Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. To the Company's knowledge, the Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) ("PIPEDA"), and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("GDPR") (EU 2016/679) (collectively, the "Privacy Laws"). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling of Personal Data (the "Policies"). "Personal Data" means (i) a natural person's name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "personally identifying information" under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" as defined by P▇▇▇▇▇; (iv) "personal data" as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's health or sexual orientation. The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) ("“PIPEDA"”), ; and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; (iv) "“personal information”, “personal health information”. and “business contact information” as defined by PIPEDA; (v) “personal data" ” as defined by GDPR; and (vvi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation the Personal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Protection Technology for Economic and Electronic Documents Clinical Health Act (S.C. 2000, c. 5) ("PIPEDA"), and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("GDPR") (EU 2016/679“HITECH Act”) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇; (iv) "personal data" as defined by GDPRHIPAA; and (viv) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures no disclosure made or contained in pursuant to any Policy havehas, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiarysubsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, remediation or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation the Personal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Protection Technology for Economic and Electronic Documents Clinical Health Act (S.C. 2000, c. 5) ("PIPEDA"the “HITECH Act”), ; and the Company and its Subsidiaries subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) ), the California Consumer Protection Act of 2018 and all other applicable laws and regulations with respect to Personal Data and that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; (iv) "“personal data" ” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiarysubsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation the Personal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Protection Technology for Economic and Electronic Documents Clinical Health Act (S.C. 2000, c. 5) ("PIPEDA"), and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("GDPR") (EU 2016/679“HITECH Act”) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇; (iv) "personal data" as defined by GDPRHIPAA; and (viv) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiaryof its subsidiaries: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any unauthorized use or disclosure of Personal Data or any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times werehave been, in material compliance with all applicable state laws and federal regulations relating to data privacy and security laws and regulations Sensitive Data (defined below) that have been in effect and that have been announced as of the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadadate hereof as becoming effective within 15 months after the date hereof, including without limitation the Personal Information Protection and Electronic Documents California Consumer Privacy Act (S.C. 2000, c. 5) ("PIPEDA"“CCPA”), and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply withHIPAA, and have been and currently are in compliance withHITECH Act, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) ), and the GDPR as it forms part of the law of the United Kingdom (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the The Company and its Subsidiaries subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Sensitive Data (the "“Policies"”). "At all times since inception, the Company and its subsidiaries have provided all required notices of its Policies and obtained all necessary consents from individuals. None of the disclosures made or contained in any of the Policies have been inaccurate, misleading, deceptive, incomplete, or in violation of any Privacy Laws or Policies. “Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; and (iv) "any other information that constitutes “personal data" as defined by GDPR; ”, “personal information”, “personally identifiable information”, “nonpublic personal information”, “customer proprietary network information”, “individually identifiable health information”, “protected health information”, or similar information under Privacy Laws, and (v) any other piece of information that allows the identification of such a natural person, or his or her family, device, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. “Sensitive Data” means all confidential, proprietary, or otherwise sensitive information (including Personal Data). The Company execution, delivery and its Subsidiaries have at all times made all disclosures performance of this Agreement or any other agreement referred to users or customers required by applicable laws and regulatory rules or requirements, and none in this Agreement will not result in a breach of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules Privacy Laws or requirements in any material respectPolicies. The Neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event fact, event, or condition that would reasonably be expected to result in any such notice; (ii) is currently participating in, subject to, conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times werewithin the past three years have been, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy privacy, security and security consumer protection laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation applicable requirements of the Personal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Protection Technology for Economic and Electronic Documents Clinical Health Act (S.C. 2000collectively, c. 5“HIPAA”) ("PIPEDA"), and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure facilitate compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, place and take appropriate commercially reasonable steps reasonably designed to ensure compliance comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" under identifiable” information as applied by the Federal Trade Commission Act, as amendedCommission; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; (iv) "“personal data" ” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries subsidiaries have at all times during the past three years made all disclosures to users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any Policy such disclosures have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. The Within the past three years, neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (i) has received notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law. Any certificate signed by or on behalf of the Company and delivered to the Representatives or to counsel to the Underwriters pursuant to this Section 3 shall be deemed to be a representation and warranty by the Company to each Underwriter as to the matters covered thereby.