Common use of Data Privacy and Cybersecurity Clause in Contracts

Data Privacy and Cybersecurity. (a) Except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Studio Material Adverse Effect, since January 1, 2022: (i) the Studio Entities and their respective Subsidiaries have complied in all material respects with all applicable Laws, and their respective published policies and contractual obligations, in each case, concerning data privacy and data security (“Privacy Commitments”); and (ii) the Studio Entities and their respective Subsidiaries have not received any notice of any claims, investigations or alleged violations of such Privacy Commitments. (b) The Studio Entities and their respective Subsidiaries have implemented commercially reasonable security measures regarding the collection, use, disclosure, retention, processing, transfer, confidentiality, integrity and availability of Personal Information in its control and the integrity and availability of the Studio Entities’ IT Assets. Except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Studio Material Adverse Effect, (i) since January 1, 2022, the Studio Entities and their respective Subsidiaries have not experienced any information security incident that has compromised the integrity or availability of their respective IT Assets, or the confidentiality, integrity and availability of the data thereon, and (ii) the Studio Entities’ and their respective Subsidiaries’ IT Assets do not contain any “time bombs,” “Trojan horses,” “back doors,” “trap doors,” worms, viruses, spyware, keylogger software or other vulnerability, faults or malicious code or damaging devices designed or reasonably expected to adversely impact the functionality of or permit unauthorized access to, or to disable or otherwise harm, any information technology or software applications.

Data Privacy and Cybersecurity. (a) Except as has not had and would not reasonably be expected to have, have (individually or in the aggregate, ) a Studio Material Adverse Effect, since January 1, 2022: the Company Entities (i) have a privacy policy (the Studio “Privacy Policy”) regarding the collection, disclosure and use of Personal Data in connection with the operation of the business of the Company Entities and their respective Subsidiaries are and in the past three years have complied been in all material respects compliance with such Privacy Policy and (ii) are or have been in the past three years in compliance with all applicable Privacy Laws, Contracts and their respective published policies and contractual obligationsbinding industry standards to which the Company is a party, in each case, concerning regarding the collection, processing, security, transmission, storage and destruction of Personal Data as well as data privacy loss, theft and data breach of security notification obligations (collectively, the “Privacy CommitmentsRequirements”); . The execution, delivery and (ii) the Studio Entities and their respective Subsidiaries have performance of this Agreement does not received violate any notice of Privacy Requirements as they currently exist in any claims, investigations or alleged violations of such Privacy Commitmentsmaterial respect. (b) The Studio Entities and their respective Subsidiaries have implemented commercially reasonable security measures regarding the collection, use, disclosure, retention, processing, transfer, confidentiality, integrity and availability of Personal Information in its control and the integrity and availability of the Studio Entities’ IT Assets. Except as has not had and would not reasonably be expected to have, have (individually or in the aggregate, ) a Studio Material Adverse Effect, (i) since January 1the Company Entities have commercially reasonable physical, 2022technical, the Studio Entities organizational and their respective Subsidiaries have not experienced any information administrative security incident that has compromised measures and policies in place designed to protect the integrity or availability of their respective IT Assets, or the confidentiality, integrity and availability security of the IT Assets and any Personal Data processed by the Company Entities in the operation of the Business, and to prevent unlawful or unauthorized access, use, modification or disclosure of all such Personal Data and confidential data thereoncollected, received and stored by them and (ii) except as set forth on Section 3.16(b) of the Studio Seller Disclosure Schedule, (x) the Company Entities maintain commercially reasonable backup and data recovery, disaster recovery and business continuity plans, procedures and facilities; and act in compliance therewith and (y) such plans and procedures have been proven effective in all material respects upon testing. (c) Except as would not reasonably be expected to have (individually or in the aggregate) a Material Adverse Effect, (i) there has not been in the past three years, and there is currently no, judicial, administrative or arbitral action, suit, demand, claim, arbitration, litigation, hearing, examination, complaint, audit, charge, review, indictment, litigation, investigation or other proceeding, whether public or private, by or before a Governmental Authority or arbiter pending or threatened in writing, against the Company Entities relating to alleged non-compliance with the Privacy Requirements, the collection or use of Personal Data by the Company Entities in the operation of the Business or the security practices of the Company Entities and (ii) except as set forth on Section 3.16(c) of the Seller Disclosure Schedule, in the last three years, there has been no material unlawful or unauthorized access, use, intrusion or breach of security of any IT Assets or Personal Data, or failure, breakdown, performance reduction or other adverse event relating thereto, that required any Company Entity to notify any Person or Governmental Authority or that has caused any substantial: (x) disruption of or interruption in or to the use of the IT Assets or the conduct of the business of the Company Entities; (y) loss or destruction of or damage or harm to the Company Entities or their operations, personnel, property, or other assets; or (z) loss, damage or unauthorized access, disclosure, use or breach of security of any Personal Data in the Company Entities’ and their respective Subsidiaries’ IT Assets do not contain any “time bombs,” “Trojan horses,” “back doors,” “trap doors,” wormspossession, viruses, spyware, keylogger software custody or other vulnerability, faults or malicious code or damaging devices designed or reasonably expected to adversely impact the functionality of or permit unauthorized access tocontrol, or to disable otherwise held or otherwise harm, any information technology or software applicationsprocessed on their behalf.

