or about employees, customers, vendors, suppliers and other Persons that are necessary for compliance with Privacy Laws (collectively, “Company nor any Data Protection Policies” ), (ii) implemented and used reasonable efforts to monitor compliance with all Company Data Protection Policies, and (iii) made all of their current and past versions of Company Data Protection Policies in effect since the Lookback Date available to Parent. The Company and each of its Subsidiaries useshave since the Lookback Date, collects, or receives any Personal Information or sensitive non-personally identifiable information and does except as is not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of material to the Company and its Subsidiaries, taken as a whole, ensured that each Person that Processes Personal Information for or on behalf of any of the Company or its Subsidiaries are subject to binding contractual obligations concerning compliance with Privacy Laws and complies in all material respects with any applicable Company Data Protection Policies. (ci) To the Company’s knowledge, the Persons with which the Company or any of and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware) relating to their services for the Company and its Subsidiaries and (ii) the Company and its Subsidiaries do not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially reasonable steps in conformance in all material respects with Privacy Laws to protect the operation, confidentiality, integrity integrity, availability and security of their respective business systems Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper unlawful use, access, transmittal, interruption, modification modification, unavailability, corruption or corruption, and there have been no material breaches of sameother Processing. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries use adequate-strength encryption technology of at least 128-bit as part of employing encryption in their businesses in a commercially reasonable manner. Since the Lookback Date, there has been no material (i) uses industry standard encryption technology and unauthorized Processing of Personal Information by the Company or its Subsidiaries, (ii) has implemented a comprehensive security plan that (1) identifies internal breach or intrusion into the Software, Systems and external risks to the security Websites of the Company’s Company or any of its Subsidiaries’ confidential information , or (iii) action or circumstance requiring the Company or any of its Subsidiaries to notify a Governmental Authority of a data security breach or violation of any Privacy Laws. No Person (including any Governmental Entity) has commenced any Action involving the Company or any of its Subsidiaries with respect to loss, damage, or unauthorized access, use, modification or other Processing of any Personal Information. (e) The execution and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksperformance of this Agreement will not constitute a violation by the Company or any of its Subsidiaries of Company Data Protection Policies or Privacy Laws.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies comply (and requires require and monitors monitor the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security(including the Children’s Online Privacy Protection Act, Telephone Consumers Protection Act and California Civil Code section 1798.81.5), reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s and its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such information of visitors who use the Company’s and its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) Neither The Company and its Subsidiaries post all policies with respect to the matters set forth in Section 3.20(a) on its Websites in conformance with Privacy Laws. Except as set forth on Schedule 3.20(b) of the Disclosure Schedule or to the extent the individual to which such Personal Information relates has given the Company nor any of or its applicable Subsidiary his or her consent, the Company and its Subsidiaries usesdo not use, collectscollect, or receives receive any Personal Information or sensitive non-personally identifiable information and does do not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws Information and materially and adversely impact the business of no Personal Information that is collected by the Company and or any its Subsidiaries is used or transferred by the Company or its Subsidiaries, taken as a whole. (c) (i) To the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to Software downloads that resulted in the installation of any of the Company’s tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially takes reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) complies, in all material respects respects, with all applicable Laws relating to privacy or data securityLaws, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Websites), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any information (including such Personal Information of same is accessed visitors who use the Company’s Websites); (iii) spyware and adware; (iv) the procurement or used by placement of advertising from or with Persons and Websites; (v) the Company use of Internet searches associated with or any using particular words or terms; and (vi) the sending of its Subsidiaries solicited or any of their respective business partnersunsolicited electronic mail messages. (b) Neither The Company posts policies with respect to the matters set forth in Section 3.21(a) on its Websites in conformance with Privacy Laws. The Company’s privacy policy discloses how the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does the Company is in compliance in all material respects with the terms of its published privacy policy. Except as set forth on Section 3.21(b) of the Disclosure Schedules, the Company and its Subsidiaries do not use, collect, or receive any Personal Information or sensitive non-personally identifiable information and do not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach Information and no Personal Information that is collected by the Company or violate any Privacy Laws and materially and adversely impact the business of its Subsidiaries is used or transferred by the Company and its Subsidiaries, taken as Subsidiaries in a wholemanner to which the individual to which such Personal Information relates has not given the Company or its Subsidiaries his or her consent. (ci) To the knowledge of the Company’s knowledge, the customers, suppliers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) any consumer complaints relative to Software downloads that resulted in the installation of any of the Company’s tracking technologies. (d) To Except for disclosures of information required by Law or specifically authorized by the Company’s knowledgeprovider of the Personal Information, the Company and its Subsidiaries do not sell, rent or otherwise make available to third parties any Personal Information and no claims have been asserted or, to the knowledge of the Company, threatened with respect to the Company’s or its Subsidiaries’ receipt, collection, use, storage, processing, disclosure or disposal of Personal Information. The Company has not received (and does not have knowledge of) any complaints from any consumer or any Governmental Authority with respect to privacy and security. (e) The Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks. (f) All technology and computer systems and infrastructure, including software, hardware, middleware, servers, workstations, routers, and all other information technology software or equipment relating to the transmission, storage, maintenance, organization, presentation, generation, processing, analysis or other use of data and information whether or not in electronic format, used by or for the Company and its Subsidiaries (collectively, “Company IT Systems”) are in good working condition to effectively perform all information technology operations necessary to conduct the business of the Company and its Subsidiaries in all material respects and provide sufficient redundancy and speed to meet industry standards relating to high availability. The Company and its Subsidiaries have taken all commercially reasonable steps in accordance with industry standards to secure such Company IT Systems from unauthorized access or use by any Person, and to ensure the continued, uninterrupted and error-free operation of the Company IT Systems. Such Company IT Systems are adequate in all respects for their intended use and are in good working condition (normal wear and tear excepted), and are free of all viruses, worms, malware, trojan horses and other known contaminants and do not contain any bugs, errors or problems of a nature that would disrupt their operation or have an adverse and material impact on the operation of such Company IT Systems. There has not been any major malfunction with respect to any of such Company IT Systems in the last five years preceding the date hereof that has not been remedied or replaced in all material respects. The Company and its Subsidiaries have in place a commercially reasonable and prudent disaster recovery program, including the regular back-up and prompt recovery of the data and information necessary and material to the conduct of the business of the Company and its Subsidiaries (including such data and information that is stored in the ordinary course) without material disruption to, or material interruption in, the conduct of their business. The Company IT Systems are and have been sufficient to satisfy all obligations under customer contracts with respect to privacy and security matters, data protection, availability, redundancy and disaster recovery, including any service level agreements set forth therein.

