Common use of Privacy, Data Protection and Data Security Clause in Contracts

Privacy, Data Protection and Data Security. The Company and its Subsidiaries comply with, and have since the Lookback Date complied, in all material respects with: (i) its internal and external privacy and data security policies, (ii) applicable industry standards concerning the Processing of Personal Information and codes of conduct, including the Payment Card Industry Data Security Standard (PCI DSS), (iii) all applicable Privacy Laws, and (v) all material contractual obligations of the Company and its Subsidiaries concerning information security and data privacy (collectively, the “Data Privacy/Security Requirements”), except, in each case, where any non-compliance, has not been, and would not be material to the Company and its Subsidiaries, taken as a whole. To the Knowledge of the Company, all vendors, processors, subcontractors and other Persons acting for or on behalf of the Company and its Subsidiaries in connection with the Processing of Personal Information or that otherwise have been authorized to have access to the Company IT Assets or the Personal Information in the possession or control of the Company and its Subsidiaries comply with, and have since the Lookback Date complied, with the Data Privacy/Security Requirements. To the Knowledge of the Company, neither the negotiation nor consummation of the transactions contemplated by this Agreement, nor any disclosure or transfer of Personal Information in connection therewith, will breach or otherwise cause any violation of any Data Privacy/Security Requirement or require the consent, waiver or authorization of, or declaration, filing or notification to, any Person under any such Data Privacy/Security Requirement. Except as has not been and would not be material to the Company and its Subsidiaries, taken as a whole, there are no, and have not been since the Lookback Date, any Legal Proceedings pending by or threatened in writing against the Company or any of its Subsidiaries concerning any Data Privacy/Security Requirement or compliance therewith or violation thereof.

Privacy, Data Protection and Data Security. The Company and its Subsidiaries comply with, and have since the Lookback Date complied, in all material respects with: (i) its internal and external privacy and data security policies, (ii) applicable industry standards concerning the Processing of Personal Information and codes of conduct, including the Payment Card Industry Data Security Standard (PCI DSS), (iii) all applicable Privacy Laws, and (v) all material contractual obligations of the Company and its Subsidiaries concerning information security and data privacy (collectively, the “Data Privacy/Security Requirements”), except, in each case, where any non-compliance, has not been, and Except as would not reasonably be expected to result in material to the Company and its Subsidiaries, taken as a whole. To the Knowledge of the Company, all vendors, processors, subcontractors and other Persons acting for or on behalf of the Company and its Subsidiaries in connection with the Processing of Personal Information or that otherwise have been authorized to have access to the Company IT Assets or the Personal Information in the possession or control of the Company and its Subsidiaries comply with, and have since the Lookback Date complied, with the Data Privacy/Security Requirements. To the Knowledge of the Company, neither the negotiation nor consummation of the transactions contemplated by this Agreement, nor any disclosure or transfer of Personal Information in connection therewith, will breach or otherwise cause any violation of any Data Privacy/Security Requirement or require the consent, waiver or authorization of, or declaration, filing or notification to, any Person under any such Data Privacy/Security Requirement. Except as has not been and would not be material liability to the Company and its Subsidiaries, taken as a whole, there are nothe Company and each of its Subsidiaries have implemented, maintain, and have enforce (i) commercially reasonable policies and procedures regarding its obligations under Data Security Requirements, as applicable (each, a “Company Privacy Policy”), with respect to its collection, use and disclosure of Personal Information, (ii) commercially reasonable systems and procedures designed to receive and effectively respond to complaints and valid individual rights requests under Data Security Requirements in connection with the Company’s or its Subsidiaries’ Processing of Protected Data, and the Company and its Subsidiaries has complied with all such individual rights requests, and (iii) commercially reasonable policies, and takes commercially reasonable steps, designed to protect Protected Data it collects or otherwise maintains from Security Breaches. Except as would not been reasonably be expected to result in material liability to the Company and its Subsidiaries, taken as a whole, the Company and each of its Subsidiaries and the conduct by the Company and each of its Subsidiaries of their respective businesses is, and has at all times in since the Lookback DateDate been, in compliance with (a) each applicable Company Privacy Policy and (b) all Data Security Requirements. Except as would not reasonably be expected to result in material liability to the Company and its Subsidiaries, taken as a whole, (i) all third parties who have provided Personal Information to the Company and each of its Subsidiaries have, to the Knowledge of the Company, done so in compliance with applicable privacy and data security laws, including providing any Legal Proceedings pending notice and obtaining any consent required under applicable privacy and data security law and (ii) the Company and each of its Subsidiaries do not engage in the “sale,” as such term defined by or threatened applicable privacy and data security Law, of Personal Information in writing against violation of any such Law. Except as would not reasonably be expected to result in material liability to the Company and its Subsidiaries, taken as a whole, the consummation of the Merger will not result in any violation by the Company or any of its Subsidiaries concerning of any Data Privacy/Security Requirement or compliance therewith or violation thereofRequirement.