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries areis, and at all prior times werehas been, in material compliance with all applicable state state, federal, and federal international data privacy privacy, security and security consumer protection laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation HIPAA as amended by the Personal Health Information Protection Technology for Economic and Electronic Documents Clinical Health Act (S.C. 2000, c. 5) ("PIPEDA"the “HITECH Act”), and ; the Company and its Subsidiaries have has taken commercially reasonable actions to prepare to comply with, and have since May 25, 2018, has been and currently are is in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679); and the Company has taken or will take commercially reasonable actions to prepare to comply with the California Consumer Privacy Act of 2018 (“CCPA”) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have has in place, comply complies with, and take takes appropriate steps reasonably designed to ensure compliance in all material respects with their its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; (iv) "“personal data" ” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have has at all times made all disclosures to users or customers materially required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiaryit: (i) has not received written notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of its IT Systems and Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or and (iii) is not a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) ("PIPEDA"), “PIPEDA”); and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; amended; (iii) "Protected Health Information as defined by HIPAA; (iv) “personal information"”, "“personal health information"”. and "“business contact information" ” as defined by P▇▇▇▇▇; PIPEDA; (ivv) "“personal data" ” as defined by GDPR; GDPR; and (vvi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the knowledge of the Company's knowledge, the Company and its Subsidiaries subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy privacy, security and security consumer protection laws and regulations in regulations, including, without limitation, applicable requirements of the United StatesHealth Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Clinical Health Act (S.C. 2000collectively, c. 5) ("PIPEDA"“HIPAA”), ; and the Company and its Subsidiaries subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure compliance with the extent required by the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, place and take appropriate commercially reasonable steps reasonably designed to ensure compliance comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "Policies")Data. "“Personal Data" ” means (iA) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (iiB) any information which would qualify as "“personally identifying information" under identifiable” information as applied by the Federal Trade Commission Act, as amendedCommission; (iiiC) "personal information", "personal health information". and "business contact information" “Protected Health Information,” as defined by P▇▇▇▇▇HIPAA; (ivD) "“personal data" ,” as defined by GDPR; and (vE) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have subsidiaries have, at all times prior hereto, made all material disclosures to users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any Policy such disclosures have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. The Neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (i1) has received written notice of any actual or potential liability alleged liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of to the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii2) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii3) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) ("“PIPEDA"”), ; and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "“personal information"”, "“personal health information"”. and "“business contact information" ” as defined by P▇▇▇▇▇▇; (iv) "“personal data" ” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation the Personal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Protection Technology for Economic and Electronic Documents Clinical Health Act (S.C. 2000, c. 5) ("PIPEDA"the “HITECH Act”), ; and the Company and its Subsidiaries subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; (iv) "“personal data" ” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiarysubsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times werehave been, in material compliance with all applicable state laws and federal regulations relating to data privacy and security laws and regulations Sensitive Data (defined below) that have been in effect and that have been announced as of the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadadate hereof as becoming effective within 12 months after the date hereof, including without limitation the Personal Information Protection and Electronic Documents California Consumer Privacy Act (S.C. 2000, c. 5) ("PIPEDA"“CCPA”), and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply withHIPAA, and have been and currently are in compliance withHITECH Act, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) ), and the GDPR as it forms part of the law of the United Kingdom (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the The Company and its Subsidiaries subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Sensitive Data (the "“Policies"”). "At all times since inception, the Company and its subsidiaries have provided all required notices of its Policies and obtained all necessary consents from individuals. None of the disclosures made or contained in any of the Policies have been inaccurate, misleading, deceptive, incomplete, or in violation of any Privacy Laws or Policies. “Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; and (iv) "any other information that constitutes “personal data" as defined by GDPR; ”, “personal information”, “personally identifiable information”, “nonpublic personal information”, “customer proprietary network information”, “individually identifiable health information”, “protected health information”, or similar information under Privacy Laws, and (v) any other piece of information that allows the identification of such a natural person, or his or her family, device, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. “Sensitive Data” means all confidential, proprietary, or otherwise sensitive information (including Personal Data). The Company execution, delivery and its Subsidiaries have at all times made all disclosures performance of this Agreement or any other agreement referred to users or customers required by applicable laws and regulatory rules or requirements, and none in this Agreement will not result in a breach of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules Privacy Laws or requirements in any material