Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and the HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have taken, and currently take, commercially reasonable steps reasonably designed to ensure compliance in all material respects with Privacy Laws relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that the Company has collected, and collects, or is in the Company’s possession. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, except where the failure to do so would not, individually or in the aggregate, have a Material Adverse Effect. None of such disclosures made have been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and the HIPAA, HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability liability) (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, comply with, and currently take, commercially reasonable take appropriate steps reasonably designed to ensure compliance in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the “Policies”).The Company provides accurate notice of its Policies then in effect to its customers, employees, third party vendors and representatives in material compliance with Privacy Laws. Each of the Company has collected, Policies provides accurate and collects, or is in sufficient notice of the Company’s possessionprivacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, except where the failure to do so would not, individually or in the aggregate, have a Material Adverse Effect. None of such disclosures made have been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy LawsLaws or Policies. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and the HIPAA, HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability liability) (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, comply with, and currently take, commercially reasonable take appropriate steps reasonably designed to ensure compliance in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the “Policies”). The Company provides accurate notice of its Policies then in effect to its customers, employees, third party vendors and representatives in material compliance with Privacy Laws. Each of the Company has collected, Policies provides accurate and collects, or is in sufficient notice of the Company’s possessionprivacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, except where the failure to do so would not, individually or in the aggregate, have a Material Adverse Effect. None of such disclosures made have been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy LawsLaws or Policies. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential material liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times during the last three years were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with ”) (42 U.S.C. Section 17921 et seq.); the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) ); and the Company and its subsidiaries have taken all necessary actions to prepare to comply with and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability as soon they take effect (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, comply with, and currently take, commercially reasonable take appropriate steps reasonably designed to ensure compliance in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the “Policies”). At all times since inception, the Company has collectedprovided accurate notice of its Policies then in effect to its customers, employees, third party vendors and collects, or is in representatives. Each of the Company Policies provides accurate and sufficient notice of the Company’s possessionthen-current privacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s then-current privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Lawslaws and regulatory rules or requirements, except where the failure and has provided accurate notice of its Policies then in effect to do so would notits customers, individually or in the aggregateemployees, have a Material Adverse Effectthird party vendors and representatives. None of such disclosures made or contained in any of the Policies have been inaccurate, misleading, deceptive or in violation of any Privacy Laws or Policies in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy LawsLaws or Policies. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and at all prior times werefor the past four (4) years have been, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and to the extent applicable, the California Consumer Privacy Act, HIPAA, HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to governing the data privacy and security of Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR). To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, comply with, and currently take, take commercially reasonable steps reasonably designed to ensure compliance in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the “Policies”). Each of the Company Policies has collected, been designed to provide accurate and collects, or is in sufficient notice of the Company’s possessionthen-current privacy practices relating to its subject matter. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, except where the failure to do so Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. None , (i) for the past four (4) years, the Company and its subsidiaries have made disclosures to users or customers required by Privacy Laws, (ii) to the knowledge of the Company, none of such disclosures made have been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respect. The Laws; and (iii) the execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy LawsLaws or Policies. The During the past four (4) years, neither the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, of any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and at all prior times werefor the past four (4) years have been, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and to the extent applicable, the California Consumer Privacy Act, HIPAA, HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to governing the data privacy and security of Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectivelybelow)(collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, comply with, and currently take, take commercially reasonable steps reasonably designed to ensure compliance in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the “Policies”). Each of the Company Policies has collected, been designed to provide accurate and collects, or is in sufficient notice of the Company’s possessionthen-current privacy practices relating to its subject matter. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, except where the failure to do so Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. None , (i) for the past four (4) years, the Company and its subsidiaries have made disclosures to users or customers required by Privacy Laws, (ii) to the knowledge of the Company, none of such disclosures made have been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respect. The Laws; and (iii) the execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy LawsLaws or Policies. The During the past four (4) years, neither the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, of any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times since inception were, in material compliance with all applicable data privacy and data security laws and regulations, including without limitation HIPAA and HIPAA, the HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679), and the California Consumer Privacy Act (“CCPA”) (and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability liability) (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material support compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, and currently take, commercially reasonable take appropriate steps reasonably designed to ensure compliance in all material respects with Privacy Laws with, policies and procedures relating to data privacy and data security and the collection, storage, use, disclosure, handling, and analysis of Personal Sensitive Data that (the “Policies”). At all times since inception, the Company has collectedprovided accurate notice of its Policies then in effect to its customers, employees, third party vendors and collects, or is in representatives. Each of the Company Policies provides accurate and sufficient notice of the Company’s possessionthen-current privacy practices relating to its subject matter and such Company Policies do not contain any material omissions of the Company’s then-current privacy practices. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, except where the failure to do so would not, individually or in the aggregate, have a Material Adverse Effect. None of such disclosures made have been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.Commission