Privacy and Security. (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy All information or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used collected by the Company or any of its Subsidiaries from consumers, or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used acquired by the Company or any of its Subsidiaries about consumers, including personally identifiable information and aggregate or anonymous information (collectively, “PII”), has been collected, has been and is being used and has been and is being held in compliance with all Laws and Orders of any Governmental or Regulatory Authority. The Company and each of their respective business partners. its Subsidiaries has at all times presented a privacy policy (b“Privacy Policy”) to consumers prior to the collection of any PII. The Privacy Policy, and any other representations, marketing materials, and advertisements that address privacy issues and the treatment of PII, accurately and completely describe the Company’s or such Subsidiary’s information practices in regard to PII that it collects, maintains, stores, accesses, transfers, processes, uses or discloses (collectively, “Processing”). The Company and each of its Subsidiaries has given all notices, made all disclosures, and obtained all necessary consents related to the Processing of PII required by the Privacy Policy, applicable laws, and Contracts and no such notices, disclosures or consent requests have been inaccurate, misleading or deceptive. Neither the Company nor any of its Subsidiaries useshas collected any information online from children under the age of 13 without verifiable parental consent or directed any of its websites to children under the age of 13 through which such information could be obtained. The Company and each of its Subsidiaries has stored and maintained PII in a secure manner, collectsusing commercially reasonable technical measures, or receives any Personal Information or sensitive non-personally identifiable information to assure the integrity and does not become aware security of the identity or location ofdata and to prevent loss, or identify or locatealteration, any particular Person as a result of any receipt of such Personal Informationcorruption, in a manner which would materially breach or violate any Privacy Laws misuse and materially and adversely impact the business of the unauthorized access to PII. The Company and each of its SubsidiariesSubsidiaries destroyed or otherwise rendered irretrievable any records, taken as a whole. (c) To the Company’s knowledgewhether electronic or paper-based, Persons with which containing PII that the Company or such Subsidiary sought to dispose of in the ordinary course of business. All third party access to PII has been subject to written confidentiality requirements. There has been no unauthorized access to or disclosure of PII. The transfer of PII hereunder complies with all applicable Laws and Orders relating to such transfer and with the Privacy Policy, Contracts and other obligations in regard to PII. Neither the Company nor any of its Subsidiaries have contractual relationships have not breached has received any agreements claims, notices or any Privacy Laws pertaining to Personal Information complaints regarding its information practices and to non-personally identifiable informationProcessing of PII. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data securityLaws, and reputable industry practice, standards, self-governing rules and policies and their its own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: to (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and , (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners, (iii) spyware and adware, (iv) the procurement or placement of advertising from or with reputable Persons and websites, (v) the use of internet searches associated with or using particular words or terms, (vi) the sending of solicited or unsolicited electronic mail messages and (vii) privacy generally. The Company posts all policies with respect to the matters set forth in this Section 3.21(a) on its websites in conformance with Privacy Laws. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (ci) To the knowledge of the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not materially breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable software that launches without a user’s express activation and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to software downloads that resulted in the installation of any of the Company’s tracking technologies. (dc) To Except as set forth on Section 3.21(c) of the Company’s knowledgeDisclosure Schedules, the Company and its Subsidiaries take all commercially takes reasonable steps to protect the operation, confidentiality, integrity and security of their respective business its software, systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the Company The Seller, Media Sub and its Subsidiaries their Affiliates each complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their its own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including but not limited to name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of users of Seller’s, Media Sub’s or their Affiliates’ websites, suppliers and distributors), whether any of same is accessed or used by the Company Seller or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationspyware and adware; (iii) the sending of solicited or unsolicited electronic mail messages; and (iv) confidential or classified information or information whose use, whether possession or disclosure is regulated or restricted by any of same is accessed or used by Government Entity. The Seller, Media Sub and their Affiliates post all policies with respect to Personal Information on its websites in conformance with applicable Laws. Except as disclosed in the Company or any of its Subsidiaries or any of Seller’s posted privacy statement (the “Privacy Statement”), neither the Seller, Media Sub nor their respective business partners. (b) Neither the Company nor any of its Subsidiaries Affiliates uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locateidentify, any particular Person as a result of any receipt of such Personal Information, . (b) The Purchased Business does not engage in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact behavioral advertising; however in the business instance of the Company Purchased Business’ use of the Google Ad Network, the Purchased Business complies with the IAB Self-Regulatory Program for Online Behavioral Advertising as it pertains to ad choices, by displaying the “Advertising Option Icon.” Neither the Seller, Media Sub nor their Affiliates has received (and its Subsidiaries, taken as has no Knowledge of) a wholematerial volume of consumer complaints relative to software downloads that resulted in the installation of any tracking technologies. (c) To the Company’s knowledgeThe Seller, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information Media Sub and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries their Affiliates take all commercially reasonable steps consistent with generally accepted industry standards to protect the operation, confidentiality, integrity and security of their respective business software, systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and and, within the 12-month period ending on the date hereof, there have been no material breaches of samesame that would require by Law notification or remedial action. Without limiting the generality of the foregoing, each of the Company Seller, Media Sub and its Subsidiaries their Affiliates (i) uses industry standard use encryption technology of at least 128-bit and (ii) has implemented a comprehensive consistently implement security plan that upgrades, infrastructure and processes to (1A) identifies identify internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implementsimplement, monitors monitor and improves improve adequate and effective safeguards to control those risks. (d) The Seller, Media Sub and their Affiliates have the right to transfer to the Buyers all Personal Information owned or held by them pursuant to the terms of this Agreement and such transfer shall not violate any applicable Privacy Laws or other Laws provided that the Buyers adhere to the terms of the Privacy Statement following the Closing. The Buyers’ use such Personal Information in the manner it was used by the Seller and/or Media Sub prior to Closing will comply in all material respects with applicable Privacy Laws or other Laws as described in Section 5.22(a).

Privacy and Security. (a) Each of the The Company and each of its Subsidiaries complies (and requires and monitors uses commercially reasonable efforts to monitor the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company or Company, any of its Subsidiaries Subsidiaries, or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company or Company, any of its Subsidiaries Subsidiaries, or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) The Company posts all policies with respect to the matters set forth in Section 4.20(a) on its Website in conformance with Privacy Laws. Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information of its customers or Website users and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the knowledge of the Company’s knowledge, the Persons with which the Company or and any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware). (d) To the Company’s knowledge, the The Company and its Subsidiaries take all takes commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and each of its Subsidiaries at all times has complied and complies in all material respects (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws (including EC Directive 95/46 and its implementations in the EU Member States, the Computer Fraud and Abuse Act (and all state and foreign Laws similar thereto), the Children’s Online Privacy Protection Act and California Civil Code section 1798.81.5) relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in material conformance with reputable generally-adopted industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information that is the subject of applicable Privacy Laws and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information. To the Knowledge of the Sellers, whether any of same is accessed there are no facts or used circumstances that would reasonably be expected to give rise to a violation by the Company or any of its Subsidiaries or of any of their respective business partnersPrivacy Law. (b) The Company and its Subsidiaries post all policies with respect to the matters set forth in Section 3.22(a) on their respective Websites in conformance with Privacy Laws. Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, except as disclosed in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholesuch policies. (c) To the Company’s knowledgeKnowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements with the Company or its Subsidiaries or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationwhich such Persons have received access from the Company or any of its Subsidiaries. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby (including all customer, employee and other confidential information) against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and and, to the Company’s Knowledge, there have been no material such unauthorized or improper use, access, transmittal, interruption, modification or corruption and breaches of samethe security of such Software, Systems or Websites that would trigger any notice or other legal obligations of the Company or its Subsidiaries under applicable Privacy Laws. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks. The Company’s and its Subsidiaries’ Software and Systems (including the Systems operated by vendors or subcontractors on behalf of the Company or any of its Subsidiaries) (x) are adequate for the conduct of the respective businesses of the Company and its Subsidiaries as currently conducted and contemplated to be conducted, and provide sufficient redundancy and speed to materially meet widely adopted standards of comparable businesses in the Company’s industry relating to high availability and (y) are, in all material respects, in good working order and condition and have been used and maintained in accordance with their documentation and manufacturer’s requirements and applicable insurance policies. Neither the Company nor any of its Subsidiaries has experienced any material disruption to, or material interruption in, its Systems, or the services provided by the Company or its Subsidiaries through the use of the Systems. The Company and its Subsidiaries have implemented commercially reasonable disaster recovery plans, including the regular back-up and prompt recovery of the data and information necessary to the conduct of the business of the Company and its Subsidiaries. (e) Each of the Company and its Subsidiaries, and each of their respective businesses, products and services, is in compliance with and has at all times complied with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all (if any) such cardholder data that has come into its possession. Neither the Company nor any of its Subsidiaries has received written notice that it is in non-compliance with any PCI DSS standards. The Company has never experienced a security breach involving any such cardholder data which would trigger any notice or other legal obligations of the Company or its Subsidiaries under applicable Privacy Laws or the PCI DSS. The Company or any of its Subsidiaries has not received any claims by any Person alleging that the Company or any of its Subsidiaries have violated the PCI DSS, and there have been no known incidents of breach of the PCI DSS by the Company or any of its Subsidiaries.

