Common use of Privacy and Security Clause in Contracts

Privacy and Security. (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each The Company and certain of its Subsidiaries are “covered entities” or “business associates” as such terms are defined under HIPAA, its implementing regulations, and the HITECH Act. The Company and its Subsidiaries complies (and requires and monitors the are in compliance of applicable third parties) in all material respects and heretofore have complied with all laws pertaining to the applicable Laws relating to privacy or data HIPAA privacy, security, and reputable industry practice, transaction standards, self-governing rules breach notification standards and policies any other related regulations, guidance, provisions and their own publishedrequirements and any comparable state Legal Requirements. Neither the Company nor any of its Subsidiaries has received any written (or, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all to the Knowledge of the foregoing collectivelyCompany, “Privacy Laws”oral) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and communication from any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by Governmental Authority that alleges that the Company or any of its Subsidiaries is not in compliance with the applicable privacy, security, transaction standards, breach notification and other provisions and requirements of HIPAA or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the comparable state Legal Requirements. In instances where Company or any of its Subsidiaries is a business associate, the Company or any such Subsidiary have the requisite privacy and security policies, procedures and systems to comply with the terms of their respective its business partnersassociate agreements. (b) Neither the Company nor any of its Subsidiaries useshas received any written (or, collectsto the Knowledge of the Company, oral) material complaints, or receives notices of inquiry or investigation, from any Personal Information Person, patient, client or sensitive non-personally identifiable information and does not become aware customer regarding its or any of the identity its agents, employees or location contractors’ uses or disclosures of, or identify security practices regarding, Protected Health Information (“PHI”), individually identifiable health information or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach other medical or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholepersonal information. (c) To The Company and its Subsidiaries have policies, procedures and systems in place to ensure the Company’s knowledgeprivacy and security of all business, Persons proprietary, individually identifiable, personal, medical and any other private information, in compliance with which Legal Requirements. In addition, the Company and its Subsidiaries have adequate policies, procedures and systems in place to prevent improper use or disclosure of, or access to, all business, proprietary, individually identifiable, personal, medical and any other private information. No breach has occurred with respect to any unsecured PHI maintained by or for the Company or any of its Subsidiaries have contractual relationships have not breached any agreements that is subject to the notification requirements, under HIPAA, the HITECH Act, or any Privacy Laws pertaining to Personal Information related regulations and to non-personally identifiable informationno information security or privacy breach event has occurred that would require notification under any comparable Legal Requirements. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third partiestaken as a whole) comply in all material respects with all applicable Privacy Laws relating to privacy or data securityand, where applicable, the Company’s and reputable industry practice, standards, self-governing rules and policies and their each of its Subsidiaries’ own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information to the privacy and security of Personal Information (including namesuch Personal Information of visitors who use the Company’s or its Subsidiaries’ respective Websites, addresssuppliers, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information clients and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”distributors), whether any of the same is accessed or used by the Company or any of its Subsidiaries. The Company and its Subsidiaries or any have taken commercially reasonable steps to require the material compliance of their respective business partners; and (ii) nonthird-personally identifiable information, whether any parties that process Personal Information on behalf of same is accessed or used by the Company or any of a Subsidiary (solely with respect to such processing) with applicable Privacy Laws. The Company and its Subsidiaries or any of post all policies with respect to the foregoing matters on their respective business partnersWebsites in conformance with and as required by Privacy Laws. (b) Neither To the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware knowledge of the identity or location ofCompany, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws the advertisers and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, other Persons with which the Company or any of its Subsidiaries have contractual relationships with respect to the processing of Personal Information on behalf of the Company have not breached any agreements or any Privacy Laws Contracts pertaining to Personal Information and to non-personally identifiable informationprocessed on behalf of the Company or any Privacy Laws. (dc) To The Company or one of its Subsidiaries, owns or has sufficient rights to access and use all Company IT Systems. The Company and its Subsidiaries have taken commercially reasonable steps designed to secure the Company’s knowledgeCompany IT Systems from unauthorized access or use by any Person, and designed to ensure the continued, uninterrupted and error-free operation of the Company IT Systems. The Company and its Subsidiaries take all commercially reasonable steps designed to protect the operation, confidentiality, integrity and security of their respective business systems and websites the Company IT Systems, and all information and transactions Personal Information stored or contained therein or transmitted thereby thereby, against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of samesame that have not been remedied in all material respects. Without limiting To the generality of the foregoingextent required by applicable Privacy Laws, each of the Company and its Subsidiaries (i) uses industry standard encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that is designed to (1A) identifies identify internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective implement safeguards designed to control those risks. (d) The Company IT Systems are adequate in all material respects for the operation of the business of the Company and its Subsidiaries as currently operated, and, to the knowledge of the Company, are free of all viruses, worms, trojan horses and other known malicious code. To the knowledge of the Company, in the last three (3) years, there has not been any material malfunction or vulnerability with respect to any of the Company IT Systems that has not been remedied or replaced in all material respects. (e) To the extent required by applicable Privacy Laws, the Company and its Subsidiaries have taken commercially reasonable steps to train employees that have access to Personal Information on all applicable aspects of applicable Privacy Laws. No circumstance has arisen in which applicable Privacy Laws would require the Company or one of its Subsidiaries to notify a Person or Governmental Authority of a data security breach or security incident. (f) To the extent applicable, each of the Company and its Subsidiaries is in compliance in all material respects with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS” XE " QUOTE 0X201C “PCI DSS QUOTE 0X201D ”" \t “‎Section 3.21(f)" ) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time). To the knowledge of the Company, the Company has not experienced within the past three (3) years a material security breach involving any such cardholder data. Neither the Company nor any of its Subsidiaries has received written notice by any Person alleging a violation of the PCI DSS requirements by the Company or any of its Subsidiaries, except as would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information information, personal information, or personal data as defined in applicable Privacy Laws (including but not limited to name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Websites, suppliers, clients, employees, contractors, and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s Websites, suppliers, clients, employees, contractors, and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) Neither The Company post all policies with respect to the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, matters set forth in a manner which would materially breach or violate any Section 3.31(a) on their respective Websites in conformance with Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeLaws. (c) (i) To the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to Software downloads that resulted in the installation of the Company’s tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take takes all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks. (e) The Company and its businesses, products and services, is in compliance with and has at all times complied with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all (if any) such cardholder data that has come into its possession. The Company has not received notice that it is in non-compliance with any PCI DSS standards. The Company has never experienced a security breach involving any such cardholder data. No claims have been asserted or are threatened against the Company by any Person alleging a violation of any of the foregoing and there have been no known incidents of breach of any of the foregoing by the Company. For purposes of this Section 3.31, “Software” shall mean any and all computer programs, software (in object and source code), firmware, middleware, applications, API’s, web widgets, code and related algorithms, models and methodologies, files, documentation and all other tangible embodiments thereof.

Privacy and Security. (a) Each The Company and each Subsidiary have, at all times, complied with applicable privacy and data security Laws and regulations, including all privacy and security rules of the Company Health Insurance Portability and its Subsidiaries complies Accountability Act of 1996, as amended (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) and their respective internal privacy policies, except where any such noncompliance would not be material to the Company and its Subsidiaries taken as a whole. The Company and each Subsidiary have been and are in material compliance with respect to: (i) all of the terms of all Contracts to which the Company or any Subsidiary is a party relating to the use, collection, storage, disclosure and transfer of any personally identifiable information (including namecollected, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used obtained by the Company or any Subsidiary or by third parties having authorized access to the records of the Company or any Subsidiary, except where any such noncompliance would not be material to the Company and its Subsidiaries taken as a whole. Each of the Websites owned or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used operated by the Company or any Subsidiary has in the past three years maintained a publicly posted privacy policy that describes the Company’s practices with respect to the collection, use and disclosure of its Subsidiaries or any of their respective business partners. (b) personally identifiable information collected by such Websites, the disclosures in which privacy policy are accurate and not misleading. Neither the Company nor any Subsidiary has in the past three years received a written complaint regarding actual, alleged or suspected violation of any Privacy Law by the Company, any of its Subsidiaries usesSubsidiaries, collectsany of their customers or any users of any Company Product. To the Knowledge of the Company, or receives the use, collection, storage, disclosure and transfer of any Personal Information or sensitive non-personally identifiable information and does not become aware collected, accessed or obtained by third parties having authorized access to the records of the identity Company or location ofany Subsidiary has, or identify or locateat all times, complied with such privacy policies and Privacy Laws, except where any particular Person as a result of any receipt of such Personal Information, in a manner which noncompliance would materially breach or violate any Privacy Laws and materially and adversely impact the business of not be material to the Company and its Subsidiaries, Subsidiaries taken as a whole. (cb) To The Company and each Subsidiary exercises ordinary and reasonable care with respect to the security of any personally identifiable information in the Company’s knowledgeor such Subsidiary’s possession, Persons with which the Company custody or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the control. The Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries Subsidiary (i) uses industry standard encryption technology implements and (ii) has implemented a comprehensive security plan that (1) identifies monitors administrative, electronic and physical safeguards to control the internal and external risks to the security of any personally identifiable information in the possession of the Company or any of its Subsidiaries; and (ii) maintains notification procedures in material compliance with Privacy Laws in the case of any breach of security compromising data containing personally identifiable information. To the Knowledge of the Company during the prior three years, neither the Company nor any Subsidiary has experienced any material breach of security or other unauthorized access by third parties to any personally identifiable information in the Company’s or its Subsidiaries’ confidential information any Subsidiary’s possession, custody or control. (c) For purposes of this Agreement, “Websites” means all Internet websites, including content, text, graphics, images, audio, video, data, databases, Software and Personal Information related items included on or used in the operation of and (2) implementsmaintenance thereof, monitors and improves adequate all documentation, ASP, HTML, DHTML, SHTML, and effective safeguards XML files, cgi and other scripts, subscriber data, archives, and server and traffic logs and all other tangible embodiments related to control those risksany of the foregoing.

