Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) and the European Union General Data Protection Regulation (“GDPR”) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) any information that relates to an identified or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Laws. The Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to applicable laws and regulatory rules or requirements, and no disclosure made pursuant to any Policy has, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) , and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply withtaken, and take appropriate currently take, commercially reasonable steps reasonably designed to ensure compliance in all material respects with their policies and procedures Privacy Laws relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (that the “Policies”)Company has collected, and collects, or is in the Company’s possession. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other piece of information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Lawssexual orientation. The Company and its subsidiaries since inception have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant users or customers required by applicable Privacy Laws, except where the failure to applicable laws and regulatory rules do so would not, individually or requirementsin the aggregate, and no disclosure have a Material Adverse Effect. None of such disclosures made pursuant to any Policy hashave been inaccurate, to the knowledge of the Companymisleading, been inaccurate deceptive or in violation of any applicable laws and regulatory rules or requirements Privacy Laws in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “, HITECH Act”) , and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company provides accurate notice of its Policies then in effect to its customers, employees, third party vendors and representatives in material compliance with Privacy Laws. Each of the Company Policies provides accurate and sufficient notice of the Company’s privacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other piece of information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Lawssexual orientation. The Company execution, delivery and its subsidiaries have at all times made all required disclosures performance of this Agreement or any other agreement referred to and obtained all necessary consents from individuals pursuant to applicable laws and regulatory rules or requirements, and no disclosure made pursuant to any Policy has, to the knowledge in this Agreement will not result in a breach of the Company, been inaccurate or in violation of any applicable laws and regulatory rules Privacy Laws or requirements in any material respectPolicies. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “, HITECH Act”) , and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”)Policies”).The Company provides accurate notice of its Policies then in effect to its customers, employees, third party vendors and representatives in material compliance with Privacy Laws. Each of the Company Policies provides accurate and sufficient notice of the Company’s privacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other piece of information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Lawssexual orientation. The Company execution, delivery and its subsidiaries have at all times made all required disclosures performance of this Agreement or any other agreement referred to and obtained all necessary consents from individuals pursuant to applicable laws and regulatory rules or requirements, and no disclosure made pursuant to any Policy has, to the knowledge in this Agreement will not result in a breach of the Company, been inaccurate or in violation of any applicable laws and regulatory rules Privacy Laws or requirements in any material respectPolicies. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and at all prior times werefor the past four (4) years have been, in material compliance with all applicable data privacy and security laws and regulations, including without limitation to the Health Insurance Portability and Accountability Act of 1996 (“extent applicable, the California Consumer Privacy Act, HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “, HITECH Act”) , and the European Union General Data Protection Regulation (“GDPR”) (collectivelyEU 2016/679) (and all other applicable laws and regulations governing the data privacy and security of Personal Data (defined below)(collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate commercially reasonable steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). Each of the Company Policies has been designed to provide accurate and sufficient notice of the Company’s then-current privacy practices relating to its subject matter. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person sexual orientation. Except as would not, individually or otherwise constitutes personally identifiable informationin the aggregate, personal informationreasonably be expected to have a Material Adverse Effect, personal data or similar information protected by Privacy Laws. The (i) for the past four (4) years, the Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to applicable laws and regulatory rules users or requirementscustomers required by Privacy Laws, and no disclosure made pursuant to any Policy has, (ii) to the knowledge of the Company, none of such disclosures have been inaccurate inaccurate, misleading, deceptive or in violation of any applicable laws Privacy Laws; and regulatory rules (iii) the execution, delivery and performance of this Agreement or requirements any other agreement referred to in this Agreement will not result in a breach of violation of any material respectPrivacy Laws or Policies. The During the past four (4) years, neither the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential material liability under or relating to, or actual or potential material violation of, of any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at are in compliance in all prior times were, in material compliance respects with all applicable state, federal and international data privacy, security and, with respect to data privacy and security security, consumer protection laws and regulations, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) , and since May 25, 2018, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”), except to the extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. To ensure compliance with the Privacy LawsExcept as would not reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries (i) have in place, comply complies with, and take appropriate takes reasonable steps reasonably designed to ensure compliance in all material respects with their its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”), and (ii) implement and maintain (I) information technology and equipment, computer systems, networks, software, websites, applications, and databases (collectively, “IT Systems”) commercially reasonable for the operation of the business of the Company as currently conducted and (II) commercially reasonable controls and safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data within its operational control used in connection with its businesses. “Personal Data” means means, as applicable, (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or relates to an identified person’s health or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Lawssexual orientation. The Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to users or customers required by applicable laws and regulatory rules or requirementsPrivacy Laws, and no disclosure none of such disclosures made pursuant to or contained in any Policy has, to the knowledge privacy policy of the Company, Company have been inaccurate or in violation of any applicable laws Privacy Laws, except in each case as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any subsidiaryits subsidiaries: (i) has have not received written notice of any actual or potential material liability of the Company relating to, security or data privacy breaches or other unauthorized or improper access to, use of or destruction of its confidential information or Personal Data, or under or relating to, or to any actual or potential material violation by the Company of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is are not currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action required by any governmental entity pursuant to any Privacy Law, other than in the ordinary course of business; or (iii) is are not a party to any order, decree, or agreement with any governmental entity that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at comply in all prior times were, in material compliance respects with all applicable state and federal data privacy and security laws and regulations, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) and the (42 U.S.C. Section 17921 et seq.), European Union Union’s General Data Protection Regulation 2016/679 (“EU GDPR”), the EU GDPR as it forms part of United Kingdom (“UK”) law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”), and the California Consumer Protection Act of 2018, as amended by the California Privacy Rights Act of 2020, (“CPRA”) (collectively, “CCPA”); and all applicable laws and regulations with respect to Personal Data and that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the The Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance comply in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). As used in this Agreement, “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail email address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personal information,” “personally identifying information,” or similar term as defined under