Common use of Data Privacy and Cybersecurity Clause in Contracts

Data Privacy and Cybersecurity. Except as would not, individually or in the aggregate, be material to the Plutus Group Companies, taken as a whole: (a) The Plutus Group Companies are, and since the Reference Date have been, in compliance in all material respects with all Plutus Privacy Requirements and all applicable Privacy Laws. (i) Since the Reference Date, the Plutus Group Companies have taken commercially reasonable measures to protect the integrity, continuous operation and physical and electronic security of the Plutus IT Systems (including Plutus Data); (ii) the Plutus IT Systems are functional, operate in a reasonable manner, and are in sufficiently good working condition for the operation of the businesses of the Plutus Group Companies; (iii) the Plutus IT Systems are free of any viruses, worms, Trojan horses, bugs, faults or other devices, errors, contaminants or code that could materially disrupt or materially and adversely affect the functionality of the Plutus IT Systems; and (iv) since the Reference Date, there have been no material breaches, outages, misuses or intrusions of any Plutus IT System, nor any loss, theft, compromise or damage of, breach of security with respect to, or unauthorized access to, or rendering unavailable or inaccessible of any Plutus Data Processed by or on behalf of the Group Companies (collectively, “Plutus Security Incidents”); (c) The Plutus Group Companies (i) maintain commercially reasonable disaster recovery plans, procedures and facilities sufficient for their businesses; and (ii) have fully remediated all “high” or “critical” and other material threats, risks and deficiencies identified in data security risk assessments, audits and penetration tests performed since the Reference Date by or for the Plutus Group Companies. (d) There are no Legal Proceedings, whether from a Governmental Entity or any other Person, pending (or, to the Knowledge of P▇▇▇▇▇, threatened in writing) against, any Plutus Group Company alleging a violation of any of the Plutus Privacy Requirements.

Data Privacy and Cybersecurity. Except as would not, individually or in the aggregate, be material to the Plutus DWM Group Companies, taken as a whole: (a) The Plutus DWM Group Companies are, and since the Reference Date have been, in compliance in all material respects with all Plutus DWM Privacy Requirements and all applicable Privacy Laws. (i) Since the Reference Date, the Plutus DWM Group Companies have taken commercially reasonable measures to protect the integrity, continuous operation and physical and electronic security of the Plutus DWM IT Systems (including Plutus DWM Data); (ii) the Plutus DWM IT Systems are functional, operate in a reasonable manner, and are in sufficiently good working condition for the operation of the businesses of the Plutus DWM Group Companies; (iii) the Plutus DWM IT Systems are free of any viruses, worms, Trojan horses, bugs, faults or other devices, errors, contaminants or code that could materially disrupt or materially and adversely affect the functionality of the Plutus DWM IT Systems; and (iv) since the Reference Date, there have been no material breaches, outages, misuses or intrusions of any Plutus DWM IT System, nor any loss, theft, compromise or damage of, breach of security with respect to, or unauthorized access to, or rendering unavailable or inaccessible of any Plutus DWM Data Processed by or on behalf of the Group Companies (collectively, “Plutus DWM Security Incidents”);. (c) The Plutus DWM Group Companies (i) maintain commercially reasonable disaster recovery plans, procedures and facilities sufficient for their businesses; businesses and (ii) have fully remediated all “high” or “critical” and other material threats, risks and deficiencies identified in data security risk assessments, audits and penetration tests performed since the Reference Date by or for the Plutus DWM Group Companies. (d) There are no Legal Proceedings, whether from a Governmental Entity or any other Person, pending (or, to the Knowledge of P▇▇▇▇▇DWM, threatened in writing) against, any Plutus DWM Group Company alleging a violation of any of the Plutus DWM Privacy Requirements.

Data Privacy and Cybersecurity. Except as would not, individually or in the aggregate, be material to the Plutus Target Group Companies, taken as a whole: (a) The Plutus Target Group Companies are, and since the Reference Date have been, in compliance in all material respects with all Plutus Target Privacy Requirements and all applicable Privacy Laws. (i) Since the Reference Date, the Plutus Target Group Companies have taken commercially reasonable measures to protect the integrity, continuous operation and physical and electronic security of the Plutus Target IT Systems (including Plutus Target Data); (ii) the Plutus Target IT Systems are functional, operate in a reasonable manner, and are in sufficiently good working condition for the operation of the businesses of the Plutus Target Group Companies; (iii) the Plutus Target IT Systems are free of any viruses, worms, Trojan horses, bugs, faults or other devices, errors, contaminants or code that could materially disrupt or materially and adversely affect the functionality of the Plutus Target IT Systems; and (iv) since the Reference Date, there have been no material breaches, outages, misuses or intrusions of any Plutus Target IT System, nor any loss, theft, compromise or damage of, breach of security with respect to, or unauthorized access to, or rendering unavailable or inaccessible of any Plutus Target Data Processed by or on behalf of the Group Companies (collectively, “Plutus Target Security Incidents”);. (c) The Plutus Target Group Companies (i) maintain commercially reasonable disaster recovery plans, procedures and facilities sufficient for their businesses; businesses and (ii) have fully remediated all “high” or “critical” and other material threats, risks and deficiencies identified in data security risk assessments, audits and penetration tests performed since the Reference Date by or for the Plutus Target Group Companies. (d) There are no Legal Proceedings, whether from a Governmental Entity or any other Person, pending (or, to the Knowledge of P▇▇▇▇▇the Target, threatened in writing) against, any Plutus Target Group Company alleging a violation of any of the Plutus Target Privacy Requirements.

Data Privacy and Cybersecurity. Except as would not, individually or in the aggregate, be material to the Plutus ICLK Group Companies, taken as a whole: (a) The Plutus ICLK Group Companies are, and since the Reference Date have been, in compliance in all material respects with all Plutus ICLK Privacy Requirements and all applicable Privacy Laws. (b) (i) Since the Reference Date, the Plutus ICLK Group Companies have taken commercially reasonable measures to protect the integrity, continuous operation and physical and electronic security of the Plutus ICLK IT Systems (including Plutus ICLK Data); (ii) the Plutus ICLK IT Systems are functional, operate in a reasonable manner, and are in sufficiently good working condition for the operation of the businesses of the Plutus ICLK Group Companies; (iii) the Plutus ICLK IT Systems are free of any viruses, worms, Trojan horses, bugs, faults or other devices, errors, contaminants or code that could materially disrupt or materially and adversely affect the functionality of the Plutus ICLK IT Systems; and (iv) since the Reference Date, there have been no material breaches, outages, misuses or intrusions of any Plutus ICLK IT System, nor any loss, theft, compromise or damage of, breach of security with respect to, or unauthorized access to, or rendering unavailable or inaccessible of any Plutus ICLK Data Processed by or on behalf of the Group Companies (collectively, “Plutus ICLK Security Incidents”); (c) The Plutus ICLK Group Companies Companies (i) maintain commercially reasonable disaster recovery plans, procedures and facilities sufficient for their businesses; and (ii) have fully remediated all “high” or “critical” and other material threats, risks and deficiencies identified in data security risk assessments, audits and penetration tests performed since the Reference Date by or for the Plutus ICLK Group Companies. (d) There are no Legal Proceedings, whether from a Governmental Entity or any other Person, pending (or, to the Knowledge of P▇▇▇▇▇ICLK, threatened in writing) against, any Plutus ICLK Group Company alleging a violation of any of the Plutus ICLK Privacy Requirements.