Privacy and Security. (a) Each of the Company and its Subsidiaries complies Group Companies is in compliance with (and requires and monitors supervises the compliance of applicable relevant third partiesparties with) in all material respects with all applicable Laws relating to privacy or data securitysecurity (including the Civil Code of the People's Republic of China, Personal Information Protection Law of the People's Republic of China, Data Security Law of the People's Republic of China, Law of the People's Republic of China on the Protection of Consumer Rights and Interests), and reputable industry practicepractices, standards, self-governing autonomous rules and policies and their own respective published, posted distributed and internal agreements and policies (which are in conformance consistent with reputable industry practicepractices) (all of the foregoing collectively, “above are collectively referred to as "Privacy Laws”) with Laws")with respect to: (i) sensitive personal information such as personally identifiable information (including namenames, addressaddresses, telephone numbernumbers, electronic mail addressemail addresses, social security numbernumbers, bank account number or credit card numbernumbers), sensitive personal information medical health information, and any special categories category of personal information regulated thereunder or covered thereby (“"Personal Information”)") (including the personal information of visitors to the Target Company or its Subsidiaries' respective websites, suppliers, customers and distributors) regardless of whether any of same such information is accessed or used by the Target Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including the personal information of visitors to the Target Company or its Subsidiaries' respective websites, suppliers, customers and distributors) regardless of whether any of same such non-personally identifiable information is accessed or used by the Target Company or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the purchase or placement of advertisements from reputable persons and websites; (v) internet searches relating to or using specific words or terms; (vi) the sending of solicited or unsolicited email messages; and (vii) general privacy. (b) Neither The Group Companies have published on their respective websites all policies relating to the Company nor any matters listed in Section 3.21 (a) in order to comply with the Privacy Laws. None of its Subsidiaries usesthe Group Companies is using, collects, collecting or receives receiving any Personal Information or sensitive non-personally identifiable information and does not become aware of information, or knows the identity or location of, or identify or locate, of any particular specific Person as a result of any receipt of receiving such Personal Information, in a manner which would materially breach or violate identifies or locates any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholespecific Person. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each The Company and its Subsidiaries, and each of their respective officers, employees, and, to the Knowledge of the Company, any processors when acting on their behalf, are in compliance in all material respects with, and for the past three (3) years have been in compliance in all material respects with, all Data Security Requirements. The Company and its Subsidiaries have established and maintain appropriate technical, physical and organizational measures and security systems and technologies in compliance with all Data Security Requirements in all material respects. In the past three (3) years all Personal Information has been collected, processed, transferred, disclosed, shared, stored, protected and used by the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects accordance with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersData Security Requirements. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person Except as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business disclosed on Section 4.26(b) of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledgeDisclosure Letter, the Company and its Subsidiaries take have in place policies and procedures for the proper collection, processing, transfer, disclosure, sharing, storing, security and use of Personal Information that comply with all commercially reasonable steps applicable Data Security Requirements in all material respects. The Company and its Subsidiaries have established and maintain appropriate technical, physical and organizational measures and security systems and technologies designed to protect ensure the operation, confidentiality, integrity and security of their respective business systems and websites Personal Information and all information Company and transactions stored Subsidiary data and to prevent any destruction, loss, alteration, corruption or contained therein misuse of or transmitted thereby against any unauthorized disclosure or improper use, access, transmittal, interruption, modification or corruption, and access thereto in compliance with all Data Security Requirements in all material respects. (c) In the past three (3) years there have has been no material breaches incident, including any breach of same. Without limiting security involving the generality disclosure of or access to Personal Information owned, stored, used, maintained or controlled by or on behalf of the Company or its Subsidiaries or (ii) unauthorized access to or disclosure of the Company’s confidential information (“Security Incident”) and the Company is not aware of any facts suggesting the likelihood of the foregoing. No circumstance has arisen in which Data Security Requirements would require the Company or its Subsidiaries to notify a person or Governmental Authority of a Security Incident. (d) In the past three (3) years, each of the Company and its Subsidiaries have not been and are not currently: (i) uses industry standard encryption technology to the Knowledge of the Company, under audit or investigation by any authority, including regarding collection, processing, transfer, disclosure, sharing, storing, protection and use of Personal Information, or (ii) has implemented a comprehensive security plan subject to any notices, claims, demands, audits, or Actions initiated against the Company or its Subsidiaries by any third party, including any Governmental Authority, alleging that (1) identifies internal the Company or its Subsidiaries have collected, processed, transferred, disclosed, shared, stored, or used Personal Information in violation of any Data Security Requirements, and external risks to the security Knowledge of the Company’s , no specific facts or its Subsidiaries’ confidential information and Personal Information and circumstances exist that might give rise to such a claim. (2e) implements, monitors and improves adequate and effective safeguards to control those risksThe performance of this Agreement will not violate any Data Security Requirement.

Privacy and Security. (a) Each Except as would not reasonably be expected to be material to the business of the Company or the Subsidiaries, taken as a whole, (i) the Company’s and the Subsidiaries’ receipt, access, acquisition, collection, compilation, use, storage, alteration, combination processing, safeguarding, security, disposal, deletion, destruction, disclosure, sale, rental, transfer, transmission, dissemination, or otherwise making available, in each case whether or not by automated means (collectively, “Handling”), of Personal Data has been and is in compliance with all Privacy Obligations applicable to such Personal Data, (ii) the Company and the Subsidiaries maintain policies and procedures (copies of which have been made available to Parent) regarding the protection of Personal Data and reasonable and appropriate administrative, technical and physical safeguards, including implementing reasonable disaster recovery and security plans and procedures so that the Company and its Subsidiaries complies (are and requires and monitors the remain in compliance of applicable third parties) in all material respects with all Privacy Obligations applicable Laws relating to privacy them. (iii) each such policy and procedure and all materials distributed or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used marketed by the Company or any of its Subsidiaries have at all times made all disclosures to users or any of their respective business partners; customers required by its Privacy Obligations, and (iiiv) non-personally identifiable informationnone of such disclosures has been inaccurate, whether misleading or deceptive or in violation of any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersPrivacy Obligation. (b) Neither To the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware Knowledge of the identity or location Company, there has been no unauthorized acquisition of, access to, loss of or identify misuse (by any means) of Personal Data or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries’ Information Technology (and similar or related infrastructure including all associated data contained therein, taken as cloud (including public cloud), as-a-service product or service) (each a whole“Security Breach”). The Company and its Subsidiaries have not been notified in writing by any Person of, or been required by any Privacy Obligation to notify in writing any Person of, any Security Breach. The Company and its Subsidiaries have not received any notice of any material Security Breach or any claims, investigations (including investigations by a Governmental Body) or alleged material violations of Privacy Obligations with respect to Personal Data handled by any of them. No internal or independent third party audit reports have identified material security vulnerabilities in the Company and its Subsidiaries’ Information Technology (and similar or related infrastructure including all associated data contained therein, cloud (including public cloud), as-a-service product or service) or material violations of any Privacy Obligation, or documented any material compliance gaps. (c) To The Company and its Subsidiaries have obtained all requisite consents of Governmental Bodies or other authorizations of Governmental Bodies and all requisite consents from each Person that is the Company’s knowledgesubject of the Personal Data (including, Persons in each case, any required notices to such Persons) to the extent required under all Privacy Obligations. The execution, delivery and performance of this Agreement, including the transfer of data or databases or the change of data controller and data processor related thereto, complies with all Privacy Obligations. None of the Company or its Subsidiaries are subject to any contractual requirements or other legal obligations that, following the Closing, would prohibit Parent or the Surviving Corporation from receiving or using Personal Data in the manner in which the Company or any of and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining received and used such Personal Data prior to Personal Information and to non-personally identifiable informationthe Closing. (d) To the Knowledge of the Company’s knowledge, there have been no complaints, claims or warnings made or concerns raised by any Person in respect of any Personal Data, and no enforcement notice has been served on the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of Except as would not reasonably be expected to be material to the Company and its Subsidiaries complies Business, taken as a whole, with respect to the Business, (and requires and monitors i) the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data Seller Entities’ receipt, access, acquisition, collection, compilation, use, storage, alteration, combination processing, safeguarding, security, and reputable industry practicedisposal, standardsdeletion, self-governing rules and policies and their own publisheddestruction, posted and internal agreements and policies disclosure, sale, rental, transfer, transmission, dissemination, or otherwise making available, in each case whether or not by automated means (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Handling”), of Personal Data has been and is in compliance with all Privacy Laws”) with respect to: Obligations related to the Business applicable to such Personal Data, and (i) personally identifiable information the Seller Entities maintain policies and procedures (copies of which have been made available to Purchaser) regarding the protection of Personal Data and reasonable and appropriate administrative, technical and physical safeguards, including name, address, telephone number, electronic mail address, social implementing reasonable disaster recovery and security number, bank account number or credit card number), sensitive personal information plans and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by procedures so that the Company or any of its Subsidiaries or any of their respective business partners; Seller Entities are and (ii) non-personally identifiable information, whether any of same is accessed or used by remain in compliance with all Privacy Obligations related to the Company or any of its Subsidiaries or any of their respective business partnersBusiness applicable to them. (b) Neither Except as would not reasonably be expected to be material to the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its SubsidiariesBusiness, taken as a whole, and solely as it relates to the Business, (i) each such policy and procedure and all materials distributed or marketed by Seller or its Subsidiaries have at all times made all disclosures to users or customers required by its Privacy Obligations related to the Business, and none of such disclosures has been inaccurate, misleading or deceptive or in violation of any Privacy Obligation, (ii) to the Knowledge of Seller, there has been no unauthorized acquisition of, access to, loss of or misuse (by any means) of Personal Data or any of the Seller Entities’ Information Technology (and similar or related infrastructure including all associated data contained therein, cloud (including public cloud), as-a-service product or service) (each a “Security Breach”), (iii) the Seller Entities have not been notified in writing by any Person of, or been required by any Privacy Obligation to notify in writing any Person of, any Security Breach, (iv) the Seller Entities have not received any notice of any Security Breach or any claims, investigations (including investigations by a Governmental Entity) or alleged violations of Privacy Obligations related to the Business with respect to Personal Data handled by any of them, (v) no internal or independent third party audit reports have identified security vulnerabilities in the Seller Entities’ Information Technology (and similar or related infrastructure including all associated data contained therein, cloud (including public cloud), as-a-service product or service) or violations of any Privacy Obligation, or documented any compliance gaps and (vi) the Seller Entities have obtained all requisite consents of Governmental Entities or other authorizations of Governmental Entities and all requisite consents from each Person subject of the Personal Data (including in each case any required notices to such Persons) to the extent required under all Privacy Obligations related to the Business. (c) To Except as would not reasonably be expected to be material to the Company’s knowledgeBusiness, Persons taken as a whole, (i) the execution, delivery and performance of this Agreement, including the transfer of data or databases or the change of data controller and data processor related thereto, complies with all Privacy Obligations related to the Business, (ii) none of the Seller Entities are subject to any contractual requirements or other legal obligations that, following the Closing, would prohibit Purchaser from receiving or using Personal Data in the manner in which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining Seller Entities received and used such Personal Data prior to Personal Information and to non-personally identifiable information. the Closing, (diii) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches complaints, claims or warnings made or concerns raised by any Person in respect of same. Without limiting any Personal Data, and no enforcement notice has been served on the generality of Seller Entities, in each case with respect to the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology Business and (iiiv) each employee of a Seller Entity who has implemented accessed Personal Data has received training with respect to compliance in a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksmanner consistent with this Section 3.20.

Privacy and Security. (a) Each Since January 1, 2021, in respect of the Company Product Operations, Sellers and its their Subsidiaries complies (have complied and requires and monitors the are in compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy of all Governmental Entities, or any self-regulating organization, regarding privacy, security or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies protection (which are in conformance with reputable industry practice) (all of the foregoing collectively, the “Privacy Laws”). Sellers and their Subsidiaries have maintained, enforced and complied with in all material respects with all written privacy, security and data protection policies (collectively, the “Privacy Policies”) with respect to any confidential information used in the Product Operations. Neither this Agreement nor any Transaction Documents will violate the terms and conditions of any Privacy Policies, any applicable Privacy Laws or the privacy rights of any Person. (b) Each Seller, each of its Subsidiaries and each of its Affiliates has not, in respect of the Product Operations, received any oral or written notice of investigation for potential breach of any Privacy Laws with respect to: (i) personally identifiable information (including but not limited to name, address, telephone number, electronic mail email address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of users of Sellers’, their Subsidiaries or their Affiliates’ Internet, web, digital and mobile sites, and mobile applications, suppliers and distributors), whether any of same is accessed or used by the Company or any of its Sellers, their Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationspyware and adware; (iii) the sending of solicited or unsolicited electronic mail messages; and (iv) confidential or classified information or information whose use, whether possession or disclosure is regulated or restricted by any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeGovernmental Entity. (c) To the Company’s knowledgeSellers, Persons with which the Company or any of its their Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries their Affiliates take all commercially reasonable steps consistent with generally accepted industry standards to protect the operation, confidentiality, integrity and security of their respective business the Software, systems and websites Internet, web, digital and mobile sites of the Product Operations, and mobile applications and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and, within the twenty-four (24)-month period ending on the date hereof, and there have been no material breaches of same. Without limiting same that would require by applicable Law notification or remedial action. (d) Sellers, their Subsidiaries and their Affiliates have the generality right to transfer to Buyer all Personal Information included in the Purchased Assets owned or held by them pursuant to the terms of this Agreement and such transfer shall not violate any applicable Privacy Laws or other applicable Laws; provided that Buyer adheres to the terms of the foregoing, each privacy statement and all applicable Privacy Laws and other Laws following the Closing. Buyer’s use of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and such Personal Information and (2) implements, monitors and improves adequate and effective safeguards in the manner it was used by Seller prior to control those risksClosing will comply in all material respects with applicable Privacy Laws or other applicable Laws.