Privacy, Data Protection and Data Security. The (a) Except as would not reasonably be expected to have a Company Material Adverse Effect, the Company and each of its Subsidiaries comply withSubsidiaries, and have the collection, storage, use and/or disclosure or other processing of any data or information that constitutes “personal information,” “personal data” or “personally identifiable information” as defined in applicable Privacy Laws (collectively, “Personal Information”) by or, to the Knowledge of the Company, on behalf of the Company or any of its Subsidiaries, is, and has been since the Lookback Date compliedDate, in compliance with all material respects with: applicable (i) its internal and external privacy and data security policies, (ii) applicable industry standards concerning the Processing of Personal Information and codes of conduct, including the Payment Card Industry Data Security Standard (PCI DSS), (iii) all applicable Privacy Laws, and (v) all material contractual obligations of the Company or any of its Subsidiaries, (ii) legally binding orders of any Governmental Authority, and (iii) Permits, in each case of (i) – (iii), pertaining to data protection or information privacy and security and all applicable Privacy Laws. Except as would not reasonable be expected to have a Company Material Adverse Effect, the Company and each of its Subsidiaries concerning information is not, to the Knowledge of the Company, suffering, and has not at any time since January 1, 2021 suffered, any security and data privacy (collectivelybreach, the “Data Privacy/Security Requirements”)virus, exceptloss, corruption, unauthorized use, access, acquisition or disclosure, in each case, where of any non-compliance, has not been, and would not be material to the Company and its Subsidiaries, taken as a wholeIT Assets or Personal Information. To the Knowledge of the Company, all vendors, processors, subcontractors and the Company IT Assets are free of any “back door,” “time bomb,” “Trojan horse,” “worm,” “drop dead service,” “virus,” or other Persons acting for software routines or on behalf hardware components that permit unauthorized access or the unauthorized disablement or erasure of the such Company IT Assets or data or other software of users. (b) The Company and its Subsidiaries in connection with the Processing of Personal Information or that otherwise have been authorized to have access to the Company IT Assets or the Personal Information in the possession or control of the Company and its Subsidiaries comply withtake, and have since the Lookback Date compliedtaken, with commercially reasonable actions to protect the Data Privacy/Security Requirements. To confidentiality, integrity and security of the Company IT Assets against any unauthorized use, access, interruption, modification or corruption. (c) Since January 1, 2021, (i) no material written notices have been received by, and, to the Knowledge of the Company, neither the negotiation nor consummation of the transactions contemplated by this Agreementno material claims, nor any disclosure investigations, charges or transfer of Personal Information in connection therewithcomplaints have been made against, will breach or otherwise cause any violation of any Data Privacy/Security Requirement or require the consent, waiver or authorization of, or declaration, filing or notification to, any Person under any such Data Privacy/Security Requirement. Except as has not been and would not be material to the Company and its Subsidiaries, taken as a whole, there are no, and have not been since the Lookback Date, any Legal Proceedings pending by or threatened in writing against the Company or any of its Subsidiaries concerning by any Data Privacy/Security Requirement Governmental Authority or compliance therewith other Person alleging a violation by the Company or violation thereofany of its Subsidiaries of any Privacy Laws or any contractual obligations related to Personal Information, and (ii) no disclosure of any data breach or network security breach has been made by any of the Company or any of its Subsidiaries to any Person or Governmental Authority.

Privacy, Data Protection and Data Security. The Except as would not have a Company Material Adverse Effect, the Company and each of its Subsidiaries comply with, and have since the Lookback Date complied, in all material respects with: (i) its internal and external maintains commercially reasonable policies regarding privacy and data security policiesprotection, as applicable (each, a “Company Privacy Policy”), with respect to their collection, use and disclosure of “personal information” and “personal data” of individuals or any similar term as defined by a Data Security Requirement, including any such data or information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household (collectively, “Personal Information”); (ii) is in compliance with (A) each applicable industry standards concerning Company Privacy Policy and (B) all applicable Laws pertaining to privacy, data protection or information security with respect to the Processing Company’s or any of its Subsidiaries’ collection, use or disclosure of Personal Information and codes of conduct, including the Payment Card Industry (C) all other Data Security Standard (PCI DSS), Requirements; and (iii) all applicable Privacy Lawsmaintains commercially reasonable policies, and (v) all material contractual obligations of the Company takes commercially reasonable steps, designed to protect Personal Information it collects or otherwise maintains from security breaches resulting in unauthorized access, acquisition and its Subsidiaries concerning information security and data privacy (collectively, the “Data Privacy/Security Requirements”), except, in each case, where any non-compliance, has not been, and or disclosure. Except as would not be material have a Company Material Adverse Effect, to the Company and its Subsidiaries, taken as a whole. To the Knowledge of the Company, all vendors, processors, subcontractors and other Persons acting for or on behalf of the Company and each of its Subsidiaries has not at any time since the Lookback Date, suffered any cyber or security incidents, or breach of any of its Systems resulting in connection with the any unauthorized access to, destruction, damage, disclosure, loss, corruption, alteration, or acquisition or disclosure or use of, or other Processing of of, any such Personal Information or that otherwise data, or Trade Secret (including confidential and proprietary information). Except as would not have been authorized a Company Material Adverse Effect, to have access to the Company IT Assets or the Personal Information in the possession or control of the Company and its Subsidiaries comply with, and have since the Lookback Date complied, with the Data Privacy/Security Requirements. To the Knowledge of the Company, neither the negotiation nor consummation of the transactions contemplated by this Agreement, Company nor any disclosure or transfer of Personal Information in connection therewith, will breach or otherwise cause its Subsidiaries has been subject to any violation investigations by any Government Authority for violations of any Data Privacy/Security Requirement or require the consentRequirements, waiver or authorization ofand has not notified, or declaration, filing or notification tobeen required to notify, any Person under of a breach or any such unauthorized Processing of any Personal Data Privacy/Security Requirement. Except as has not been and would not be material to the Company and its Subsidiaries, taken as a whole, there are no, and have not been since the Lookback Date, any Legal Proceedings pending Processed by or threatened in writing against on behalf of the Company or any of its Subsidiaries concerning any Data Privacy/Security Requirement or compliance therewith or violation thereofSubsidiaries.