Data Privacy and Cybersecurity. (a) The conduct of the Business by the Sellers and their Affiliates, and the Processing by them or, to the Knowledge of the Sellers, by third parties on their behalf, of any Personal Information related to the Business, are, and have since January 1, 2020, been in material compliance with (i) applicable Privacy Laws, (ii) all applicable contractual obligations relating to the Processing of Personal Information and (iii) their respective privacy policies (collectively, “Privacy Obligations”). Since January 1, 2020, with respect to the Business, none of the Sellers or their Affiliates have received any written notice or claim (including any communication from any Governmental Entity) alleging any material non-compliance with any Privacy Obligations and, to Knowledge of the Sellers, no such claim is threatened. (b) Except as has not had and would not reasonably be expected to havenot, individually or in the aggregate, a Studio Material Adverse Effectreasonably be expected to be material to the Business, since January 1, 2022: there has been no (i) material failure or malfunction of any Transferred IT Assets which has caused any material disruption to the Studio Entities Business or (ii) breach, unauthorized access to or unauthorized use of any Transferred IT Assets (including ransomware attacks) which resulted in the unauthorized use, theft, rendering unavailable or not accessible, disclosure or transfer of any information or data contained therein or transmitted thereby (including Trade Secrets and Personal Information). No disclosure of any such misuse, intrusion, breach or other incident has been or should have been made by Sellers or any of their Affiliates to any Person or Governmental Entity. (c) Except as would not, individually or in the aggregate, reasonably be expected to be material to the Business, Sellers and their respective Subsidiaries Affiliates have complied established, implemented, tested and maintained commercially reasonable backup and disaster recovery measures, reasonably consistent with industry practices, and have implemented administrative, technical and physical safeguards that conform in all material respects with all applicable LawsPrivacy Obligations to protect the integrity, continuous operation and their respective published policies and contractual obligations, in each case, concerning data privacy and data security (“Privacy Commitments”); and (ii) of the Studio Entities and their respective Subsidiaries have not received any notice of any claims, investigations or alleged violations of such Privacy Commitments. (b) The Studio Entities and their respective Subsidiaries have implemented commercially reasonable security measures regarding the collection, use, disclosure, retention, processing, transfer, confidentiality, integrity and availability of Personal Information in its control Transferred IT Assets and the integrity information (including Trade Secrets and availability of the Studio Entities’ IT Assets. Except as has not had and would not reasonably be expected to have, individually Personal Information) contained therein or in the aggregate, a Studio Material Adverse Effect, (i) since January 1, 2022, the Studio Entities and their respective Subsidiaries have not experienced any information security incident that has compromised the integrity or availability of their respective IT Assets, or the confidentiality, integrity and availability of the data thereon, and (ii) the Studio Entities’ and their respective Subsidiaries’ IT Assets do not contain any “time bombs,” “Trojan horses,” “back doors,” “trap doors,” worms, viruses, spyware, keylogger software or other vulnerability, faults or malicious code or damaging devices designed or reasonably expected to adversely impact the functionality of or permit unauthorized access to, or to disable or otherwise harm, any information technology or software applicationstransmitted thereby.