respectPolicies. The Neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event fact, event, or condition that would reasonably be expected to result in any such notice; (ii) is currently participating in, subject to, conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy privacy, security and security consumer protection laws and regulations in regulations, including, without limitation, applicable requirements of the United StatesHealth Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Clinical Health Act (S.C. 2000collectively, c. 5) ("PIPEDA"“HIPAA”), ; and the Company and its Subsidiaries subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure facilitate compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, place and take appropriate commercially reasonable steps reasonably designed to ensure compliance comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (iA) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (iiB) any information which would qualify as "“personally identifying information" under identifiable” information as applied by the Federal Trade Commission Act, as amendedCommission; (iiiC) "personal information", "personal health information". and "business contact information" “Protected Health Information,” as defined by P▇▇▇▇▇HIPAA; (ivD) "“personal data" ,” as defined by GDPR; and (vE) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have subsidiaries have, at all times prior hereto, made all material disclosures to users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any Policy such disclosures have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. The Neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (i1) has received notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii2) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii3) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries Subsidiary are, and at all prior times were, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy and data security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation HIPAA and the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) ("PIPEDA")HITECH Act, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) ), and the Company and its Subsidiary are currently or have taken commercially reasonable actions to comply with the California Consumer Protection Act of 2018 (collectively, the "“Privacy Laws"”). To ensure address compliance with the Privacy Laws, the Company and its Subsidiaries Subsidiary have in place, comply with, and take appropriate commercially reasonable steps reasonably designed to ensure achieve compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and transfer of Personal Data (the "Policies")Data. "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); (iv) "“personal data" ” as defined by GDPR; and (v) any other piece of information that allows the identification of identifies such natural person. At all times, or his or her family, or permits the collection or analysis of any data related to an identified person's health or sexual orientation. The Company and its Subsidiaries Subsidiary have at all times made all disclosures to users or customers required by applicable laws Privacy Laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that (a) neither it nor any Subsidiarysubsidiary at any time: (i) has received written notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of its Personal Data owned or controlled by the Company or its Subsidiary, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) other than pursuant to its ongoing compliance efforts in the ordinary course of business, is currently conducting conducting, subject to, or paying forpaying, in whole or in part, any material investigation, remediation, or other corrective action pursuant to resulting from the Company’s or its Subsidiary’s non-compliance with any Privacy Law; or (iii) is a party to any order, decree, settlement agreement, or agreement judgment from a governmental entity that imposes any obligation or liability under any Privacy Law; and (b) it is not aware of any specific events rendering any of the foregoing reasonably likely to occur.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times were, since their inception have been in material compliance with all applicable state and state, federal or foreign data privacy and security laws and regulations in regulations, including, without limitation, the United States, Health Insurance Portability and all applicable provincial Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Clinical Health Act (S.C. 2000the “HITECH Act”), c. 5) the California Consumer Privacy Act of 2018 ("PIPEDA"“CCPA”), and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure compliance with the Privacy Laws, the Company and each of its Subsidiaries subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their internal and external policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇HIPAA; (iv) "“personal data" ” as defined by the GDPR; (v) “personal information” as defined by the CCPA; and (vvi) any other piece of information that allows the identification of such natural person, or his or her familyfamily or household, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries subsidiaries have at all times made all disclosures to users or customers individuals required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate inaccurate, misleading, deceptive or in violation of any applicable laws and regulatory rules or requirements in any material respect. The execution, delivery, and performance of this Agreement, will not result in a breach or violation of any Privacy Law or Policies. The Company further certifies that neither it nor any Subsidiary: and its subsidiaries (i) has have not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or and (iii) is are not a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all prior times were, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy and data security laws and regulations in the United States, and all applicable provincial and federal data privacy and security laws and regulations in Canadaregulations, including without limitation HIPAA and the Personal Information HITECH Act, and the European Union General Data Protection and Electronic Documents Act Regulation (S.C. 2000, c. 5“GDPR”) ("PIPEDA"EU 2016/679), and the Company and its Subsidiaries subsidiaries are currently or have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, with the European Union General Data California Consumer Protection Regulation Act of 2018 ("GDPR") (EU 2016/679“CCPA”) (collectively, the "“Privacy Laws"”). To ensure address compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, and take appropriate commercially reasonable steps reasonably designed to ensure achieve compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and transfer of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" ” under the Federal Trade Commission Act, as amended; (iii) "personal information", "personal health information". and "business contact information" Protected Health Information as defined by