Privacy and Security. (a) Each The Seller and each of the Company and its Subsidiaries Affiliates complies (and requires and monitors the compliance of applicable third parties) in all material respects with with, and has not received any oral or written notice of investigation for potential breach of, all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their its own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including but not limited to name, address, telephone number, electronic mail email address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of users of Seller’s or its Affiliates’ Websites, suppliers and distributors), whether any of same is accessed or used by the Company Seller or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationspyware and adware; (iii) the sending of solicited or unsolicited electronic mail messages; and (iv) confidential or classified information or information whose use, whether possession or disclosure is regulated or restricted by any of same is accessed or used by Governmental Entity. The Seller and its Affiliates post all policies with respect to Personal Information on its Websites in conformance with applicable Laws. Except as disclosed in the Company or any of Seller’s posted privacy statement (the “Privacy Statement”), neither the Seller nor its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries Affiliates uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locateidentify, any particular Person as a result of any receipt of such Personal Information, . (b) The Business does not engage in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholebehavioral advertising. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company The Seller and its Subsidiaries Affiliates take all commercially reasonable steps consistent with generally accepted industry standards to protect the operation, confidentiality, integrity and security of their respective business software, systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and and, within the 24-month period ending on the date hereof, there have been no material breaches of samesame that would require by applicable Law notification or remedial action. Without limiting the generality of the foregoing, each of the Company Seller and its Subsidiaries Affiliates (i) uses industry standard use encryption technology of at least 128-bit and (ii) has implemented a comprehensive consistently implement security plan that upgrades, infrastructure and processes to (1A) identifies identify internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implementsimplement, monitors monitor and improves improve adequate and effective safeguards to control those risks. (d) The Seller and its Affiliates have the right to transfer to the Buyer all Personal Information owned or held by them pursuant to the terms of this Agreement and such transfer shall not violate any applicable Privacy Laws or other applicable Laws provided that the Buyer adheres to the terms of the Privacy Statement and all applicable Privacy Laws and other Laws following the Closing. The Buyer’s use of such Personal Information in the manner it was used by the Seller prior to Closing will comply in all material respects with applicable Privacy Laws or other applicable Laws.

Privacy and Security. (a) Each of Except as would not reasonably be expected to be material to the Company SGK Business, the SGK Entities are, and its Subsidiaries complies since the Lookback Date have been, in compliance with all applicable Privacy Obligations. (b) Except as would not reasonably be expected to be material to the SGK Business, (i) to the extent required by any Privacy Laws, the SGK Entities post, and requires since the Lookback Date have posted, all Privacy Policies required by Privacy Laws on their respective websites and monitors the compliance of applicable third parties) such Privacy Policies comply in all material respects with all applicable Privacy Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all none of the foregoing collectively, “disclosures made or contained in any Privacy Laws”) with respect to: (i) personally identifiable information Policy have been misleading or deceptive (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card numberby omission), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any the SGK Entities’ Processing of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information complies with, and has not, since the Lookback Date, violated any Privacy Laws. To Knowledge of ▇▇▇▇▇▇▇▇, since the Lookback Date, no SGK Entity has received any written notice from any Governmental Entity or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, third Person that it is under investigation for any particular Person as a result material violation of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeLaw. (c) To Except as would not reasonably be expected to be material to the Company’s knowledgeSGK Business, Persons with which since January 1, 2019, there has been no Security Breach, or unauthorized access to, loss, use or disclosure of any Personal Information, owned, used, stored, received or controlled by or on behalf of the Company SGK Business. The SGK Business has not since January 1, 2019: (i) received any written notice of any claims, investigations (including investigations by a Governmental Entity), or alleged violations of Laws or other Privacy Obligations; (ii) received any written complaints, correspondence or other communications from or on behalf of an individual or any of its Subsidiaries have contractual relationships have not breached any agreements or other Person claiming a right to compensation under any Privacy Laws pertaining Obligations, or alleging any breach of any Privacy Obligations; or (iii) been subject to any data protection enforcement action (including any fine or other sanction) from any Governmental Entity with respect to Personal Information and to non-personally identifiable informationunder the custody or control of the SGK Business. (d) To Except as would not reasonably be expected to be material to the Company’s knowledgeSGK Business, to the extent required by Privacy Laws and the SGK Material Contracts, the Company SGK Business has since the Lookback Date required and its Subsidiaries take requires, in all commercially material respects, all third Persons to which it provided or provides access to Personal Information to (i) comply with applicable Privacy Laws, (ii) maintain the privacy and security of such information, including by contractually obliging such third Persons to protect such information from unauthorized access by, or disclosure to, any unauthorized third Persons, and (iii) incorporating all obligations required to be incorporated into such contracts by applicable Privacy Obligations. (e) The SGK Business has since the Lookback Date implemented, maintained and complied with a privacy compliance program that is comprised of appropriate internal processes, policies, personnel, and controls designed to comply with applicable Privacy Obligations. (f) The SGK Business has since the Lookback Date implemented and maintained a written information security program that is comprised of reasonable steps and appropriate organizational, physical, administrative, and technical safeguards designed to protect the operationsecurity, confidentiality, integrity and security availability of their respective business systems and websites and the IT Systems, including all information and transactions stored or contained therein or transmitted thereby Sensitive Data Processed thereby, against any loss, theft, unauthorized or improper useunlawful Processing, accessor other misuse. The SGK Business has implemented and maintains reasonable backup and disaster recovery technology and software and hardware support arrangements for the SGK IT Systems consistent with industry practices. (g) The SGK Business maintains insurance coverage containing industry standard policy terms and limits that are reasonable, transmittalappropriate and sufficient to respond to the risk of liability stemming from or relating to any Security Breaches that may impact the SGK Business’ operations or the SGK Business’ IT Systems or from or relating to any violation of applicable Privacy Obligations, interruptionand, modification or corruptionsince January 1, and there 2019, no claims have been no made under such insurance policy(ies). (h) Except as would not reasonably be expected to be material breaches of same. Without limiting to the generality of the foregoingSGK Business, each of the Company and its Subsidiaries (i) uses industry standard encryption technology the SGK Business is not subject to any Privacy Obligations that, following the Closing, would prohibit, in any material respect, the Company from receiving and using any Personal Information in the same manner in which that Personal Information was used immediately prior to the Closing, and (ii) has implemented the SGK Business is not the owner or host of any database that is subject to a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s registration or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksnotification requirement with any Governmental Entity under Privacy Laws.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data securityLaws, and reputable industry practice, standards, self-governing rules and policies and their its own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: to (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and , (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners, (iii) spyware and adware, (iv) the procurement or placement of advertising from or with reputable Persons and websites, (v) the use of internet searches associated with or using particular words or terms, (vi) the sending of solicited or unsolicited electronic mail messages and (vii) privacy generally. The Company posts all policies with respect to the matters set forth in this Section 3.21(a) on its websites in conformance with Privacy Laws. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (ci) To the knowledge of the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not materially breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable software that launches without a user’s express activation and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to software downloads that resulted in the installation of any of the Company’s tracking technologies. (dc) To Except as set forth on Section 3.21(c) of the Company’s knowledgeDisclosure Schedules, the Company and its Subsidiaries take all commercially takes reasonable steps to protect the operation, confidentiality, integrity and security of their respective business its software, systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies comply (and requires require and monitors monitor the compliance of applicable third parties) in all material respects (i) with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security(including the Children’s Online Privacy Protection Act and California Civil Code section 1798.81.5), and reputable industry practice, standards, self-governing rules and policies and (ii) their own respective published, posted and internal agreements and policies (which are in material conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (iA) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s or any of its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersSubsidiaries; and (iiB) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s or its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries Subsidiaries’; (C) spyware and adware; (D) the procurement or any placement of their respective business partnersadvertising from or with reputable third parties and Websites; (E) the use of Internet searches associated with or using particular words or terms; and (F) the sending of solicited or unsolicited electronic mail messages. (b) Neither the The Company nor any of and its Subsidiaries usespost all policies with respect to the matters set forth in Section 3.20(a) on its Websites in material conformance with Privacy Laws. The Company and its Subsidiaries do not use, collects, collect or receives receive any Personal Information or sensitive non-personally identifiable information and does do not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any each case other than in material conformance with the Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeLaws. (c) (i) To the knowledge of the Company’s knowledge, the advertisers and other Persons with which the Company or any of and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company and its Subsidiaries do not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company and its Subsidiaries have not received (and do not have knowledge of) a material volume of consumer complaints relative to Software downloads that resulted in the installation of any of the Company’s or its Subsidiaries’ tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting . (e) To the generality knowledge of the foregoingCompany, each no claims have been asserted or threatened in writing against the Company or any of its Subsidiaries alleging a violation of any Person’s data rights, privacy or Personal Information. To the Company’s knowledge, the consummation of the transactions contemplated hereby will not breach or otherwise cause any violation of any Privacy Law related to data protection, privacy or the collection and use of Personal Information by or on behalf of the Company and or any of its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to in the security conduct of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksbusiness.

Privacy and Security. (a) Each At all times, the Company has taken commercially reasonable steps (in light of the Company and Business) to ensure that all Personal Data in its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy possession or data securitycontrol is protected against damage, loss, and reputable industry practiceagainst unauthorized access, standardsacquisition, self-governing rules and policies and their own publisheduse, posted and internal agreements and policies (which are modification, disclosure or other misuse. To the Seller's Knowledge, there has been no unauthorized access, use, or disclosure of Personal Data in conformance with reputable industry practice) (all the possession or control of the foregoing collectivelyCompany, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries the contractors of the Company, with regard to any Personal Data obtained from or any on behalf of their respective business partners; and the Company. In the past five (ii5) non-personally identifiable informationyears, whether any of same is accessed or used by the Company has not experienced any Security Incidents related to the privacy or any security of its Subsidiaries or any of their respective business partnersPersonal Data. (b) Neither To the Seller's Knowledge, the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt takes all commercially reasonable steps (in light of such Person’s business) to ensure that all Personal InformationData in possession or control of third parties, in a manner which would materially breach including vendors, Affiliates, and other Persons providing services to such Person that have access to or violate any Privacy Laws receive Personal Data from or on behalf of such Person, is protected against damage, loss, and materially and adversely impact the business of the Company and its Subsidiariesagainst unauthorized access, taken as a wholeacquisition, use, modification, disclosure or other misuse. (c) To the Company’s knowledgeThe Company has made backups of all computer software and databases utilized by it and maintain such software and databases at a secure, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to nonoff-personally identifiable informationsite location. (d) To the Company’s knowledgeSeller's Knowledge, the Company and its Subsidiaries take is in compliance, in all commercially reasonable steps to protect the operationmaterial respects, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries with (i) uses industry standard encryption technology all applicable Data Privacy and Security Laws, and (ii) the privacy, security and breach notification requirements and standards of other Persons with which the Company has implemented a comprehensive security plan that explicitly and contractually agreed to comply (1collectively, the “Privacy Policies”). (e) identifies internal and external risks (i) to the security Seller's Knowledge, the Company has at all times been in material compliance with all applicable Legal Requirements relating to privacy, security, data protection and the access, collection, disclosure, maintenance, transmission and use of personally identifiable information, and (ii) no claims, actions, suits, investigations, inquiries or proceedings have been asserted, to the Knowledge of the Company, threatened, by any Person or in writing, or commenced against the Company related to Data Privacy and Security Law or the Privacy Policies or alleging a violation of any Person’s privacy rights outside of the ordinary course of business. (f) In any instance where the Company has attempted to, or its Subsidiaries’ has represented that it would or contracted to, remove, destroy, or otherwise render unrecoverable any data (including Personal Data and/or confidential information and Personal Information and (2) implementsof any party), monitors and improves adequate to the Seller's Knowledge, the Company has utilized appropriate and effective safeguards to control those risks.processes that meet or exceed NIST 800-88 Rev. 1, and has successfully destroyed or otherwise rendered unrecoverable any and all such Personal Data and confidential information on any device destroyed or sanitized