Privacy and Security. (a) Each of Since January 1, 2014, the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) have complied in all material respects with all applicable Laws relating Laws, practices standard to privacy or data securitytheir industry (including the Xxxxx-Xxxxx-Xxxxxx Act and the PCI DSS), and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all respect to the collection, use, disclosure, storage and destruction of Personal Information of individuals who visit any of the foregoing collectively, “Privacy Laws”) Company’s or any of its Subsidiaries’ websites or who otherwise communicate with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number the Company or credit card number), sensitive personal information and any special categories of personal information regulated thereunder its Subsidiaries about the Company or covered thereby (“Personal Information”)any of its Subsidiaries, whether any of same is accessed or used by the Company or any of its Subsidiaries or business partners (“Privacy Obligations”). No claims have been asserted and, to the knowledge of Seller, no claim is threatened against the Company or any of their respective business partners; and (ii) non-personally identifiable information, whether its Subsidiaries by any Person alleging a violation of same is accessed or used any Privacy Obligations by the Company or any of its Subsidiaries or and, to the knowledge of Seller, there is no basis for any of their respective business partnerssuch claim nor is any such claim expected. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person Other than as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To specified by the Company’s knowledge, Persons with which the Company privacy statements or any of its Subsidiaries have contractual relationships have not breached any agreements or any as prohibited by Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledgeObligations, the Company and its Subsidiaries take all are not restricted in their collection, use, distribution disclosure, storage or destruction of Personal Information. (c) The Company and its Subsidiaries have established and are in compliance with a written information security program that (i) includes administrative, technical and physical measures designed to safeguard their software and systems and the information and transactions stored therein or processed or transmitted thereby, (ii) is designed to protect against unauthorized access to their systems and data, and (iii) satisfies the requirements of applicable Law and the PCI DSS. The Company and its Subsidiaries have implemented commercially reasonable steps written business continuity and disaster recovery plans and procedures with respect to protect the operation, confidentiality, integrity Company’s and security of their respective business its Subsidiaries’ software and systems and websites information and transactions stored therein or processed or transmitted thereby. Except as set forth on Schedule 2.20(c), the Company and its Subsidiaries have not been notified by any third Person of, nor does Seller have any knowledge of, any material data security, information security or other technological deficiency with respect to the Company’s and its Subsidiaries’ or its subcontractors’ or agents’ software, systems and all information and transactions stored or contained therein or transmitted thereby against any that present a risk of unauthorized or improper disclosure, use, access, transmittal, interruption, modification corruption or corruptionloss of any Personal Information. For purposes of the preceding sentence, and there notwithstanding anything to the contrary in this Agreement, the term “knowledge” means the actual or deemed knowledge of the persons listed in Section 8.12(iiii); an individual will be deemed to have knowledge of a particular fact, circumstance, event or other matter if such knowledge would have been no material breaches obtained as a result of sameinquiry that would reasonably be expected from an individual who has the duties and responsibilities of such individual in the customary performance of such duties and responsibilities. Without limiting The Company’s and its Subsidiaries’ software and systems are (x) adequate for the generality conduct of the foregoing, each respective businesses of the Company and its Subsidiaries (i) uses industry standard encryption technology as currently conducted and (iiy) in all material respects, in good working order and condition. Except as set forth on Schedule 2.20(c), neither the Company nor any of its Subsidiaries has implemented experienced any disruption to, or interruption in, its systems, or the services provided by the Company or its Subsidiaries through the use of the systems that has had a comprehensive security plan that material adverse effect on the business of the Company and its Subsidiaries. (1d) identifies internal and external risks Neither the Company nor any of its Subsidiaries, nor to the security knowledge of Seller any subcontractor or agent of the Company’s Company or any of its Subsidiaries’ confidential information , has suffered a security breach with respect to its data or systems that has had a material adverse effect on the business of the Company and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksits Subsidiaries.

Privacy and Security. (a) Each of the Company and its Subsidiaries Acquiror complies (and requires and monitors uses commercially reasonable efforts to monitor the compliance of applicable third parties) in all material respects with all applicable Privacy Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information Personal Information (including namesuch Personal Information of visitors who use Acquiror’s Website, addresssuppliers, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information clients and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”distributors), whether any of same is accessed or used by the Company Acquiror or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use Acquiror’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company Acquiror or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) Neither Acquiror posts all policies with respect to the Company nor any of matters set forth in Section 5.18(a) on its Subsidiaries usesWebsite in conformance with Privacy Laws. Acquiror does not use, collectscollect, or receives receive any Personal Information or sensitive non-personally identifiable information of its customers or Website users and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledgeknowledge of Acquiror, the Persons with which the Company or any of its Subsidiaries have Acquiror has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware). (d) To the Company’s knowledge, the Company and its Subsidiaries take all Acquiror takes commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or 44 improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (Subsidiaries’ comply and requires and monitors the compliance of applicable third parties) at all times have complied, in all material respects (including compliance with all applicable Laws relating to privacy or data securitythe use of Protected Health Information (PHI, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practiceas that term is defined under HIPAA) (all of the foregoing collectively, “Privacy Laws”) with respect towith: (i) HIPAA and Other Privacy Laws; (ii) PCI DSS, as applicable; and (iii) all obligations under Company Contracts (including Business Associate Agreements) and other commitments to third parties (including any privacy notices) relating to PHI or other personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal InformationPII”). (b) No Claim has been filed, whether any commenced or, to the Knowledge of same is accessed or used by the Company, threatened against the Company or any of its Subsidiaries by any Person alleging a violation of such Person’s privacy or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed confidentiality rights under HIPAA or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Other Privacy Law. Neither the Company nor any of its Subsidiaries uses(i) is, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware to the Knowledge of the identity Company, under investigation by any Governmental Authority for a violation of HIPAA or location ofOther Privacy Law, including with respect to any alleged Breach (as that term is defined under HIPAA) or identify or locateany other material violation of HIPAA by the Company, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken or any of either of their respective “workforce” (as used solely in this instance and as such term is defined under HIPAA in 45 C.F.R. § 160.103); (ii) has received during the previous six (6) years any written complaints, audit requests, or notices or inquiries from any Governmental Authority or other person (including any customer, subcontractor, or Business Associate (as that term is defined under HIPAA)) regarding the Company’s, a wholeSubsidiary’s, or any of either of their respective agents’, employees’ or contractors’ use of PHI or PII. (c) To the Knowledge of the Company, there has been no breach of the security of the Company’s knowledgeor any of its Subsidiaries’ computer systems or networks, Persons with or unauthorized access, use, or disclosure of or to any PHI or PII used by or on behalf of the Company or any of its Subsidiaries, including any unauthorized use or disclosure of PHI or PII that would constitute a breach for which notification by the Company to individuals and/or Governmental Authority is required under any applicable Laws. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries or its or their Business Associates or subcontractors have experienced any Breach of Unsecured PHI, or Security Incident (as those terms are defined under HIPAA). During the previous six (6) years, to the Knowledge of the Company, the Company and its Subsidiaries have identified, documented, investigated, contained, and eradicated each Security Incident related to PHI, PII, or other confidential data of the Company, any of its Subsidiaries or any customer of the Company or any of its Subsidiaries have contractual relationships have not breached any agreements that was transmitted, processed, maintained, stored, or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationotherwise available on or through the Company’s or its Subsidiaries’ network or information technology systems. (d) To The Company and its Subsidiaries have entered into a Business Associate Agreement with a third party in each instance in which a Business Associate Agreement is required under HIPAA. The Company and its Subsidiaries are, and at all times have been, in compliance in all material respects with all Business Associate Agreements to which any of the Company’s knowledgeCompany or its Subsidiaries is a party or is otherwise bound. Where required under HIPAA, the Company and its Subsidiaries take have entered into reasonable and appropriate Business Associate Agreements with all commercially reasonable steps subcontractors engaged by the Company or any of its Subsidiaries. (e) The Company and its Subsidiaries have at all times complied in all material respects with all rules, policies, and procedures established by the Company and its Subsidiaries from time to protect time and as applicable with respect to the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored electronic PHI gathered or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches accessed in the course of same. Without limiting the generality of the foregoing, each operations of the Company and its Subsidiaries (ithe “Information Policies and Procedures”). The Company has made available to Buyer true and complete copies of all Information Policies and Procedures currently in place or in process for the Company and its Subsidiaries. (f) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks Except as set forth on Schedule 2.23(f), to the Knowledge of the Company, there have been no unauthorized intrusions or breaches of the security of the Company’s computer software, middleware and systems, firmware, information technology equipment, and associated documentation used or relied upon by the Company or its Subsidiaries’ confidential information and Personal Information and Subsidiaries in connection with the operation of its business (2the “IT Assets”). The IT Assets have not malfunctioned or failed during the previous five (5) implements, monitors and improves adequate and effective safeguards years in a manner that has caused or would reasonably be expected to control those riskscause material disruption to the business.