the Federal Trade Commission Act, as amendedAct or Privacy Laws; (iii) Protected Health Information as defined by HIPAA; and (iv) any other piece of information that relates to an identified allows the identification of such natural person, or identifiable natural person his or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Lawsher family. The Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to users or customers required by applicable laws and regulatory rules or requirements, and no disclosure none of such disclosures made pursuant to or contained in any Policy hashave, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy LawsLaw, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in compliance in all material compliance respects with all applicable state, federal and international data privacy privacy, security and security consumer protection laws and regulations, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) ), and their implementing regulations; and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”), except to the extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take commercially appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR; and (v) any other piece of information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Lawssexual orientation. The Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to users or customers required by applicable laws and regulatory rules or requirements, and no disclosure none of such disclosures made pursuant to or contained in any Policy hashave, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential material liability liability, including, but not limited to, security or data privacy breaches or other unauthorized or improper access to, use of or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law, other than in the ordinary course of business; or (iii) is a party to any order, decree, or agreement with any governmental entity that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and at all prior times werefor the past four (4) years have been, in material compliance with all applicable data privacy and security laws and regulations, including without limitation to the Health Insurance Portability and Accountability Act of 1996 (“extent applicable, the California Consumer Privacy Act, HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “, HITECH Act”) , and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations governing the data privacy and security of Personal Data (defined below) (collectively, the “Privacy Laws”)). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate commercially reasonable steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). Each of the Company Policies has been designed to provide accurate and sufficient notice of the Company’s then-current privacy practices relating to its subject matter. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person sexual orientation. Except as would not, individually or otherwise constitutes personally identifiable informationin the aggregate, personal informationreasonably be expected to have a Material Adverse Effect, personal data or similar information protected by Privacy Laws. The (i) for the past four (4) years, the Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to applicable laws and regulatory rules users or requirementscustomers required by Privacy Laws, and no disclosure made pursuant to any Policy has, (ii) to the knowledge of the Company, none of such disclosures have been inaccurate inaccurate, misleading, deceptive or in violation of any applicable laws Privacy Laws; and regulatory rules (iii) the execution, delivery and performance of this Agreement or requirements any other agreement referred to in this Agreement will not result in a breach of violation of any material respectPrivacy Laws or Policies. The During the past four (4) years, neither the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential material liability under or relating to, or actual or potential material violation of, of any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and at all prior times werefor the past four (4) years have been, in material compliance with all applicable data privacy and security laws and regulations, including without limitation to the Health Insurance Portability and Accountability Act of 1996 (“extent applicable, the California Consumer Privacy Act, HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “, HITECH Act”) , and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations governing the data privacy and security of Personal Data (defined below) (collectively, the “Privacy Laws”)). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate commercially reasonable steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). Each of the Company Policies has been designed to provide accurate and sufficient notice of the Company’s then-current privacy practices relating to its subject matter. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person sexual orientation. Except as would not, individually or otherwise constitutes personally identifiable informationin the aggregate, personal informationreasonably be expected to have a Material Adverse Effect, personal data or similar information protected by Privacy Laws. The (i) for the past four (4) years, the Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to applicable laws and regulatory rules users or requirementscustomers required by Privacy Laws, and no disclosure made pursuant to any Policy has, (ii) to the knowledge of the Company, none of such disclosures have been inaccurate inaccurate, misleading, deceptive or in violation of any applicable laws Privacy Laws; and regulatory rules (iii) the execution, delivery and performance of this Agreement or requirements any other agreement referred to in this Agreement will not result in a breach of violation of any material respectPrivacy Laws or Policies. The During the past four (4) years, neither the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential material liability under or relating to, or actual or potential material violation of, of any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any regulatory authority under any Privacy Law.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times during the last three years were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) , as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) and (42 U.S.C. Section 17921 et seq.); the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679); and the Company and its subsidiaries have taken all necessary actions to prepare to comply with and all other applicable laws and regulations with respect to Personal Data that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability as soon they take effect (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). At all times since inception, the Company has provided accurate notice of its Policies then in effect to its customers, employees, third party vendors and representatives. Each of the Company Policies provides accurate and sufficient notice of the Company’s then-current privacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s then-current privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other piece of information that relates allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Lawssexual orientation. The Company and its subsidiaries since inception have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to users or customers required by applicable laws and regulatory rules or requirements, and no disclosure has provided accurate notice of its Policies then in effect to its customers, employees, third party vendors and representatives. None of such disclosures made pursuant to or contained in any Policy has, to the knowledge of the CompanyPolicies have been inaccurate, been inaccurate misleading, deceptive or in violation of any applicable laws and regulatory rules Privacy Laws or requirements Policies in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws or Policies. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times since inception were, in material compliance with all applicable data privacy and data security laws and regulations, including without limitation HIPAA, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) and , the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679), and the California Consumer Privacy Act (“CCPA”) (and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability) (collectively, the “Privacy Laws”). To ensure support compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their with, policies and procedures relating to data privacy and data security and the collection, storage, use, disclosure, handling, and analysis of Personal Sensitive Data (the “Policies”). At all times since inception, the Company has provided accurate notice of its Policies then in effect to its customers, employees, third party vendors and representatives. Each of the Company Policies provides accurate and sufficient notice of the Company’s then-current privacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s then-current privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; and (iv) any information that relates to an identified or identifiable natural person or otherwise constitutes personally identifiable information, personal information, personal data or similar information protected by Privacy Laws. The Company and its subsidiaries have at all times made all required disclosures to and obtained all necessary consents from individuals pursuant to applicable laws and regulatory rules or requirements, and no disclosure made pursuant to any Policy has, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential material violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.Commission