Privacy and Security. (a) Each of The Companies and their respective Subsidiaries comply, and during the Company and its Subsidiaries complies past five (and requires and monitors the compliance of applicable third parties5) years have complied, in all material respects respects, with (i) all applicable Laws relating to Privacy and Security Requirements governing the receipt and Processing of Personal Information and Customer Data and the provision of their respective products and services and (ii) all of their respective policies regarding privacy or and data security, including all Business Privacy Policies (as defined in Section 3.20(b) below) and reputable industry practicesimilar disclosures published on their respective websites or otherwise communicated to third parties. The Companies and their respective Subsidiaries have implemented and have at all times during the past five (5) years maintained commercially reasonable measures that provide assurance that the Companies and their respective Subsidiaries comply with Privacy and Security Requirements and that the Companies and their respective Subsidiaries will not acquire, standardsfail to secure, selfor Process such Personal Information or Customer Data in a manner that (1) violates Privacy and Security Requirements, (2) is inconsistent with any notice to or consent from the provider of Personal Information or Customer Data, (3) violates any policy adopted by the Companies and their respective Subsidiaries, (4) breaches any commitment in any Contract made by the Companies and their respective Subsidiaries that is applicable to such Personal Information or Customer Data, or (5) violates any Business Privacy Policies. (b) True and correct copies of all applicable current internal and customer or user-governing rules facing statements of the Companies’ and their respective Subsidiaries’ policies and their own publishedpractices, posted and internal agreements and policies regarding the Processing of Customer Data or Personal Information or otherwise pertaining to the privacy of any individual (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Business Privacy LawsPolicies”) have been provided to Buyer. The Companies and their respective Subsidiaries have at all times, posted Business Privacy Policies on their respective websites, mobile applications, or in a location as required under applicable Privacy and Security Requirements. The Companies and their respective Subsidiaries have complied with respect all Business Privacy Policies and requirements in any Contract related to Customer Data and Personal Information. No disclosures made or contained in any Business Privacy Policy have been inaccurate, misleading, or deceptive (in any case, including by omission), or in violation of any Privacy and Security Requirements. When used by a customer or user for their intended purpose, the products and services of the Companies and their respective Representatives will not cause the customer or user to violate any Privacy and Security Requirements. (c) None of the Companies or any of their respective Subsidiaries have received any, and, to the Seller’s knowledge, there is no complaint, audit, proceeding, investigation, or claim currently pending against, the Companies or their respective Subsidiaries by (i) any private party, or (ii) any Governmental Authority, relating to the Processing of Personal Information or Customer Data by the Companies or their respective Subsidiaries, or the Companies’ and their respective Subsidiaries’ data protection or information security practices. None of the Companies or any of their respective Subsidiaries has received, and the Companies and their respective Subsidiaries have no knowledge of any circumstance that has given rise to or would reasonably be expected to give rise to any notice, complaint, warrant, judicial order, regulatory opinion, inquiry or investigative demand regarding the Companies’ and their respective Subsidiaries’ Processing of Personal Information or Customer Data or the Companies’ and their respective Subsidiaries’ data protection or information security practices. None of the Companies or any of their respective Subsidiaries has received any notice, judicial order, regulatory opinion, or inquiry, and none of the Companies or any of their respective Subsidiaries has knowledge of any circumstance, (1) alleging or confirming non-compliance with any applicable Privacy and Security Requirements or Business Privacy Policies; (2) prohibiting or threatening to prohibit the transfer of Personal Information to any place; or (3) permitting or mandating any Governmental Authority to investigate, requisition information from, or enter the premises of the Companies and their respective Subsidiaries. None of the Companies or any of their respective Subsidiaries has acted or failed to act in a manner that would trigger a notification or reporting requirement to any Person or Governmental Authority under any applicable Privacy and Security Requirements related to the Processing of Personal Information. The Companies and their respective Subsidiaries do not sell, rent, or otherwise make available to third parties, other than service providers in the provision of services to Companies or their respective Subsidiaries, any Customer Data or Personal Information. (d) The Companies and their respective Subsidiaries have established and maintain written information security policies and programs that govern the collection and Processing of Sensitive Company Information and that are designed to protect the Companies’ and their respective Subsidiaries’ information technology systems (collectively, the “Security Policies”). The Companies and their respective Subsidiaries comply, and during the past five (5) years have complied, in all material respects, with such Security Policies. The Security Policies are designed to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information technology systems and Personal Information Sensitive Company Information; (ii) implement appropriate administrative, organizational, technical, electronic and (2) implements, monitors and improves adequate and effective physical safeguards to control those risksrisks and safeguard the security, confidentiality, integrity, and availability of the information technology systems and Sensitive Company Information; (iii) protect against unauthorized access to the information technology systems and Sensitive Company Information (including on the systems of third parties with access to Sensitive Company Information); (iv) maintain notification procedures in compliance with the Privacy and Security Requirements in the case of any breach of security that actually compromises or is reasonably suspected to compromise the information technology systems or Customer Data or Personal Information; and (v) comply with all applicable Privacy and Security Requirements. The Seller has made available to the Buyer true, complete and accurate copies of such Security Policies. The Company and its Subsidiaries have implemented and routinely tested commercially standard business continuity and disaster recovery plans relating to such the information technology systems and Sensitive Company Information. (e) The Company contractually obligates, and at all times during the past five (5) years has contractually obligated, third parties that Process Sensitive Company Information to comply with the Security Policies, the Companies’ and their respective Subsidiaries’ obligations under Privacy and Security Requirements, and the Companies’ and their respective Subsidiaries’ other obligations in any Contract, including any confidentiality obligations with respect to Sensitive Company Information. The Seller, the Companies and their respective Subsidiaries have no knowledge that any such third parties, in their provision of services to Company or the Subsidiaries, have breached or failed to comply with relevant contractual obligations, Security Policies, Business Privacy Policies, applicable Laws, or Privacy and Security Requirements. (f) The Companies and their respective Subsidiaries use, and during the past five (5) years have used, in all material respects, commercially reasonable methods and technology to secure Sensitive Company Information and the Companies’ and their respective Subsidiaries’ information technology systems from loss, theft, unauthorized Processing, or modification, and such methods and technology comply, in all material respects, with Privacy and Security Requirements, the Business Privacy Policies, and the Security Policies. Such methods and technology are designed to ensure the confidentiality, integrity, and availability of Sensitive Company Information and the Companies’ and their respective Subsidiaries’ information technology systems. The Companies and their respective Subsidiaries have not experienced any material Data Security Incident within the past five (5) years. The Companies and their respective Subsidiaries have made all notifications to Persons, Governmental Authorities, customers, individuals or other third parties required by Law to be made by any Company or any Subsidiary of any Company by any Privacy and Security Requirements or Contracts arising out of or relating to any Data Security Incident with respect to any Personal Information within their custody or control. (g) The Companies and their respective Subsidiaries have: (i) provided adequate notice and obtained any necessary consents required for the Processing, of Personal Information and Customer Data under Privacy and Security Requirements, the Security Policies and Business Privacy Policies, (ii) complied with any Contract, agreement, permit, license or other obligation regarding the collection, Processing, recording, organization, storage, adaption or alteration, retrieval, consultation, or combination of Personal Information and Customer Data; and (iii) abided by any applicable opt-outs related to Personal Information and Customer Data. (h) The Companies and their respective Subsidiaries hold all applicable permits and licenses, and have made all applicable governmental filings required under Privacy and Security Requirements to Process Personal Information. Where required by Privacy and Security Requirements, the Companies and their respective Subsidiaries have established and implemented a legal basis for the cross-border transfer of Personal Information and Customer Data. Neither the execution, delivery, or performance of this Agreement (or any of the ancillary agreements) nor the consummation of any of the Transactions, nor Company or Buyer’s possession of the Customer Data, Personal Information or any data or information in the information technology systems, will result in any material violation of any Business Privacy Policy or any Privacy and Security Requirements. The use of the Customer Data, Personal Information or any data or information in the information technology systems, by Buyer on the Closing Date (after giving effect to the transactions contemplated by this Agreement) does not result in any material violation of any Business Privacy Policy or any Privacy and Security Requirements so long as such use is materially consistent with Company’s current uses.

Privacy and Security. (a) Each The Seller has made available or delivered to the Purchaser true and correct copies of all material terms and conditions, terms of service, and privacy notices or similar policies that relate to the privacy, security, or Processing of Personal Information by the Seller in the Business and, to the Knowledge of the Company and its Subsidiaries complies (and requires and monitors the compliance Seller, none of applicable third parties) in all material respects with all applicable Laws relating to privacy those documents contain any representations or data securitystatements that are or were inaccurate, and reputable industry practicemisleading, standardsunfair, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersdeceptive when made. (b) Neither To the Company nor any Knowledge of its Subsidiaries usesthe Seller, collectsthe Seller, or receives any with respect to the Business and each Seller Product, has always been and is currently in compliance with all applicable Privacy Laws and the Seller’s Personal Information or sensitive Obligations in all material respects, including, without limitation, as may relate to the privacy, security, and Processing of Personal Information relating to clinical trial participants, patients, and end users of the Seller Products. The Seller has not received any written notice from any Person (including any Government Entity) with respect to any non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate compliance with any Privacy Laws and materially and adversely impact or the business of Seller’s Personal Information Obligations, in each case with respect to the Company and its Subsidiaries, taken as a wholeBusiness. (c) To the Company’s knowledgeKnowledge of the Seller, Persons with which respect to the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Business, no Personal Information and has ever been disclosed by the Seller or transferred from the Seller to non-personally identifiable informationany Person or to any jurisdiction in any material respect, except (A) where the Seller had all necessary rights, authorizations, permissions, or consents to do so, or (B) where such disclosure or transfer was permitted by applicable Privacy Laws. (d) To the Company’s knowledgeKnowledge of the Seller, neither the execution nor delivery of this Agreement, the Company transactions contemplated hereby, the performance of the Seller’s obligations hereunder, nor the transfer of any Personal Information to the Purchaser will violate any Privacy Laws or the Seller’s Personal Information Obligations in any material respect or require notice to or consent from any Person for continued Processing of Personal Information in any material respect. To the Knowledge of the Seller, the Seller has all material appropriate authorizations, consents, certifications, and its Subsidiaries take all rights to Process any Personal Information in the manner in which the Seller has Processed such information with respect to the Business, to continue Processing Personal Information in the same manner after Closing with respect to the Business, and to transfer Personal Information to the Purchaser as contemplated in this Agreement. To the Knowledge of the Seller, the Seller has retained the records of such authorizations or consents with respect to the Business as may be required by applicable Laws. (e) The Seller has established and implemented commercially reasonable steps policies, procedures, and safeguards, consistent with industry standards and any applicable Privacy Laws, to protect the confidentiality, integrity, operation, confidentiality, integrity and security of their respective business systems the material IT Systems used by the Seller (and websites and all the information and transactions stored or contained therein or transmitted thereby processed on those IT Systems), including against any unauthorized Processing, or improper useany interruption, corruption or vulnerability. (f) Except as would not be material to the Seller, to the Knowledge of the Seller, neither the Seller with respect to the Business, nor any Person who Processes Personal Information on behalf of the Seller with respect to the Business, has experienced any loss, damage, unauthorized access, transmittalunauthorized disclosure, interruptionimproper alteration, modification misuse, or corruption, and there have been no material breaches of same. Without limiting the generality breach of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the privacy or security of the Company’s or its Subsidiaries’ confidential information and any Personal Information and (2) implementsin the Seller’s possession, monitors and improves adequate and effective safeguards to control those riskscustody, or control, or that is processed on its behalf.