Privacy and Security. (a) Each Except as set forth on Section 3.14(a)(i) of the Company Disclosure Schedule, the Seller and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all each of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information Companies and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps taken such actions as are reasonably necessary to protect the operation, confidentiality, integrity and security of their respective business systems and websites all Systems (and all information and transactions stored or contained therein or transmitted thereby or processed thereby) used in the Business as currently conducted against any unauthorized or improper use, access, transmittaldisclosure, copying, interruption, modification or corruption, in all material respects, and except as set forth on Section 3.14(a)(ii) of the Disclosure Schedule, there have has been no material breaches occurrence of any of same. Without limiting the generality . (b) Except as set forth on Section 3.14(b) of the foregoingDisclosure Schedule, the Seller and each of the Companies and the Company Subsidiaries has obtained all consents to the collection, use and disclosure of personal information of identifiable individuals collected by the Companies or the Company Subsidiaries (“Personal Information”) necessary to conduct the Business as currently conducted. (c) The Companies and the Company Subsidiaries have all necessary backup, archival and disaster recovery plans and Systems as are reasonably necessary to protect against interruption of the Business. (d) Each of the Companies, the Company Subsidiaries and the Business, and with respect to the Companies, the Company Subsidiaries and the Business, the Seller and each of its Affiliates, is and since July 1, 2005 has been, in compliance, in all material respects, with, and is not in material default or violation of, any posted policies of the Companies or the Company Subsidiaries regarding privacy, data security and Personal Information. (e) There are no restrictions on the Companies’ or the Company Subsidiaries’ collection, use, disclosure and retention of Personal Information except as provided by privacy Laws and the Companies’ and the Company Subsidiaries’ own privacy policies. (f) There are no inquiries or Actions, whether statutory or otherwise, pending or, to the Knowledge of the Seller, threatened with respect to the Companies’ or the Company Subsidiaries’ collection, use, disclosure or retention of personal information. (g) Section 3.14(g) of the Disclosure Schedule sets forth: (i) uses industry standard encryption technology all current privacy policies of the Companies and the Company Subsidiaries and copies of all publications of the Companies and the Company Subsidiaries describing such privacy policies; (ii) has implemented copies of all privacy audits conducted by or on behalf of the Companies and the Company Subsidiaries and a comprehensive security plan that (1) identifies internal description of any investigations or audits of the Companies and external risks the Company Subsidiaries that, to the security Knowledge of the Company’s Seller, were performed by any Governmental Authority under any privacy Law and a copy of any report or its Subsidiaries’ confidential information Contract related to such investigations or audits where the Seller was provided a copy of such report or Contract by such Governmental Authority; (iii) a list of the types, by category, of Personal Information collected by or on behalf of the Companies or the Company Subsidiaries since July 1, 2006; (iv) a list of all countries in which the Companies and the Company Subsidiaries collect, store and use Personal Information and a description of the internal use made by the Companies and the Company Subsidiaries of such Personal Information; (2v) implementsa description of the use made by third parties of Personal Information collected by the Companies or the Company Subsidiaries and a list of all (A) third parties to whom such Personal Information is disclosed, monitors and improves adequate (B) related Contracts with such third parties (including non-disclosure agreements); (vi) a copy of all forms of consent currently used by the Companies and effective safeguards the Company Subsidiaries in respect of Personal Information; and (vii) a list or description of all letters or other written communications received by either of the Companies or any of the Company Subsidiaries since July 1, 2007 from any Governmental Authority or individual making a request for information relating to control those risksany alleged unauthorized use or disclosure of Personal Information (it being understood that this clause (vii) is not intended to include routine letters or general mailings by such Governmental Authorities that are not targeted to the Companies or any of the Company Subsidiaries).

Privacy and Security. (a) Each Since January 1, 2021, in respect of the Company Product Operations, Sellers and its their Subsidiaries complies (have complied and requires and monitors the are in compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy of all Governmental Entities, or any self-regulating organization, regarding privacy, security or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies protection (which are in conformance with reputable industry practice) (all of the foregoing collectively, the “Privacy Laws”). Sellers and their Subsidiaries have maintained, enforced and complied with in all material respects with all written privacy, security and data protection policies (collectively, the “Privacy Policies”) with respect to any confidential information used in the Product Operations. Neither this Agreement nor any Transaction Documents will violate the terms and conditions of any Privacy Policies, any applicable Privacy Laws or the privacy rights of any Person. (b) Each Seller, each of its Subsidiaries and each of its Affiliates has not, in respect of the Product Operations, received any oral or written notice of investigation for potential breach of any Privacy Laws with respect to: (i) personally identifiable information (including but not limited to name, address, telephone number, electronic mail email address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of users of Sellers’, their Subsidiaries or their Affiliates’ Internet, web, digital and mobile sites, and mobile applications, suppliers and distributors), whether any of same is accessed or used by the Company or any of its Sellers, their Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationspyware and adware; (iii) the sending of solicited or unsolicited electronic mail messages; and (iv) confidential or classified information or information whose use, whether possession or disclosure is regulated or restricted by any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeGovernmental Entity. (c) To the Company’s knowledgeSellers, Persons with which the Company or any of its their Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries their Affiliates take all commercially reasonable steps consistent with generally accepted industry standards to protect the operation, confidentiality, integrity and security of their respective business the Software, systems and websites Internet, web, digital and mobile sites of the Product Operations, and mobile applications and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and, within the twenty-four (24)-month period ending on the date hereof, and there have been no material breaches of same. Without limiting same that would require by applicable Law notification or remedial action. (d) Sellers, their Subsidiaries and their Affiliates have the generality right to transfer to Buyer all Personal Information included in the Purchased Assets owned or held by them pursuant to the terms of this Agreement and such transfer shall not violate any applicable Privacy Laws or other applicable Laws; provided that Buyer adheres to the terms of the foregoing, each privacy statement and all applicable Privacy Laws and other Laws following the Closing. Buyer’s use of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and such Personal Information and (2) implements, monitors and improves adequate and effective safeguards in the manner it was used by Seller prior to control those risksClosing will comply in all material respects with applicable Privacy Laws or other applicable Laws.