P▇▇▇▇▇the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); (iv) "“personal data" ” as defined by GDPR; and (v) any other piece of information that allows the identification of identifies such natural person. At all times, or his or her family, or permits the collection or analysis of any data related to an identified person's health or sexual orientation. The Company and its Subsidiaries subsidiaries have at all times made all disclosures to users or customers required by applicable laws Privacy Laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that (a) neither it nor any Subsidiarysubsidiary at any time: (i) has received receive written notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of its Personal Data owned or controlled by the Company or its subsidiaries, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) other than pursuant to its ongoing compliance efforts in the ordinary course of business, is currently conducting conducting, subject to, or paying forpaying, in whole or in part, any material investigation, remediation, or other corrective action pursuant to resulting from the Company’s or its subsidiaries’ non-compliance with any Privacy Law; or (iii) is a party to any order, decree, settlement agreement, or agreement judgment from a governmental entity that imposes any obligation or liability under any Privacy Law; and (b) it is not aware of any specific events rendering any of the foregoing reasonably likely to occur.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy privacy, security and security consumer protection laws and regulations in regulations, including, without limitation, applicable requirements of the United StatesHealth Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Clinical Health Act (S.C. 2000collectively, c. 5) ("PIPEDA"“HIPAA”), ; and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure facilitate compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, place and take appropriate commercially reasonable steps reasonably designed to ensure compliance comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" under identifiable” information as applied by the Federal Trade Commission Act, as amendedCommission; (iii) "personal information", "personal health information". and "business contact information" “Protected Health Information,” as defined by P▇▇▇▇▇HIPAA; (iv) "“personal data" ,” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have have, at all times prior hereto, made all material disclosures to users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any Policy such disclosures have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. The Neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (iA) has received written notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (iiB) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iiiC) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy privacy, security and security consumer protection laws and regulations in regulations, including, without limitation, applicable requirements of the United StatesHealth Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Clinical Health Act (S.C. 2000collectively, c. 5) ("PIPEDA"“HIPAA”), ; and the Company and its Subsidiaries subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure facilitate compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, place and take appropriate commercially reasonable steps reasonably designed to ensure compliance comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "“Policies"”). "“Personal Data" ” means (i) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as "“personally identifying information" under identifiable” information as applied by the Federal Trade Commission Act, as amendedCommission; (iii) "personal information", "personal health information". and "business contact information" “Protected Health Information,” as defined by P▇▇▇▇▇HIPAA; (iv) "“personal data" ,” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have subsidiaries have, at all times prior hereto, made all material disclosures to users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any Policy such disclosures have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. The Neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (iA) has received notice of any actual or potential liability liability, including, but not limited to security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (iiB) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iiiC) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. To the Company's knowledge, the The Company and its Subsidiaries subsidiaries are, and at all times prior times werehereto have been, in compliance in all material compliance respects with all applicable state state, federal, and federal international data privacy privacy, security and security consumer protection laws and regulations in regulations, including, without limitation, applicable requirements of the United StatesHealth Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Clinical Health Act (S.C. 2000collectively, c. 5) ("PIPEDA"“HIPAA”), ; and the Company and its Subsidiaries subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance in all material respects with, the European Union General Data Protection Regulation ("“GDPR"”) (EU 2016/679) (collectively, the "“Privacy Laws"”). To ensure facilitate compliance with the Privacy Laws, the Company and its Subsidiaries subsidiaries have in place, comply with, place and take appropriate commercially reasonable steps reasonably designed to ensure compliance comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling handling, and analysis of Personal Data (the "Policies")Data””. "“Personal Data" ” means (iA) a natural person's ’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver's ’s license number, passport number, credit card number, bank information, or customer or account number; (iiB) any information which would qualify as "“personally identifying information" under identifiable” information as applied by the Federal Trade Commission Act, as amendedCommission; (iiiC) "personal information", "personal health information". and "business contact information" “Protected Health Information,” as defined by P▇▇▇▇▇HIPAA; (ivD) "“personal data" ,” as defined by GDPR; and (vE) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person's ’s health or sexual orientation. The Company and its Subsidiaries have subsidiaries have, at all times prior hereto, made all material disclosures to users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and none of such disclosures made or contained in any Policy such disclosures have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. The Neither the Company further certifies that neither it nor any Subsidiarysubsidiary: (i1) has received written notice of any actual liability, including, but not limited to security or potential liability data privacy breaches or other unauthorized access to, use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii2) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii3) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.