Privacy and Security. (a) Each of Except as would not be material to the Company and its Subsidiaries complies (and requires and monitors taken as a whole, the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data securityCompany Group's receipt, collection, monitoring, maintenance, creation, transmission, use, analysis, disclosure, storage, disposal, and reputable industry practicesecurity of Personal Information materially complies, standardsand during the past two (2) years has materially complied, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect towith: (i) personally identifiable information all Privacy and Security Laws; (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information ii) PCI DSS; (iii) applicable Contracts; (iv) Privacy and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersSecurity Policies; and (iiv) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information all consents and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of authorizations that apply to the Company and its Subsidiaries' receipt, access, use, and disclosure of Personal Information, in the case of the foregoing clauses (i) – (v), as applicable. Except as would not be material to the Company and its Subsidiaries taken as a whole, the Company Group have all necessary authority, consents, and authorizations to receive, access, use, and disclose the Personal Information in the Company Group's possession or under their control in connection with the Business, except as would not be material to the Company and its Subsidiaries taken as a whole. (cb) To the Company’s knowledge's Knowledge, Persons with which the Company Group is not under investigation by any Governmental Authority for a violation of any Privacy and Security Laws, except as would not be material to the Company and its Subsidiaries taken as a whole. The Company Group has not been subject to any Order, proceeding, or investigation with respect to any actual or alleged noncompliance with any Privacy and Security Law, except as would not be material to the Company and its Subsidiaries taken as a whole. The Company Group has not received any written complaint alleging a violation of any Privacy and Security Law. (c) Except as would not be material to the Company and its Subsidiaries taken as a whole, the Company Group has not suffered, discovered, or been notified in writing of any unauthorized acquisition, use, disclosure or breach of, or access to, any protected health information (as defined in 45 C.F.R. § 160.103) or other Personal Information that constitutes a security breach violation under any Privacy and Security Law. Except as would not be material to the Company and its Subsidiaries taken as a whole, the Company Group has not notified any affected Person (including any Governmental Authority) or the media of any breach of Personal Information. To the Company's Knowledge, no third party that receives or has access to the Personal Information of the Company Group has experienced any breach of security or unauthorized or unlawful access, use, modification, theft, processing, disclosure, accidental loss, destruction, or damage of the Company Group's Personal Information or any of Confidential Information in such third party's possession, custody, or control, except as would not be material to the Company and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationtaken as a whole. (d) To Copies of the Company Group's current policies for compliance with Privacy and Security Laws have been made available to Parent, which may include (1) website privacy policy; (2) employee privacy policy; (3) privacy policy or privacy notice pertaining to health data and protected health information (as defined in 45 C.F.R. § 160.103); (4) data protection, information security, and IT policies and procedures; (5) incident response policies and procedures; and (6) any other policy or written procedures pertaining to the collection, storage, disclosure, transfer, or other processing of any Personal Information (collectively, the "Privacy and Security Policies"). The Company Group's Privacy and Security Policies are commercially reasonable in all material respects with Privacy and Security Laws. (e) Except as would not be material to the Company and its Subsidiaries taken as a whole, the (i) collection, storage, processing, transfer, sharing, and destruction of Personal Information in connection with the transactions contemplated by this Agreement and (ii) execution, delivery, and performance of this Agreement and the other agreements and instruments contemplated hereby and the consummation of the transactions contemplated hereby and thereby complies in all material respects with the Company’s knowledge's and its Subsidiaries' applicable Privacy and Security Policies and applicable Privacy and Security Laws. (f) Except as set forth in Schedule 4.23 of the Company Disclosure Schedules, the Company and its Subsidiaries take all commercially reasonable steps have not filed a claim for coverage relating to protect the operationany data security and privacy matter under an insurance policy issued to, confidentialityor on behalf of, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each With respect to any Personal Information of the Company any customer of Seller collected or processed by Seller or Drake, except as set forth on Schedule 5.23(a): (i) Seller is in material compliance with all Applicable Laws and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance material compliance with reputable industry practice) (all of the foregoing collectively, “Privacy Applicable Laws”) with respect to: to (iA) personally identifiable the collection, use, disclosure, protection and transfer of Personal Information, (B) the sending of solicited or unsolicited electronic information and marketing communications, including those undertaken by automated dialer or text (including nameSMS) messaging, address, telephone number, and electronic mail addressmessages, social security numberand (C) spyware and adware, bank account number or credit card number), sensitive personal information and any special categories (D) the confidentiality and protection of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and ; (ii) nonno claims have been asserted or, to Seller’s Knowledge, threatened against Seller by any Person alleging a violation of any Applicable Laws by Seller; (iii) without limiting the generality of the foregoing, Seller is in material compliance with all applicable provisions of the ▇▇▇▇▇-personally identifiable information, whether ▇▇▇▇▇-▇▇▇▇▇▇ Act and the rules and regulations related thereto; and (iv) Seller does not transfer any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersPersonal Information across national borders. (b) Neither Except as set forth on Schedule 5.23(b), Seller has not: (i) experienced a material security breach of any system or website resulting in the Company nor any unauthorized acquisition, disclosure or use of its Subsidiaries uses, collects, or receives any Personal Information since the date that is three (3) years prior to the Execution Date; (ii) been required pursuant to any Applicable Law to notify customers, consumers or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result employees of any receipt security breach related to the Personal Information of such customers, consumers or employees; or (iii) been the subject of any inquiry, investigation or enforcement action of any Governmental Body with respect to the collection, use, disclosure, protection and transfer of Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information Seller takes and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all has taken commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business its software, systems and websites and all information and transactions stored or contained therein or transmitted thereby websites, including any of the foregoing that are involved in the collection and/or processing of Personal Information, against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each In connection with its collection, storage, use, transfer (including any transfer across national borders) or disclosure of any information that constitutes “personal information,” “protected health information,” “personal data” or “personally identifiable information” as defined in applicable Laws from any individuals (collectively, “Personal Information”), by or on behalf of the Company SPV, the SPV is and has been in material compliance with all applicable Laws (including HIPAA) concerning Personal Information in all relevant jurisdictions, including with respect to anonymization or deidentification (collectively, the “Privacy Requirements”). The SPV maintains commercially reasonable physical, technical, organizational, and administrative security measures and policies designed to protect all Personal Information owned, stored, used, maintained, or controlled by it or on its Subsidiaries complies (behalf from and requires against unauthorized access, use, or disclosure. The SPV is, and monitors the has been, in compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data securityloss, theft, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all breach of security notification obligations. To the Knowledge of the foregoing collectivelySPV, “no Person has gained unauthorized access to or made any unauthorized use of any Personal Information maintained by the SPV. The consummation of the transactions contemplated by this Agreement do not violate the Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number Requirements as currently exists. No actions or credit card number), sensitive personal information and any special categories investigations are pending or threatened in writing against the SPV relating to the collection or use of personal information regulated thereunder or covered thereby (“Personal Information”), whether nor, to the Knowledge of the SPV, have any of same is accessed such actions or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersinvestigations been threatened verbally. (b) Neither The Stockholder and the Company nor SPV have received no written claims of, and there is no pending litigation to which Stockholder or the SPV is a party alleging, any violation of or non-compliance with any of its Subsidiaries usesthe Privacy Requirements nor, collectsto the Knowledge of the SPV, have any such allegations been threatened verbally. There are no legal or receives governmental proceedings pending with respect to any Personal Information or sensitive alleged violation or non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate compliance with any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeRequirement. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in has at all material respects times complied with all applicable Laws and its respective privacy policies relating to privacy privacy, data protection and the collection and use of Personally Identifiable Information gathered or data securityaccessed in the course of its operations, and reputable industry practicemaintains reasonable administrative, standards, self-governing rules technical and physical processes and policies designed to safeguard the integrity of Personally Identifiable Information and their own publishedto prevent unauthorized access to, posted misuse or alteration of, such data necessary to comply with applicable Law and internal agreements the applicable terms of any Contract to which it is a party and policies (which are is in conformance material compliance with reputable industry practice) (all such policies, and each of the foregoing collectivelyCompany and its Subsidiaries has been in material compliance with all prior privacy policies of the Company and its Subsidiaries in effect from time to time. No claims have been asserted in writing or, to the Knowledge of the Company, threatened against the Company or any of its Subsidiaries alleging an improper use of Personally Identifiable Information. The execution and delivery of this Agreement or any Ancillary Agreement and the consummation of the transactions contemplated hereby and thereby will not breach or otherwise cause any material violation of any privacy policy of the Company or any of its Subsidiaries. (b) There has been no violation by the Company or any of its Subsidiaries of the rights of any Person with respect to Personally Identifiable Information under international, foreign (including, without limitation, any Law of any Governmental Entity located in Europe or Asia), U.S. and state Laws (including, without limitation, California SB 27, California Consumer Protection Against Computer Spyware Act, California Civil Code 1798.81.5 and the Data Protection Act 1998), including all rights respecting (A) privacy generally, (B) the obtaining, storing, using or transmitting of Personally Identifiable Information of any type, whether via electronic means or otherwise, and (C) spyware and adware (the rights described in clauses (A)-(C) are referred to herein collectively as “Privacy Rights”). For purposes of this Agreement, “Privacy Laws”) with respect Personally Identifiable Information” means data in control of the Company or any of its Subsidiaries that would enable the Company or any of its Subsidiaries to identify or locate a particular individual, including, but not limited to: (i) personally identifiable information (including , the name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories number of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersan individual. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) complies, in all material respects respects, with all applicable Laws relating to privacy or data securityLaws, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Websites), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any information (including such Personal Information of same is accessed visitors who use the Company’s Websites); (iii) spyware and adware; (iv) the procurement or used by placement of advertising from or with Persons and Websites; (v) the Company use of Internet searches associated with or any using particular words or terms; and (vi) the sending of its Subsidiaries solicited or any of their respective business partnersunsolicited electronic mail messages. (b) Neither The Company posts policies with respect to the matters set forth in Section 3.21(a) on its Websites in conformance with Privacy Laws. The Company’s privacy policy discloses how the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does the Company is in compliance in all material respects with the terms of its published privacy policy. Except as set forth on Section 3.21(b) of the Disclosure Schedules, the Company and its Subsidiaries do not use, collect, or receive any Personal Information or sensitive non-personally identifiable information and do not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach Information and no Personal Information that is collected by the Company or violate any Privacy Laws and materially and adversely impact the business of its Subsidiaries is used or transferred by the Company and its Subsidiaries, taken as Subsidiaries in a wholemanner to which the individual to which such Personal Information relates has not given the Company or its Subsidiaries his or her consent. (ci) To the knowledge of the Company’s knowledge, the customers, suppliers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) any consumer complaints relative to Software downloads that resulted in the installation of any of the Company’s tracking technologies. (d) To Except for disclosures of information required by Law or specifically authorized by the Company’s knowledgeprovider of the Personal Information, the Company and its Subsidiaries do not sell, rent or otherwise make available to third parties any Personal Information and no claims have been asserted or, to the knowledge of the Company, threatened with respect to the Company’s or its Subsidiaries’ receipt, collection, use, storage, processing, disclosure or disposal of Personal Information. The Company has not received (and does not have knowledge of) any complaints from any consumer or any Governmental Authority with respect to privacy and security. (e) The Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks. (f) All technology and computer systems and infrastructure, including software, hardware, middleware, servers, workstations, routers, and all other information technology software or equipment relating to the transmission, storage, maintenance, organization, presentation, generation, processing, analysis or other use of data and information whether or not in electronic format, used by or for the Company and its Subsidiaries (collectively, “Company IT Systems”) are in good working condition to effectively perform all information technology operations necessary to conduct the business of the Company and its Subsidiaries in all material respects and provide sufficient redundancy and speed to meet industry standards relating to high availability. The Company and its Subsidiaries have taken all commercially reasonable steps in accordance with industry standards to secure such Company IT Systems from unauthorized access or use by any Person, and to ensure the continued, uninterrupted and error-free operation of the Company IT Systems. Such Company IT Systems are adequate in all respects for their intended use and are in good working condition (normal wear and tear excepted), and are free of all viruses, worms, malware, trojan horses and other known contaminants and do not contain any bugs, errors or problems of a nature that would disrupt their operation or have an adverse and material impact on the operation of such Company IT Systems. There has not been any major malfunction with respect to any of such Company IT Systems in the last five years preceding the date hereof that has not been remedied or replaced in all material respects. The Company and its Subsidiaries have in place a commercially reasonable and prudent disaster recovery program, including the regular back-up and prompt recovery of the data and information necessary and material to the conduct of the business of the Company and its Subsidiaries (including such data and information that is stored in the ordinary course) without material disruption to, or material interruption in, the conduct of their business. The Company IT Systems are and have been sufficient to satisfy all obligations under customer contracts with respect to privacy and security matters, data protection, availability, redundancy and disaster recovery, including any service level agreements set forth therein.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies comply (and requires require and monitors monitor the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security(including the Children’s Online Privacy Protection Act, Telephone Consumers Protection Act and California Civil Code section 1798.81.5), reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s and its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such information of visitors who use the Company’s and its Subsidiaries’ Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) Neither The Company and its Subsidiaries post all policies with respect to the matters set forth in Section 3.20(a) on its Websites in conformance with Privacy Laws. Except as set forth on Schedule 3.20(b) of the Disclosure Schedule or to the extent the individual to which such Personal Information relates has given the Company nor any of or its applicable Subsidiary his or her consent, the Company and its Subsidiaries usesdo not use, collectscollect, or receives receive any Personal Information or sensitive non-personally identifiable information and does do not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws Information and materially and adversely impact the business of no Personal Information that is collected by the Company and or any its Subsidiaries is used or transferred by the Company or its Subsidiaries, taken as a whole. (c) (i) To the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to Software downloads that resulted in the installation of any of the Company’s tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially takes reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the Company The Company’s and its Subsidiaries Subsidiaries’ past and present collection, use, analysis, disclosure, transfer, retention, storage, security, and dissemination of Personal Information complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by Contract to which the Company or any of its Subsidiaries is a party or any of their respective business partners; and (ii) non-personally identifiable informationany applicable Laws, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersincluding Privacy and Security Laws and Requirements. (b) Neither the Company nor any of its Subsidiaries usesnor any of their respective officers, collectsdirectors, employees or receives any Personal Information or sensitive non-personally identifiable information and does not become aware consultants: (i) is, to the Knowledge of the identity or location ofCompany, or identify or locate, under investigation by any particular Person as Government Entity for a result violation of any receipt Privacy and Security Laws and Requirements; (ii) has received any written notices from any Person or Government Entity relating to any such violations; and (iii) is, to the Knowledge of such the Company, subject to any Liability with respect to the loss, damage or unauthorized access, use, disclosure, modification or other misuse of Personal Information, and no such Liability has been threatened in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholewriting. (c) To The Company and its Subsidiaries have, contractually or otherwise, required their Third Party service providers who access, use, process, or further disclose Personal Information and/or Sensitive Information to adhere to the Company’s knowledgeand its Subsidiaries’ corporate policies, Persons with which including those applicable to data privacy, data security, and Personal Information, and all applicable Laws. (d) Complete and accurate copies of any written complaints, claims or demands delivered to the Company or any of its Subsidiaries alleging a violation of any Privacy and Security Laws and Requirements have contractual relationships have not breached been provided to Buyer. (e) There has been no unauthorized use or disclosure of Personal Information of any agreements Third Party by the Company or any of its Subsidiaries or unauthorized use or disclosure of Personal Information of the Company or its Subsidiaries that would constitute a breach for which notification to individuals and/or regulatory authorities is required under any applicable Privacy and Security Laws and Requirements. To the Knowledge of the Company, there has been no unauthorized access to, use, disclosure, transfer (including transfers between jurisdictions) or misuse of, Personal Information owned, licensed or maintained by, or on behalf of, the Company or any of its Subsidiaries, and the Company and each of its Subsidiaries takes and has at all times taken commercially reasonable steps required by applicable Privacy Laws pertaining and Requirements to protect the privacy of any Personal Information collected by the Company or any of its Subsidiaries or on its behalf, to maintain in confidence such Personal Information and to non-personally identifiable informationprevent such unauthorized access, use, disclosure and misuse. (df) To Neither the Company nor any of its Subsidiaries has provided any service to any Third Party nor have any products or services offered or provided by the Company or any of its Subsidiaries been used by the Company or any of its Subsidiaries, or to the Knowledge of the Company, by any Third Party for “offensive” activities, including cyber warfare, unauthorized cyber-attacks or interventions on non-Company products or systems, or the manufacture or acquisition of cyber weapons. Neither the Company nor any of its Subsidiaries offers to any Customer or other Person, and have not engaged in any, such “offensive” activities, using either products or services developed by the Company or any of its Subsidiaries or products or services developed by and/or acquired from Third Parties. (g) The Company’s and each of its Subsidiary’s information security practices conforms in all material respects with (i) any information security statements in its respective privacy policies at the time each privacy policy was in effect and (ii) any public statement regarding the Company’s knowledgeor any of its Subsidiaries information security practices. No Proceeding has been asserted, or, to the Knowledge of the Company, threatened against the Company or any of its Subsidiaries or, to the Knowledge of the Company, any of their officers, directors or employees (in their capacity as such) by any Person with respect to the security of their use, disclosure or transfer of Personal Information. All Databases owned, controlled, held or used by the Company or any of its Subsidiaries and required to be registered under applicable Laws have been properly registered and maintained (other than with respect to Personal Information of employees and service providers), and the data therein has been used by the Company and its Subsidiaries take all commercially reasonable steps solely as permitted pursuant to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of samesuch registrations. Without limiting the generality of the foregoing, each of Any consents required to be obtained by the Company under Privacy Laws and Requirements for the collection, processing, transfer and other use of Personal Information by the Company or any of its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to for the security conduct of the Company’s or any of its Subsidiaries’ confidential information Subsidiary’s business have been obtained. Except as set forth in Schedule 2.26(g), the Company and Personal Information each of its Subsidiaries is and has been in compliance with all laws relating to data security, data loss, theft and breach of security notification obligations, including the Protection of Privacy Regulations (2Data Security), 2017. (h) implementsThe execution, monitors delivery and improves adequate performance of this Agreement by the Company will not result in a violation of Privacy and effective safeguards to control those risksSecurity Laws and Requirements.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies are, and at all times during the three (and requires and monitors 3) prior to the date hereof, have been, in compliance of applicable third parties) in all material respects with all applicable Laws relating of the following to privacy or the extent pertaining to data protection, data privacy, data security, data breach and reputable industry practicesecurity incident notification, standardsdata localization, selfand cross-governing rules border data transfer in the United States of America and policies elsewhere in the world and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all applicable to the conduct of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and all Laws (“Privacy Laws”) (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks or published policies or notices relating to the Company’s and its Subsidiaries’ collection, use, storage, disclosure, processing, handling, protection, or cross-border transfer (“Processing”) of Personal Information; (iii) terms of any Contracts to which the Company and its Subsidiaries are bound; and (iv) industry standards or codes-of-conduct to which the Company and its Subsidiaries are legally bound relating to the Company’s and its Subsidiaries’ Processing of Personal Information (collectively, “Privacy Requirements”). (b) Except as set forth on Schedule 5.24(b), in the three (3) years prior to the date hereof, the Company and its Subsidiaries have not received any subpoenas, demands, notices, fines, enforcement measures, orders, or court orders from any governmental, data protection authority, or other entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Privacy Laws. To the knowledge of the Company, neither the Company nor any of its Subsidiaries is under investigation by any Governmental Body or other entity for any actual or potential violation of any Privacy Laws. (c) The Company and its Subsidiaries have taken commercially reasonable steps, compliant with applicable Privacy Requirements, designed to protect (i) the operation, confidentiality, integrity, and security of the Company’s or and its Subsidiaries’ confidential information and IT Assets that are involved in the Processing of Personal Information and (2ii) implementsPersonal Information in the Company’s and its Subsidiaries’ possession or control from unauthorized use, monitors and improves adequate and effective safeguards access, disclosure, deletion, or modification. (d) Except as set forth on Schedule 5.24(d), in the three (3) years prior to control those risksthe date hereof, neither the Company nor its Subsidiaries has experienced any material failures, crashes, security incidents, data breaches, unauthorized access, use, or disclosure, or other adverse events or incidents, in each case, related to Personal Information that would require, in any material respect, notification by the Company of individuals, law enforcement, any Governmental Body, customers, vendors, or any others or any remedial action under any applicable Privacy Requirements. Except as set forth on Schedule 5.24(d), to the knowledge of the Company, there are no pending complaints, actions, fines, or other penalties levied against the Company or its Subsidiaries, in connection with any such failures; crashes; security incidents; data breaches; unauthorized access, use, or disclosure; or other adverse events or incidents.