Privacy and Security. (a) Each The Seller and each of the Company and its Subsidiaries Affiliates complies (and requires and monitors the compliance of applicable third parties) in all material respects with with, and has not received any oral or written notice of investigation for potential breach of, all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their its own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including but not limited to name, address, telephone number, electronic mail email address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of users of Seller’s or its Affiliates’ Websites, suppliers and distributors), whether any of same is accessed or used by the Company Seller or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationspyware and adware; (iii) the sending of solicited or unsolicited electronic mail messages; and (iv) confidential or classified information or information whose use, whether possession or disclosure is regulated or restricted by any of same is accessed or used by Governmental Entity. The Seller and its Affiliates post all policies with respect to Personal Information on its Websites in conformance with applicable Laws. Except as disclosed in the Company or any of Seller’s posted privacy statement (the “Privacy Statement”), neither the Seller nor its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries Affiliates uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locateidentify, any particular Person as a result of any receipt of such Personal Information, . (b) The Business does not engage in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholebehavioral advertising. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company The Seller and its Subsidiaries Affiliates take all commercially reasonable steps consistent with generally accepted industry standards to protect the operation, confidentiality, integrity and security of their respective business software, systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and and, within the 24-month period ending on the date hereof, there have been no material breaches of samesame that would require by applicable Law notification or remedial action. Without limiting the generality of the foregoing, each of the Company Seller and its Subsidiaries Affiliates (i) uses industry standard use encryption technology of at least 128-bit and (ii) has implemented a comprehensive consistently implement security plan that upgrades, infrastructure and processes to (1A) identifies identify internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implementsimplement, monitors monitor and improves improve adequate and effective safeguards to control those risks. (d) The Seller and its Affiliates have the right to transfer to the Buyer all Personal Information owned or held by them pursuant to the terms of this Agreement and such transfer shall not violate any applicable Privacy Laws or other applicable Laws provided that the Buyer adheres to the terms of the Privacy Statement and all applicable Privacy Laws and other Laws following the Closing. The Buyer’s use of such Personal Information in the manner it was used by the Seller prior to Closing will comply in all material respects with applicable Privacy Laws or other applicable Laws.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, security applicable to the Company and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and the Company’s published policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any spyware and adware; (iii) the procurement or placement of same is accessed advertising from or used with reputable Persons and Websites that uses Personal Information collected by the Company Company; and (iv) the sending of solicited or any of its Subsidiaries or any of their respective business partnersunsolicited electronic mail messages. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (ci) To the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to non-personally identifiable informationSoftware downloads that resulted in the installation of the Company’s tracking technologies. (dc) To the Company’s knowledge, the The Company and its Subsidiaries take all takes commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting To the generality knowledge of the foregoingCompany, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the not experienced any breach of security of any Personal Information or proprietary information in the Company’s possession, custody, or control. (d) The Company is in compliance with and has at all times complied with all requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) applicable to the Company relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all (if any) such cardholder data that has come into its Subsidiaries’ confidential information possession. The Company has not received notice that it is in non-compliance with any PCI DSS standards. The Company has never experienced a security breach involving any such cardholder data. No claims are pending or have been threatened in writing against the Company by any Person alleging a violation of any of the foregoing and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksthere have been no known incidents of breach of any of the foregoing by the Company.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies comply (and requires require and monitors monitor the compliance of applicable third parties) in all material respects (i) with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security(including the Children’s Online Privacy Protection Act and California Civil Code section 1798.81.5), and reputable industry practice, standards, self-governing rules and policies and (ii) their own respective published, posted and internal agreements and policies (which are in material conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (iA) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s or any of its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersSubsidiaries; and (iiB) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s or its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries Subsidiaries’; (C) spyware and adware; (D) the procurement or any placement of their respective business partnersadvertising from or with reputable third parties and Websites; (E) the use of Internet searches associated with or using particular words or terms; and (F) the sending of solicited or unsolicited electronic mail messages. (b) Neither the The Company nor any of and its Subsidiaries usespost all policies with respect to the matters set forth in Section 3.20(a) on its Websites in material conformance with Privacy Laws. The Company and its Subsidiaries do not use, collects, collect or receives receive any Personal Information or sensitive non-personally identifiable information and does do not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any each case other than in material conformance with the Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeLaws. (c) (i) To the knowledge of the Company’s knowledge, the advertisers and other Persons with which the Company or any of and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company and its Subsidiaries do not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company and its Subsidiaries have not received (and do not have knowledge of) a material volume of consumer complaints relative to Software downloads that resulted in the installation of any of the Company’s or its Subsidiaries’ tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting . (e) To the generality knowledge of the foregoingCompany, each no claims have been asserted or threatened in writing against the Company or any of its Subsidiaries alleging a violation of any Person’s data rights, privacy or Personal Information. To the Company’s knowledge, the consummation of the transactions contemplated hereby will not breach or otherwise cause any violation of any Privacy Law related to data protection, privacy or the collection and use of Personal Information by or on behalf of the Company and or any of its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to in the security conduct of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksbusiness.

Privacy and Security. (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in has at all material respects times complied with all applicable Laws and its respective privacy policies relating to privacy privacy, data protection and the collection and use of Personally Identifiable Information gathered or data securityaccessed in the course of its operations, and reputable industry practicemaintains reasonable administrative, standards, self-governing rules technical and physical processes and policies designed to safeguard the integrity of Personally Identifiable Information and their own publishedto prevent unauthorized access to, posted misuse or alteration of, such data necessary to comply with applicable Law and internal agreements the applicable terms of any Contract to which it is a party and policies (which are is in conformance material compliance with reputable industry practice) (all such policies, and each of the foregoing collectivelyCompany and its Subsidiaries has been in material compliance with all prior privacy policies of the Company and its Subsidiaries in effect from time to time. No claims have been asserted in writing or, to the Knowledge of the Company, threatened against the Company or any of its Subsidiaries alleging an improper use of Personally Identifiable Information. The execution and delivery of this Agreement or any Ancillary Agreement and the consummation of the transactions contemplated hereby and thereby will not breach or otherwise cause any material violation of any privacy policy of the Company or any of its Subsidiaries. (b) There has been no violation by the Company or any of its Subsidiaries of the rights of any Person with respect to Personally Identifiable Information under international, foreign (including, without limitation, any Law of any Governmental Entity located in Europe or Asia), U.S. and state Laws (including, without limitation, California SB 27, California Consumer Protection Against Computer Spyware Act, California Civil Code 1798.81.5 and the Data Protection Act 1998), including all rights respecting (A) privacy generally, (B) the obtaining, storing, using or transmitting of Personally Identifiable Information of any type, whether via electronic means or otherwise, and (C) spyware and adware (the rights described in clauses (A)-(C) are referred to herein collectively as “Privacy Rights”). For purposes of this Agreement, “Privacy Laws”) with respect Personally Identifiable Information” means data in control of the Company or any of its Subsidiaries that would enable the Company or any of its Subsidiaries to identify or locate a particular individual, including, but not limited to: (i) personally identifiable information (including , the name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories number of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersan individual. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the Company The Company’s and its Subsidiaries Subsidiaries’ past and present collection, use, analysis, disclosure, transfer, retention, storage, security, and dissemination of Personal Information complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by Contract to which the Company or any of its Subsidiaries is a party or any of their respective business partners; and (ii) non-personally identifiable informationany applicable Laws, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersincluding Privacy and Security Laws and Requirements. (b) Neither the Company nor any of its Subsidiaries usesnor any of their respective officers, collectsdirectors, employees or receives any Personal Information or sensitive non-personally identifiable information and does not become aware consultants: (i) is, to the Knowledge of the identity or location ofCompany, or identify or locate, under investigation by any particular Person as Government Entity for a result violation of any receipt Privacy and Security Laws and Requirements; (ii) has received any written notices from any Person or Government Entity relating to any such violations; and (iii) is, to the Knowledge of such the Company, subject to any Liability with respect to the loss, damage or unauthorized access, use, disclosure, modification or other misuse of Personal Information, and no such Liability has been threatened in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholewriting. (c) To The Company and its Subsidiaries have, contractually or otherwise, required their Third Party service providers who access, use, process, or further disclose Personal Information and/or Sensitive Information to adhere to the Company’s knowledgeand its Subsidiaries’ corporate policies, Persons with which including those applicable to data privacy, data security, and Personal Information, and all applicable Laws. (d) Complete and accurate copies of any written complaints, claims or demands delivered to the Company or any of its Subsidiaries alleging a violation of any Privacy and Security Laws and Requirements have contractual relationships have not breached been provided to Buyer. (e) There has been no unauthorized use or disclosure of Personal Information of any agreements Third Party by the Company or any of its Subsidiaries or unauthorized use or disclosure of Personal Information of the Company or its Subsidiaries that would constitute a breach for which notification to individuals and/or regulatory authorities is required under any applicable Privacy and Security Laws and Requirements. To the Knowledge of the Company, there has been no unauthorized access to, use, disclosure, transfer (including transfers between jurisdictions) or misuse of, Personal Information owned, licensed or maintained by, or on behalf of, the Company or any of its Subsidiaries, and the Company and each of its Subsidiaries takes and has at all times taken commercially reasonable steps required by applicable Privacy Laws pertaining and Requirements to protect the privacy of any Personal Information collected by the Company or any of its Subsidiaries or on its behalf, to maintain in confidence such Personal Information and to non-personally identifiable informationprevent such unauthorized access, use, disclosure and misuse. (df) To Neither the Company nor any of its Subsidiaries has provided any service to any Third Party nor have any products or services offered or provided by the Company or any of its Subsidiaries been used by the Company or any of its Subsidiaries, or to the Knowledge of the Company, by any Third Party for “offensive” activities, including cyber warfare, unauthorized cyber-attacks or interventions on non-Company products or systems, or the manufacture or acquisition of cyber weapons. Neither the Company nor any of its Subsidiaries offers to any Customer or other Person, and have not engaged in any, such “offensive” activities, using either products or services developed by the Company or any of its Subsidiaries or products or services developed by and/or acquired from Third Parties. (g) The Company’s and each of its Subsidiary’s information security practices conforms in all material respects with (i) any information security statements in its respective privacy policies at the time each privacy policy was in effect and (ii) any public statement regarding the Company’s knowledgeor any of its Subsidiaries information security practices. No Proceeding has been asserted, or, to the Knowledge of the Company, threatened against the Company or any of its Subsidiaries or, to the Knowledge of the Company, any of their officers, directors or employees (in their capacity as such) by any Person with respect to the security of their use, disclosure or transfer of Personal Information. All Databases owned, controlled, held or used by the Company or any of its Subsidiaries and required to be registered under applicable Laws have been properly registered and maintained (other than with respect to Personal Information of employees and service providers), and the data therein has been used by the Company and its Subsidiaries take all commercially reasonable steps solely as permitted pursuant to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of samesuch registrations. Without limiting the generality of the foregoing, each of Any consents required to be obtained by the Company under Privacy Laws and Requirements for the collection, processing, transfer and other use of Personal Information by the Company or any of its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to for the security conduct of the Company’s or any of its Subsidiaries’ confidential information Subsidiary’s business have been obtained. Except as set forth in Schedule 2.26(g), the Company and Personal Information each of its Subsidiaries is and has been in compliance with all laws relating to data security, data loss, theft and breach of security notification obligations, including the Protection of Privacy Regulations (2Data Security), 2017. (h) implementsThe execution, monitors delivery and improves adequate performance of this Agreement by the Company will not result in a violation of Privacy and effective safeguards to control those risksSecurity Laws and Requirements.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies are, and at all times during the three (and requires and monitors 3) prior to the date hereof, have been, in compliance of applicable third parties) in all material respects with all applicable Laws relating of the following to privacy or the extent pertaining to data protection, data privacy, data security, data breach and reputable industry practicesecurity incident notification, standardsdata localization, selfand cross-governing rules border data transfer in the United States of America and policies elsewhere in the world and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all applicable to the conduct of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and all Laws (“Privacy Laws”) (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks or published policies or notices relating to the Company’s and its Subsidiaries’ collection, use, storage, disclosure, processing, handling, protection, or cross-border transfer (“Processing”) of Personal Information; (iii) terms of any Contracts to which the Company and its Subsidiaries are bound; and (iv) industry standards or codes-of-conduct to which the Company and its Subsidiaries are legally bound relating to the Company’s and its Subsidiaries’ Processing of Personal Information (collectively, “Privacy Requirements”). (b) Except as set forth on Schedule 5.24(b), in the three (3) years prior to the date hereof, the Company and its Subsidiaries have not received any subpoenas, demands, notices, fines, enforcement measures, orders, or court orders from any governmental, data protection authority, or other entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Privacy Laws. To the knowledge of the Company, neither the Company nor any of its Subsidiaries is under investigation by any Governmental Body or other entity for any actual or potential violation of any Privacy Laws. (c) The Company and its Subsidiaries have taken commercially reasonable steps, compliant with applicable Privacy Requirements, designed to protect (i) the operation, confidentiality, integrity, and security of the Company’s or and its Subsidiaries’ confidential information and IT Assets that are involved in the Processing of Personal Information and (2ii) implementsPersonal Information in the Company’s and its Subsidiaries’ possession or control from unauthorized use, monitors and improves adequate and effective safeguards access, disclosure, deletion, or modification. (d) Except as set forth on Schedule 5.24(d), in the three (3) years prior to control those risksthe date hereof, neither the Company nor its Subsidiaries has experienced any material failures, crashes, security incidents, data breaches, unauthorized access, use, or disclosure, or other adverse events or incidents, in each case, related to Personal Information that would require, in any material respect, notification by the Company of individuals, law enforcement, any Governmental Body, customers, vendors, or any others or any remedial action under any applicable Privacy Requirements. Except as set forth on Schedule 5.24(d), to the knowledge of the Company, there are no pending complaints, actions, fines, or other penalties levied against the Company or its Subsidiaries, in connection with any such failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure; or other adverse events or incidents.