Data Privacy and Security Laws. The Company and its subsidiaries are, and at comply in all prior times were, in material compliance respects with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) (42 U.S.C. Section 17921 et seq.), and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union Union’s General Data Protection Regulation 2016/679 (“EU GDPR”), the EU GDPR as it forms part of United Kingdom (“UK”) law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”), and the California Consumer Protection Act of 2018, as amended by the California Privacy Rights Act of 2020, (“CPRA”) (EU 2016/679) collectively, “CCPA”); and all other applicable laws and regulations with respect to Personal Data (defined below) and that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the The Company and its subsidiaries have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Lawsplace, the Company and its subsidiaries have takencomply with, and currently take, commercially reasonable take appropriate steps reasonably designed to ensure compliance comply in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the Company has collected“Policies”). As used in this Agreement, and collects, or is in the Company’s possession. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail email address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personal information,” “personally identifying information,” or similar term as defined under the Federal Trade Commission Act, as amendedAct or Privacy Laws; (iii) Protected Health Information as defined by HIPAA; and (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Lawslaws and regulatory rules or requirements, except where the failure to do so would not, individually or in the aggregate, have a Material Adverse Effect. None and none of such disclosures made have or contained in any Policy have, to the knowledge of the Company, been inaccurate, misleading, deceptive inaccurate or in violation of any Privacy Laws applicable laws and regulatory rules or requirements in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy LawsLaw, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and at all prior times werefor the past four (4) years have been, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and to the extent applicable, the California Consumer Privacy Act, HIPAA, HITECH Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (and all other applicable laws and regulations with respect to governing the data privacy and security of Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To the Company’s knowledge, since May 25, 2018, the Company and its subsidiaries have been and currently are in material compliance with the GDPR). To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, comply with, and currently take, take commercially reasonable steps reasonably designed to ensure compliance in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the “Policies”). Each of the Company Policies has collected, been designed to provide accurate and collects, or is in sufficient notice of the Company’s possessionthen-current privacy practices relating to its subject matter. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, except where the failure to do so Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. None , (i) for the past four (4) years, the Company and its subsidiaries have made disclosures to users or customers required by Privacy Laws, (ii) to the knowledge of the Company, none of such disclosures made have been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respect. The Laws; and (iii) the execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy LawsLaws or Policies. The During the past four (4) years, neither the Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability under or relating to, or actual or potential violation of, of any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any regulatory authority under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at are in compliance in all prior times were, in material compliance respects with all applicable state, federal and international data privacy, security and, with respect to data privacy and security security, consumer protection laws and regulations, including without limitation HIPAA the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the HITECH Health Information Technology for Economic and Clinical Health Act, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with since May 25, 2018, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”), except to the extent that any non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. To the Company’s knowledge, since May 25, 2018Except as would not reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries (i) have been and currently are in material compliance with the GDPR. To ensure material compliance with the Privacy Lawsplace, the Company and its subsidiaries have takencomplies with, and currently take, commercially takes reasonable steps reasonably designed to ensure compliance in all material respects with Privacy Laws its policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the “Policies”), and (ii) implement and maintain (I) information technology and equipment, computer systems, networks, software, websites, applications, and databases (collectively, “IT Systems”) commercially reasonable for the operation of the business of the Company has collectedas currently conducted and (II) commercially reasonable controls and safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and collects, or is security of all IT Systems and data within its operational control used in the Company’s possessionconnection with its businesses. “Personal Data” means means, as applicable, (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, ; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related relates to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Laws, and none of such disclosures made or contained in any privacy policy of the Company have been inaccurate or in violation of any applicable Privacy Laws, except where the failure to do so in each case as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. None of such disclosures made have been inaccurateExcept as would not, misleading, deceptive individually or in violation of any Privacy Laws in any material respect. The executionthe aggregate, delivery reasonably be expected to have a Material Adverse Effect, the Company and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws. The Company further certifies that neither it nor any subsidiaryits subsidiaries: (i) has have not received written notice of any actual or potential liability of the Company relating to, security or data privacy breaches or other unauthorized or improper access to, use of or destruction of its confidential information or Personal Data, or under or relating to, or to any actual or potential violation by the Company of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is are not currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action required by any governmental entity pursuant to any Privacy Law, other than in the ordinary course of business; or (iii) is are not a party to any order, decree, or agreement with any governmental entity that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.

Data Privacy and Security Laws. The Company and its subsidiaries are, and at all prior times were, in compliance in all material compliance respects with all applicable state, federal and international data privacy privacy, security and security consumer protection laws and regulations, including without limitation HIPAA the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), and their implementing regulations; and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) and all other applicable laws and regulations with respect to Personal Data (defined below) that have been announced as of the date hereof as becoming effective within 12 months after the date hereof, and for which any non-compliance with same would be reasonably likely to create a material liability (collectively, the “Privacy Laws”). To , except to the Company’s knowledgeextent that any non-compliance would not, since May 25individually or in the aggregate, 2018, the Company and its subsidiaries reasonably be expected to have been and currently are in material compliance with the GDPRa Material Adverse Effect. To ensure material compliance with the Privacy Laws, the Company and its subsidiaries have takenin place, comply with, and currently take, take commercially reasonable appropriate steps reasonably designed to ensure compliance in all material respects with Privacy Laws their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data that (the Company has collected, and collects, or is in the Company’s possession“Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal data” as defined by GDPR, ; and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company and its subsidiaries since inception have at all times made all disclosures to users or customers required by applicable Privacy Lawslaws and regulatory rules or requirements, except where the failure to do so would not, individually or in the aggregate, have a Material Adverse Effect. None and none of such disclosures made have or contained in any Policy have, to the knowledge of the Company, been inaccurate, misleading, deceptive inaccurate or in violation of any Privacy Laws applicable laws and regulatory rules or requirements in any material respect. The execution, delivery and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach of violation of any Privacy Laws. The Company further certifies that neither it nor any subsidiary: (i) has received written notice of any actual or potential liability liability, including, but not limited to, security or data privacy breaches or other unauthorized or improper access to, use of or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law, other than in the ordinary course of business; or (iii) is a party to any order, decree, or agreement with any governmental entity that imposes any obligation or liability under any Privacy Law, except, in the case of (i), (ii), or (iii), where such violation, investigation, remediation, order, decree or agreement would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.