Privacy and Security. (a) Each of the The Company and each of its Subsidiaries complies (and requires and monitors uses commercially reasonable efforts to monitor the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company or Company, any of its Subsidiaries Subsidiaries, or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company or Company, any of its Subsidiaries Subsidiaries, or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) The Company posts all policies with respect to the matters set forth in Section 4.20(a) on its Website in conformance with Privacy Laws. Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information of its customers or Website users and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the knowledge of the Company’s knowledge, the Persons with which the Company or and any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware). (d) To the Company’s knowledge, the The Company and its Subsidiaries take all takes commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the Company The Group Companies have established and its Subsidiaries complies (implemented comprehensive written privacy and requires security policies and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or organizational, physical, administrative and technical measures that govern privacy, cyber security and data security, including their collection, storage, use, processing, disclosure, and reputable industry practice, standards, self-governing rules and transfer of Personal Information (such policies and their own publishedmeasures, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, the “Privacy Lawsand Security Policies”) )). The Privacy and Security Policies are commercially reasonable and consistent with respect to: (i) personally identifiable information (including nameindustry practices applicable to the Group Companies’ Business, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationall public commitments and the processing activities of the Group Companies in connection with collection, whether storage, use, processing, disclosure, and transfer of Personal Information in the operation of the Business, and (iii) any of same is accessed publicly facing statements or used policies adopted by the Company Group Companies in connection with the collection, storage, use, processing, disclosure, and transfer of Personal Information in operation of the Business. All consents and/or information notices required by applicable privacy Laws with respect to the collection, use, or any disclosure of its Subsidiaries Personal Information in connection with the conduct of the Business have been obtained or any of their respective business partnersprovided to the relevant individual data subjects. (b) Neither Copies of all current Privacy and Security Policies that apply to the Company nor any collection of its Subsidiaries uses, collects, or receives any Personal Information by the Group Companies through Internet websites owned, maintained, or sensitive non-personally identifiable information and does not become aware operated by the Group Companies, or through any Company Products provided to customers of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a wholeGroup Companies have been made available to Parent. (c) To the Company’s knowledgeThe Group Companies are, Persons and have been in all material respects, in compliance with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any (i) applicable Data Protection Requirements, and (ii) their Privacy Laws pertaining to Personal Information and to non-personally identifiable informationSecurity Policies. (d) To the knowledge of the Company’s knowledge, the Group Companies have made all necessary registrations, appointments and notifications under the Data Protection Requirements (including any notifications in respect of a Personal Information breach, the appointment of a data protection officer and/or the appointment of an EU or UK representative) and has listed all notifications and registrations in the Company Disclosure Schedule. (e) There are no valid and outstanding Data Subject requests to exercise rights under applicable privacy Laws as of the date of the Agreement. (f) As required by Data Protection Requirements, each Group Company has implemented, and regularly assessed its Subsidiaries take implementation of, appropriate technical and organizational measures necessary to ensure that Personal Information is protected against loss, destruction and damage, unauthorized access, use, modification, disclosure or other misuse. (g) No Group Company transfers Personal Information outside of the European Economic Area except in accordance with applicable privacy Laws. No Group Company has suspended or terminated a transfer of Personal Information or notified a supervisory authority of any concerns regarding a transfer of Personal Information pursuant to standard contractual clauses or binding corporate rules, nor, to the knowledge of the Company, are there circumstances which reasonably justify such a notification. (h) No Group Company has received a written claim, complaint, allegation or other notice of a concern (whether directly or indirectly) from or on behalf of a Data Subject regarding alleged non-compliance of its Personal Information processing activities. (i) No Group Company has received written notice from any supervisory authority of any investigation, enquiry, request for information and/or for co-operation regarding alleged non-compliance of its Personal Information processing activities. (j) The transactions contemplated hereby will not result in any Group Company being in material breach of any applicable Data Protection Requirements. (k) The Systems and Company Products of the Group Companies are designed to meet the requirements of all applicable Data Protection Requirements with respect to the protection of the privacy and confidentiality of all Personal Information stored, used, or processed in connection with such Systems or Company Products. (l) The Group Companies have taken commercially reasonable steps measures designed to protect the operationensure that all Personal Information is protected against material loss, confidentialitydestruction, integrity or damage and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper access, use, accessmodification, transmittaldisclosure, interruptionor other misuse. (m) No Group Company has been or is involved in, modification any legal proceedings with a Governmental Entity for violation in any material respects of any Data Protection Requirements. No Group Company has entered into any written agreement with any Governmental Entity for violation regarding data protection, privacy, or corruptionthe collection, use, disclosure, sale, or licensing of Personal Information, or Data Protection Requirements. No Group Company is a party to any consent order, consent decree, settlement, or other similar agreement for violation regarding data protection, privacy, or the collection, use, disclosure, sale, or licensing of Personal Information, or Data Protection Requirements. (n) There has been no material breach or security incident in relation to any Personal Information held by any of the Group Companies, and there have has been no material breaches unauthorized or illegal processing of same. Without limiting the generality any Personal Information held by any of the foregoing, each Group Companies. No circumstance has arisen in which Data Protection Requirements would require any Group Company to notify a Governmental Entity or any other Person of a data security breach or security incident in relation to any Personal Information held by any of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksGroup Companies.