Privacy and Security. (a) Each The Company and each of its Subsidiaries are, and have at all times been, in compliance with (i) all Laws regarding the protection, storage, use, and disclosure of Personal Data; (ii) the privacy policies and other Contracts (or portions thereof) in effect between such Company and customers and end users of such Company’s products and services, and (iii) Contracts (or portions thereof) between such Company or any of its Subsidiaries, and vendors, marketing affiliates, and other business partners, in each case in clauses (ii) and (iii), that are applicable to the use and disclosure of Personal Data (such policies and Contracts being hereinafter referred to as “Privacy Agreements”). The Company has delivered or made available to Buyer accurate and complete copies of all of the Privacy Agreements of such Company and its Subsidiaries. The Privacy Agreements do not require the delivery of any notice to or consent from any Person, or prohibit the transfer of Personal Data collected and in the possession or control of such Company to Buyer, in connection with the execution, delivery, or performance of this Agreement or the consummation of any of the transactions contemplated by this Agreement. The Company and its Affiliates have confidentiality agreements in place with all vendors or other Persons whose relationship with such Company or any of its Affiliates involves the collection, use, disclosure, storage, or processing of Personal Data on behalf of such Company or any of its Affiliates, which agreements require such Persons to protect such Personal Data in a manner consistent with such Company’s and its Affiliates’ obligations in the Privacy Agreements and in compliance with applicable Laws. Neither the execution, delivery or performance of this Agreement, nor the consummation of any of the transactions contemplated by this Agreement will result in any violation of any Privacy Agreements or any Law pertaining to privacy or Personal Data. The Company and its Subsidiaries complies (and requires and monitors have safeguards in place to protect Personal Data in the compliance Company’s or any of applicable its Subsidiaries’ possession or control from unauthorized access by third parties) in all material respects with all applicable Laws relating , including the Company’s and its Subsidiaries’ employees and contractors that are, to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all the Knowledge of the foregoing collectivelySellers, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number reasonable. No Person has made any illegal or credit card number), sensitive personal information unauthorized use of Personal Data that was collected by or on behalf of the Company or its Subsidiaries and is in the possession or control of any special categories of personal information regulated thereunder Company or covered thereby (“Personal Information”), whether any of same is accessed or used by its Subsidiaries. Further, there has not been any data security breach in connection with Personal Data that would require the Company or any of its Subsidiaries to notify a Person or Governmental Authority of such breach. There is no pending Action, and, to the Knowledge of the Sellers, no Person has threatened to commence any Action alleging that any Person has made any illegal or unauthorized use of their respective business partners; and (ii) non-personally identifiable information, whether any Personal Data that was collected by or behalf of same is accessed or used by the Company or any of its Subsidiaries and is in the possession or control of the Company or any of their respective business partnersits Subsidiaries. (b) The Company and its Subsidiaries post policies with respect to the matters set forth in Section 3.21(a) on any websites used by the Company or its Subsidiaries in connection with the Business in conformance with Laws regarding Personal Data. The Company’s and its Subsidiaries’ privacy policies disclose how the Company and its Subsidiaries use, collect and receive Personal Data and sensitive non-personally identifiable information and the Company and its Subsidiaries are in compliance in all material respects with the terms of their published privacy policy. (c) (i) To the Knowledge of the Sellers, the advertisers and other Persons with which the Company or its Subsidiaries have entered into Privacy Agreements have not breached any such Privacy Agreements or any Laws regarding Personal Data, (ii) the Company and its Subsidiaries do not serve advertisements into advertising inventory created by downloadable software that launches without a user’s express activation and (iii) the Company and its Subsidiaries have not received, to the Knowledge of the Sellers, a material volume of consumer complaints relative to software downloads that resulted in the installation of any of the Company’s or its Subsidiaries’ tracking technologies. (d) Each of the Company and each of its Subsidiaries, is in compliance, in all material respects, with and has at all times complied, in all material respects, with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all such cardholder data that has come into its possession. Neither the Company nor any of its Subsidiaries uses, collectshas received written, or receives any Personal Information or sensitive reasonably definitive oral, notice that it is in non-personally identifiable information and does not become aware compliance with any PCI DSS standards. To the Knowledge of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledgeSellers, the Company and its Subsidiaries take are in compliance with all commercially reasonable steps PCI DSS standards that are expected to protect be implemented in the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same12 months following the date hereof. Without limiting the generality of the foregoing, each of Neither the Company and nor any of its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented ever experienced a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksbreach involving any such cardholder data.

Privacy and Security. (a) Each of The Companies and their respective Subsidiaries comply, and during the Company and its Subsidiaries complies past five (and requires and monitors the compliance of applicable third parties5) years have complied, in all material respects respects, with (i) all applicable Laws relating to Privacy and Security Requirements governing the receipt and Processing of Personal Information and Customer Data and the provision of their respective products and services and (ii) all of their respective policies regarding privacy or and data security, including all Business Privacy Policies (as defined in Section 3.20(b) below) and reputable industry practicesimilar disclosures published on their respective websites or otherwise communicated to third parties. The Companies and their respective Subsidiaries have implemented and have at all times during the past five (5) years maintained commercially reasonable measures that provide assurance that the Companies and their respective Subsidiaries comply with Privacy and Security Requirements and that the Companies and their respective Subsidiaries will not acquire, standardsfail to secure, selfor Process such Personal Information or Customer Data in a manner that (1) violates Privacy and Security Requirements, (2) is inconsistent with any notice to or consent from the provider of Personal Information or Customer Data, (3) violates any policy adopted by the Companies and their respective Subsidiaries, (4) breaches any commitment in any Contract made by the Companies and their respective Subsidiaries that is applicable to such Personal Information or Customer Data, or (5) violates any Business Privacy Policies. (b) True and correct copies of all applicable current internal and customer or user-governing rules facing statements of the Companies’ and their respective Subsidiaries’ policies and their own publishedpractices, posted and internal agreements and policies regarding the Processing of Customer Data or Personal Information or otherwise pertaining to the privacy of any individual (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Business Privacy LawsPolicies”) have been provided to Buyer. The Companies and their respective Subsidiaries have at all times, posted Business Privacy Policies on their respective websites, mobile applications, or in a location as required under applicable Privacy and Security Requirements. The Companies and their respective Subsidiaries have complied with respect all Business Privacy Policies and requirements in any Contract related to Customer Data and Personal Information. No disclosures made or contained in any Business Privacy Policy have been inaccurate, misleading, or deceptive (in any case, including by omission), or in violation of any Privacy and Security Requirements. When used by a customer or user for their intended purpose, the products and services of the Companies and their respective Representatives will not cause the customer or user to violate any Privacy and Security Requirements. (c) None of the Companies or any of their respective Subsidiaries have received any, and, to the Seller’s knowledge, there is no complaint, audit, proceeding, investigation, or claim currently pending against, the Companies or their respective Subsidiaries by (i) any private party, or (ii) any Governmental Authority, relating to the Processing of Personal Information or Customer Data by the Companies or their respective Subsidiaries, or the Companies’ and their respective Subsidiaries’ data protection or information security practices. None of the Companies or any of their respective Subsidiaries has received, and the Companies and their respective Subsidiaries have no knowledge of any circumstance that has given rise to or would reasonably be expected to give rise to any notice, complaint, warrant, judicial order, regulatory opinion, inquiry or investigative demand regarding the Companies’ and their respective Subsidiaries’ Processing of Personal Information or Customer Data or the Companies’ and their respective Subsidiaries’ data protection or information security practices. None of the Companies or any of their respective Subsidiaries has received any notice, judicial order, regulatory opinion, or inquiry, and none of the Companies or any of their respective Subsidiaries has knowledge of any circumstance, (1) alleging or confirming non-compliance with any applicable Privacy and Security Requirements or Business Privacy Policies; (2) prohibiting or threatening to prohibit the transfer of Personal Information to any place; or (3) permitting or mandating any Governmental Authority to investigate, requisition information from, or enter the premises of the Companies and their respective Subsidiaries. None of the Companies or any of their respective Subsidiaries has acted or failed to act in a manner that would trigger a notification or reporting requirement to any Person or Governmental Authority under any applicable Privacy and Security Requirements related to the Processing of Personal Information. The Companies and their respective Subsidiaries do not sell, rent, or otherwise make available to third parties, other