Privacy and Security. (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy All information or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used collected by the Company or any of its Subsidiaries from consumers, or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used acquired by the Company or any of its Subsidiaries about consumers, including personally identifiable information and aggregate or anonymous information (collectively, “PII”), has been collected, has been and is being used and has been and is being held in compliance with all Laws and Orders of any Governmental or Regulatory Authority. The Company and each of their respective business partners. its Subsidiaries has at all times presented a privacy policy (b“Privacy Policy”) to consumers prior to the collection of any PII. The Privacy Policy, and any other representations, marketing materials, and advertisements that address privacy issues and the treatment of PII, accurately and completely describe the Company’s or such Subsidiary’s information practices in regard to PII that it collects, maintains, stores, accesses, transfers, processes, uses or discloses (collectively, “Processing”). The Company and each of its Subsidiaries has given all notices, made all disclosures, and obtained all necessary consents related to the Processing of PII required by the Privacy Policy, applicable laws, and Contracts and no such notices, disclosures or consent requests have been inaccurate, misleading or deceptive. Neither the Company nor any of its Subsidiaries useshas collected any information online from children under the age of 13 without verifiable parental consent or directed any of its websites to children under the age of 13 through which such information could be obtained. The Company and each of its Subsidiaries has stored and maintained PII in a secure manner, collectsusing commercially reasonable technical measures, or receives any Personal Information or sensitive non-personally identifiable information to assure the integrity and does not become aware security of the identity or location ofdata and to prevent loss, or identify or locatealteration, any particular Person as a result of any receipt of such Personal Informationcorruption, in a manner which would materially breach or violate any Privacy Laws misuse and materially and adversely impact the business of the unauthorized access to PII. The Company and each of its SubsidiariesSubsidiaries destroyed or otherwise rendered irretrievable any records, taken as a whole. (c) To the Company’s knowledgewhether electronic or paper-based, Persons with which containing PII that the Company or such Subsidiary sought to dispose of in the ordinary course of business. All third party access to PII has been subject to written confidentiality requirements. There has been no unauthorized access to or disclosure of PII. The transfer of PII hereunder complies with all applicable Laws and Orders relating to such transfer and with the Privacy Policy, Contracts and other obligations in regard to PII. Neither the Company nor any of its Subsidiaries have contractual relationships have not breached has received any agreements claims, notices or any Privacy Laws pertaining to Personal Information complaints regarding its information practices and to non-personally identifiable informationProcessing of PII. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and each of its Subsidiaries complies (and and, as required by Privacy Laws, requires and monitors the compliance of applicable third partiesparties that process Personal Information on behalf of the Company or a Subsidiary) in all material respects with all applicable U.S., state, foreign and multinational Laws (including Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (General Data Protection Regulation), the Computer Fraud and Abuse Act (and all state and foreign Laws similar thereto), the Children’s Online Privacy Protection Act and the California Consumer Privacy Act) relating to privacy or data security, and reputable binding industry practice, standards, standards and self-governing rules and policies and their the Company’s and each of its Subsidiaries’ own published, posted and internal agreements and policies (which are in conformance with reputable industry practicepractice for similarly-sized companies performing similar services) (all of the foregoing collectively, “Privacy Laws”) with respect to, if and as applicable: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s or its Subsidiaries’ respective Websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners;; (ii) spyware and adware; (iii) the procurement or placement of advertising from or with Persons and Websites to the extent required by Privacy Laws; (iv) the use of Internet searches associated with or using particular words or terms to the extent such data is Personal Information; and (iiv) non-personally identifiable information, whether any the sending of same is accessed solicited or used by the Company or any of its Subsidiaries or any of their respective business partnersunsolicited electronic mail messages. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the The Company and its Subsidiaries, taken Subsidiaries post all policies with respect to the matters set forth in Section 3.20(a) on their respective Websites in conformance with and as a wholerequired by Privacy Laws. (c) To the Company’s knowledge, : (i) the advertisers and other Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information processed on behalf of the Company (including Privacy Laws regarding spyware and adware), (ii) neither the Company nor any of its Subsidiaries serves advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) neither the Company nor any of its Subsidiaries has received (and does not have knowledge of) a material volume of consumer complaints relative to non-personally identifiable informationSoftware downloads that resulted in the installation of the Company’s or any of its Subsidiaries’ respective tracking technologies. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially reasonable steps designed to protect the operation, confidentiality, integrity and security of their respective business systems Software, Systems and websites Websites and all information and transactions Personal Information stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, to the extent required by Privacy Laws, each of the Company and its Subsidiaries (i) uses industry standard encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that is designed to (1A) identifies identify internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implementsimplement, monitors monitor and improves adequate and effective improve safeguards to control those risks. (e) To the extent applicable, each of the Company and its Subsidiaries, and each of their respective businesses, products and services, is in compliance in all material respects with and has at all times materially complied with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all (if any) such cardholder data that has come into its possession. Neither the Company nor any of its Subsidiaries has received written notice that it is in non-compliance with any PCI DSS standards. The Company has never experienced a security breach involving any such cardholder data. No written claims have been asserted or, to the knowledge of the Company, are threatened against the Company or any of its Subsidiaries by any Person alleging a violation of any of the foregoing and there have been no known incidents of breach of any of the foregoing by the Company or any of its Subsidiaries.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable U.S., state, foreign and multinational Laws relating to privacy or data security, security applicable to the Company and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and the Company’s published policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any spyware and adware; (iii) the procurement or placement of same is accessed advertising from or used with reputable Persons and Websites that uses Personal Information collected by the Company Company; and (iv) the sending of solicited or any of its Subsidiaries or any of their respective business partnersunsolicited electronic mail messages. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (ci) To the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation, and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to non-personally identifiable informationSoftware downloads that resulted in the installation of the Company’s tracking technologies. (dc) To the Company’s knowledge, the The Company and its Subsidiaries take all takes commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting To the generality knowledge of the foregoingCompany, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the not experienced any breach of security of any Personal Information or proprietary information in the Company’s possession, custody, or control. (d) The Company is in compliance with and has at all times complied with all requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) applicable to the Company relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all (if any) such cardholder data that has come into its Subsidiaries’ confidential information possession. The Company has not received notice that it is in non-compliance with any PCI DSS standards. The Company has never experienced a security breach involving any such cardholder data. No claims are pending or have been threatened in writing against the Company by any Person alleging a violation of any of the foregoing and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksthere have been no known incidents of breach of any of the foregoing by the Company.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data securityLaws, and reputable industry practice, standards, self-governing rules and policies and their its own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: to (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”) (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and , (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use the Company’s websites, suppliers, clients and distributors), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners, (iii) spyware and adware, (iv) the procurement or placement of advertising from or with reputable Persons and websites, (v) the use of internet searches associated with or using particular words or terms, (vi) the sending of solicited or unsolicited electronic mail messages and (vii) privacy generally. The Company posts all policies with respect to the matters set forth in this Section 3.21(a) on its websites in conformance with Privacy Laws. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (ci) To the knowledge of the Company’s knowledge, the advertisers and other Persons with which the Company or any of its Subsidiaries have has contractual relationships have not materially breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware), (ii) the Company does not serve advertisements into advertising inventory created by downloadable software that launches without a user’s express activation and (iii) the Company has not received (and does not have knowledge of) a material volume of consumer complaints relative to software downloads that resulted in the installation of any of the Company’s tracking technologies. (dc) To Except as set forth on Section 3.21(c) of the Company’s knowledgeDisclosure Schedules, the Company and its Subsidiaries take all commercially takes reasonable steps to protect the operation, confidentiality, integrity and security of their respective business its software, systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard adequate-strength encryption technology of at least 128-bit and (ii) has implemented a comprehensive security plan that (1A) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2B) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the Company and its Subsidiaries Acquiror complies (and requires and monitors uses commercially reasonable efforts to monitor the compliance of applicable third parties) in all material respects with all applicable Privacy Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information Personal Information (including namesuch Personal Information of visitors who use Acquiror’s Website, addresssuppliers, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information clients and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”distributors), whether any of same is accessed or used by the Company Acquiror or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable informationinformation (including such Personal Information of visitors who use Acquiror’s Website, suppliers, clients and distributors), whether any of same is accessed or used by the Company Acquiror or any of its Subsidiaries or any of their respective business partners; (iii) spyware and adware; (iv) the procurement or placement of advertising from or with reputable Persons and Websites; (v) the use of Internet searches associated with or using particular words or terms; (vi) the sending of solicited or unsolicited electronic mail messages; and (vii) privacy generally. (b) Neither Acquiror posts all policies with respect to the Company nor any of matters set forth in Section 5.18(a) on its Subsidiaries usesWebsite in conformance with Privacy Laws. Acquiror does not use, collectscollect, or receives receive any Personal Information or sensitive non-personally identifiable information of its customers or Website users and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledgeknowledge of Acquiror, the Persons with which the Company or any of its Subsidiaries have Acquiror has contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware). (d) To the Company’s knowledge, the Company and its Subsidiaries take all Acquiror takes commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems its Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or 44 improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies (Subsidiaries’ comply and requires and monitors the compliance of applicable third parties) at all times have complied, in all material respects (including compliance with all applicable Laws relating to privacy or data securitythe use of Protected Health Information (PHI, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practiceas that term is defined under HIPAA) (all of the foregoing collectively, “Privacy Laws”) with respect towith: (i) HIPAA and Other Privacy Laws; (ii) PCI DSS, as applicable; and (iii) all obligations under Company Contracts (including Business Associate Agreements) and other commitments to third parties (including any privacy notices) relating to PHI or other personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal InformationPII”). (b) No Claim has been filed, whether any commenced or, to the Knowledge of same is accessed or used by the Company, threatened against the Company or any of its Subsidiaries by any Person alleging a violation of such Person’s privacy or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed confidentiality rights under HIPAA or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Other Privacy Law. Neither the Company nor any of its Subsidiaries uses(i) is, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware to the Knowledge of the identity Company, under investigation by any Governmental Authority for a violation of HIPAA or location ofOther Privacy Law, including with respect to any alleged Breach (as that term is defined under HIPAA) or identify or locateany other material violation of HIPAA by the Company, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken or any of either of their respective “workforce” (as used solely in this instance and as such term is defined under HIPAA in 45 C.F.R. § 160.103); (ii) has received during the previous six (6) years any written complaints, audit requests, or notices or inquiries from any Governmental Authority or other person (including any customer, subcontractor, or Business Associate (as that term is defined under HIPAA)) regarding the Company’s, a wholeSubsidiary’s, or any of either of their respective agents’, employees’ or contractors’ use of PHI or PII. (c) To the Knowledge of the Company, there has been no breach of the security of the Company’s knowledgeor any of its Subsidiaries’ computer systems or networks, Persons with or unauthorized access, use, or disclosure of or to any PHI or PII used by or on behalf of the Company or any of its Subsidiaries, including any unauthorized use or disclosure of PHI or PII that would constitute a breach for which notification by the Company to individuals and/or Governmental Authority is required under any applicable Laws. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries or its or their Business Associates or subcontractors have experienced any Breach of Unsecured PHI, or Security Incident (as those terms are defined under HIPAA). During the previous six (6) years, to the Knowledge of the Company, the Company and its Subsidiaries have identified, documented, investigated, contained, and eradicated each Security Incident related to PHI, PII, or other confidential data of the Company, any of its Subsidiaries or any customer of the Company or any of its Subsidiaries have contractual relationships have not breached any agreements that was transmitted, processed, maintained, stored, or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationotherwise available on or through the Company’s or its Subsidiaries’ network or information technology systems. (d) To The Company and its Subsidiaries have entered into a Business Associate Agreement with a third party in each instance in which a Business Associate Agreement is required under HIPAA. The Company and its Subsidiaries are, and at all times have been, in compliance in all material respects with all Business Associate Agreements to which any of the Company’s knowledgeCompany or its Subsidiaries is a party or is otherwise bound. Where required under HIPAA, the Company and its Subsidiaries take have entered into reasonable and appropriate Business Associate Agreements with all commercially reasonable steps subcontractors engaged by the Company or any of its Subsidiaries. (e) The Company and its Subsidiaries have at all times complied in all material respects with all rules, policies, and procedures established by the Company and its Subsidiaries from time to protect time and as applicable with respect to the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored electronic PHI gathered or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches accessed in the course of same. Without limiting the generality of the foregoing, each operations of the Company and its Subsidiaries (ithe “Information Policies and Procedures”). The Company has made available to Buyer true and complete copies of all Information Policies and Procedures currently in place or in process for the Company and its Subsidiaries. (f) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks Except as set forth on Schedule 2.23(f), to the Knowledge of the Company, there have been no unauthorized intrusions or breaches of the security of the Company’s computer software, middleware and systems, firmware, information technology equipment, and associated documentation used or relied upon by the Company or its Subsidiaries’ confidential information and Personal Information and Subsidiaries in connection with the operation of its business (2the “IT Assets”). The IT Assets have not malfunctioned or failed during the previous five (5) implements, monitors and improves adequate and effective safeguards years in a manner that has caused or would reasonably be expected to control those riskscause material disruption to the business.

Privacy and Security. (a) Each The Company and each of its Subsidiaries are, and have at all times been, in compliance with (i) all Laws regarding the protection, storage, use, and disclosure of Personal Data; (ii) the privacy policies and other Contracts (or portions thereof) in effect between such Company and customers and end users of such Company’s products and services, and (iii) Contracts (or portions thereof) between such Company or any of its Subsidiaries, and vendors, marketing affiliates, and other business partners, in each case in clauses (ii) and (iii), that are applicable to the use and disclosure of Personal Data (such policies and Contracts being hereinafter referred to as “Privacy Agreements”). The Company has delivered or made available to Buyer accurate and complete copies of all of the Privacy Agreements of such Company and its Subsidiaries. The Privacy Agreements do not require the delivery of any notice to or consent from any Person, or prohibit the transfer of Personal Data collected and in the possession or control of such Company to Buyer, in connection with the execution, delivery, or performance of this Agreement or the consummation of any of the transactions contemplated by this Agreement. The Company and its Affiliates have confidentiality agreements in place with all vendors or other Persons whose relationship with such Company or any of its Affiliates involves the collection, use, disclosure, storage, or processing of Personal Data on behalf of such Company or any of its Affiliates, which agreements require such Persons to protect such Personal Data in a manner consistent with such Company’s and its Affiliates’ obligations in the Privacy Agreements and in compliance with applicable Laws. Neither the execution, delivery or performance of this Agreement, nor the consummation of any of the transactions contemplated by this Agreement will result in any violation of any Privacy Agreements or any Law pertaining to privacy or Personal Data. The Company and its Subsidiaries complies (and requires and monitors have safeguards in place to protect Personal Data in the compliance Company’s or any of applicable its Subsidiaries’ possession or control from unauthorized access by third parties) in all material respects with all applicable Laws relating , including the Company’s and its Subsidiaries’ employees and contractors that are, to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all the Knowledge of the foregoing collectivelySellers, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number reasonable. No Person has made any illegal or credit card number), sensitive personal information unauthorized use of Personal Data that was collected by or on behalf of the Company or its Subsidiaries and is in the possession or control of any special categories of personal information regulated thereunder Company or covered thereby (“Personal Information”), whether any of same is accessed or used by its Subsidiaries. Further, there has not been any data security breach in connection with Personal Data that would require the Company or any of its Subsidiaries to notify a Person or Governmental Authority of such breach. There is no pending Action, and, to the Knowledge of the Sellers, no Person has threatened to commence any Action alleging that any Person has made any illegal or unauthorized use of their respective business partners; and (ii) non-personally identifiable information, whether any Personal Data that was collected by or behalf of same is accessed or used by the Company or any of its Subsidiaries and is in the possession or control of the Company or any of their respective business partnersits Subsidiaries. (b) The Company and its Subsidiaries post policies with respect to the matters set forth in Section 3.21(a) on any websites used by the Company or its Subsidiaries in connection with the Business in conformance with Laws regarding Personal Data. The Company’s and its Subsidiaries’ privacy policies disclose how the Company and its Subsidiaries use, collect and receive Personal Data and sensitive non-personally identifiable information and the Company and its Subsidiaries are in compliance in all material respects with the terms of their published privacy policy. (c) (i) To the Knowledge of the Sellers, the advertisers and other Persons with which the Company or its Subsidiaries have entered into Privacy Agreements have not breached any such Privacy Agreements or any Laws regarding Personal Data, (ii) the Company and its Subsidiaries do not serve advertisements into advertising inventory created by downloadable software that launches without a user’s express activation and (iii) the Company and its Subsidiaries have not received, to the Knowledge of the Sellers, a material volume of consumer complaints relative to software downloads that resulted in the installation of any of the Company’s or its Subsidiaries’ tracking technologies. (d) Each of the Company and each of its Subsidiaries, is in compliance, in all material respects, with and has at all times complied, in all material respects, with all applicable requirements contained in the Payment Card Industry Data Security Standards (“PCI DSS”) relating to “cardholder data” (as such term is defined in the PCI DSS, as amended from time to time) with respect to all such cardholder data that has come into its possession. Neither the Company nor any of its Subsidiaries uses, collectshas received written, or receives any Personal Information or sensitive reasonably definitive oral, notice that it is in non-personally identifiable information and does not become aware compliance with any PCI DSS standards. To the Knowledge of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledgeSellers, the Company and its Subsidiaries take are in compliance with all commercially reasonable steps PCI DSS standards that are expected to protect be implemented in the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same12 months following the date hereof. Without limiting the generality of the foregoing, each of Neither the Company and nor any of its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented ever experienced a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksbreach involving any such cardholder data.

Privacy and Security. (a) Each of the The Company and its Subsidiaries complies comply (and requires require and monitors use reasonable efforts to monitor the compliance of applicable third partiesPersons) in all material respects with all applicable federal, state, foreign and multinational Laws relating to privacy or data securitythe privacy, protection security and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) other Processing of Personal Information (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and including obtaining all consents required for compliance in all material respects with Privacy Laws from any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by Person about whom the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partnersProcesses Personal Information. (b) Neither The Company and its Subsidiaries have since the Lookback Date (i) documented internal and publicly available written policies and procedures relating to the Processing of Personal Information of or about employees, customers, vendors, suppliers and other Persons that are necessary for compliance with Privacy Laws (collectively, “Company nor any Data Protection Policies” ), (ii) implemented and used reasonable efforts to monitor compliance with all Company Data Protection Policies, and (iii) made all of their current and past versions of Company Data Protection Policies in effect since the Lookback Date available to Parent. The Company and each of its Subsidiaries useshave since the Lookback Date, collects, or receives any Personal Information or sensitive non-personally identifiable information and does except as is not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of material to the Company and its Subsidiaries, taken as a whole, ensured that each Person that Processes Personal Information for or on behalf of any of the Company or its Subsidiaries are subject to binding contractual obligations concerning compliance with Privacy Laws and complies in all material respects with any applicable Company Data Protection Policies. (ci) To the Company’s knowledge, the Persons with which the Company or any of and its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable informationinformation (including Privacy Laws regarding spyware and adware) relating to their services for the Company and its Subsidiaries and (ii) the Company and its Subsidiaries do not serve advertisements into advertising inventory created by downloadable Software that launches without a user’s express activation. (d) To the Company’s knowledge, the The Company and its Subsidiaries take all commercially reasonable steps in conformance in all material respects with Privacy Laws to protect the operation, confidentiality, integrity integrity, availability and security of their respective business systems Software, Systems and websites Websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper unlawful use, access, transmittal, interruption, modification modification, unavailability, corruption or corruption, and there have been no material breaches of sameother Processing. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries use adequate-strength encryption technology of at least 128-bit as part of employing encryption in their businesses in a commercially reasonable manner. Since the Lookback Date, there has been no material (i) uses industry standard encryption technology and unauthorized Processing of Personal Information by the Company or its Subsidiaries, (ii) has implemented a comprehensive security plan that (1) identifies internal breach or intrusion into the Software, Systems and external risks to the security Websites of the Company’s Company or any of its Subsidiaries’ confidential information , or (iii) action or circumstance requiring the Company or any of its Subsidiaries to notify a Governmental Authority of a data security breach or violation of any Privacy Laws. No Person (including any Governmental Entity) has commenced any Action involving the Company or any of its Subsidiaries with respect to loss, damage, or unauthorized access, use, modification or other Processing of any Personal Information. (e) The execution and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risksperformance of this Agreement will not constitute a violation by the Company or any of its Subsidiaries of Company Data Protection Policies or Privacy Laws.