than service providers in the provision of services to Companies or their respective Subsidiaries, any Customer Data or Personal Information. (d) The Companies and their respective Subsidiaries have established and maintain written information security policies and programs that govern the collection and Processing of Sensitive Company Information and that are designed to protect the Companies’ and their respective Subsidiaries’ information technology systems (collectively, the “Security Policies”). The Companies and their respective Subsidiaries comply, and during the past five (5) years have complied, in all material respects, with such Security Policies. The Security Policies are designed to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information technology systems and Personal Information Sensitive Company Information; (ii) implement appropriate administrative, organizational, technical, electronic and (2) implements, monitors and improves adequate and effective physical safeguards to control those risksrisks and safeguard the security, confidentiality, integrity, and availability of the information technology systems and Sensitive Company Information; (iii) protect against unauthorized access to the information technology systems and Sensitive Company Information (including on the systems of third parties with access to Sensitive Company Information); (iv) maintain notification procedures in compliance with the Privacy and Security Requirements in the case of any breach of security that actually compromises or is reasonably suspected to compromise the information technology systems or Customer Data or Personal Information; and (v) comply with all applicable Privacy and Security Requirements. The Seller has made available to the Buyer true, complete and accurate copies of such Security Policies. The Company and its Subsidiaries have implemented and routinely tested commercially standard business continuity and disaster recovery plans relating to such the information technology systems and Sensitive Company Information. (e) The Company contractually obligates, and at all times during the past five (5) years has contractually obligated, third parties that Process Sensitive Company Information to comply with the Security Policies, the Companies’ and their respective Subsidiaries’ obligations under Privacy and Security Requirements, and the Companies’ and their respective Subsidiaries’ other obligations in any Contract, including any confidentiality obligations with respect to Sensitive Company Information. The Seller, the Companies and their respective Subsidiaries have no knowledge that any such third parties, in their provision of services to Company or the Subsidiaries, have breached or failed to comply with relevant contractual obligations, Security Policies, Business Privacy Policies, applicable Laws, or Privacy and Security Requirements. (f) The Companies and their respective Subsidiaries use, and during the past five (5) years have used, in all material respects, commercially reasonable methods and technology to secure Sensitive Company Information and the Companies’ and their respective Subsidiaries’ information technology systems from loss, theft, unauthorized Processing, or modification, and such methods and technology comply, in all material respects, with Privacy and Security Requirements, the Business Privacy Policies, and the Security Policies. Such methods and technology are designed to ensure the confidentiality, integrity, and availability of Sensitive Company Information and the Companies’ and their respective Subsidiaries’ information technology systems. The Companies and their respective Subsidiaries have not experienced any material Data Security Incident within the past five (5) years. The Companies and their respective Subsidiaries have made all notifications to Persons, Governmental Authorities, customers, individuals or other third parties required by Law to be made by any Company or any Subsidiary of any Company by any Privacy and Security Requirements or Contracts arising out of or relating to any Data Security Incident with respect to any Personal Information within their custody or control. (g) The Companies and their respective Subsidiaries have: (i) provided adequate notice and obtained any necessary consents required for the Processing, of Personal Information and Customer Data under Privacy and Security Requirements, the Security Policies and Business Privacy Policies, (ii) complied with any Contract, agreement, permit, license or other obligation regarding the collection, Processing, recording, organization, storage, adaption or alteration, retrieval, consultation, or combination of Personal Information and Customer Data; and (iii) abided by any applicable opt-outs related to Personal Information and Customer Data. (h) The Companies and their respective Subsidiaries hold all applicable permits and licenses, and have made all applicable governmental filings required under Privacy and Security Requirements to Process Personal Information. Where required by Privacy and Security Requirements, the Companies and their respective Subsidiaries have established and implemented a legal basis for the cross-border transfer of Personal Information and Customer Data. Neither the execution, delivery, or performance of this Agreement (or any of the ancillary agreements) nor the consummation of any of the Transactions, nor Company or Buyer’s possession of the Customer Data, Personal Information or any data or information in the information technology systems, will result in any material violation of any Business Privacy Policy or any Privacy and Security Requirements. The use of the Customer Data, Personal Information or any data or information in the information technology systems, by Buyer on the Closing Date (after giving effect to the transactions contemplated by this Agreement) does not result in any material violation of any Business Privacy Policy or any Privacy and Security Requirements so long as such use is materially consistent with Company’s current uses.

Privacy and Security. (a) Each of Except as would not be material to the Company and its Subsidiaries complies (and requires and monitors taken as a whole, the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data securityCompany Group's receipt, collection, monitoring, maintenance, creation, transmission, use, analysis, disclosure, storage, disposal, and reputable industry practicesecurity of Personal Information materially complies, standardsand during the past two (2) years has materially complied, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect towith: (i) personally identifiable information all Privacy and Security Laws; (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information ii) PCI DSS; (iii) applicable Contracts; (iv) Privacy and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersSecurity Policies; and (iiv) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information all consents and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of authorizations that apply to the Company and its Subsidiaries' receipt, access, use, and disclosure of Personal Information, in the case of the foregoing clauses (i) – (v), as applicable. Except as would not be material to the Company and its Subsidiaries taken as a whole, the Company Group have all necessary authority, consents, and authorizations to receive, access, use, and disclose the Personal Information in the Company Group's possession or under their control in connection with the Business, except as would not be material to the Company and its Subsidiaries taken as a whole. (cb) To the Company’s knowledge's Knowledge, Persons with which the Company Group is not under investigation by any Governmental Authority for a violation of any Privacy and Security Laws, except as would not be material to the Company and its Subsidiaries taken as a whole. The Company Group has not been subject to any Order, proceeding, or investigation with respect to any actual or alleged noncompliance with any Privacy and Security Law, except as would not be material to the Company and its Subsidiaries taken as a whole. The Company Group has not received any written complaint alleging a violation of any Privacy and Security Law. (c) Except as would not be material to the Company and its Subsidiaries taken as a whole, the Company Group has not suffered, discovered, or been notified in writing of any unauthorized acquisition, use, disclosure or breach of, or access to, any protected health information (as defined in 45 C.F.R. § 160.103) or other Personal Information that constitutes a security breach violation under any Privacy and Security Law. Except as would not be material to the Company and its Subsidiaries taken as a whole, the Company Group has not notified any affected Person (including any Governmental Authority) or the media of any breach of Personal Information. To the Company's Knowledge, no third party that receives or has access to the Personal Information of the Company Group has experienced any breach of security or unauthorized or unlawful access, use, modification, theft, processing, disclosure, accidental loss, destruction, or damage of the Company Group's Personal Information or any of Confidential Information in such third party's possession, custody, or control, except as would not be material to the Company and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationtaken as a whole. (d) To Copies of the Company Group's current policies for compliance with Privacy and Security Laws have been made available to Parent, which may include (1) website privacy policy; (2) employee privacy policy; (3) privacy policy or privacy notice pertaining to health data and protected health information (as defined in 45 C.F.R. § 160.103); (4) data protection, information security, and IT policies and procedures; (5) incident response policies and procedures; and (6) any other policy or written procedures pertaining to the collection, storage, disclosure, transfer, or other processing of any Personal Information (collectively, the "Privacy and Security Policies"). The Company Group's Privacy and Security Policies are commercially reasonable in all material respects with Privacy and Security Laws. (e) Except as would not be material to the Company and its Subsidiaries taken as a whole, the (i) collection, storage, processing, transfer, sharing, and destruction of Personal Information in connection with the transactions contemplated by this Agreement and (ii) execution, delivery, and performance of this Agreement and the other agreements and instruments contemplated hereby and the consummation of the transactions contemplated hereby and thereby complies in all material respects with the Company’s knowledge's and its Subsidiaries' applicable Privacy and Security Policies and applicable Privacy and Security Laws. (f) Except as set forth in Schedule 4.23 of the Company Disclosure Schedules, the Company and its Subsidiaries take all commercially reasonable steps have not filed a claim for coverage relating to protect the operationany data security and privacy matter under an insurance policy issued to, confidentialityor on behalf of, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.