Common use of Data Privacy and Security Requirements Clause in Contracts

Data Privacy and Security Requirements. (a) The Group Companies are and, since December 31, 2018, have been in material compliance with all Data Privacy and Security Requirements, Except as set forth on Section 3.20 to the Company Schedules, there have been no material Security Incidents since December 31, 2018 with respect to any Company IT Systems, Business Data, or Company Products or otherwise related to the Business. The Group Companies have implemented and maintain necessary and commercially reasonable security, disaster recovery and business continuity plans, procedures and facilities, including by implementing systems and procedures to encrypt all transmission of material Business Data on or from Company IT Systems. In the last twelve (12) months, there has not been any material failure with respect to any of the Company IT Systems that has not been remedied or replaced in all material respects. The Company IT Systems do not contain any material unauthorized feature (including any worm, bomb, Trojan Horse, backdoor, clock, timer or other disabling device, code, design or routine, collectively, “Malicious Code”) or material defects, technical concerns or problems that would cause any Company IT System to be erased, inoperable or otherwise incapable of being used, or any computer code designed to disrupt, disable or harm in any manner the operation of any software or hardware, either automatically, with the passage of time or upon command, or otherwise that would prevent the same from performing substantially in accordance with their user specifications or functionality descriptions. (b) The Group Companies (i) engage and have engaged in, directly or indirectly, Data Processing only with respect to such Data as they are authorized to so engage (or to cause such Processing, as applicable) by Law and Contract, and (ii) have implemented reasonable safeguards designed to prevent unauthorized use or disclosure of such Data. The Group Companies have, with respect to all such that is subjected to any Processing directly or indirectly in connection with any Business, all rights necessary to conduct the operation of such Business as then-currently conducted, in all material respects. (c) None of the Group Companies has received any written communication from any Person from whom it licenses, acquires or purchases any material Data (such arrangements, “Material Data Supply Agreements”) to the effect that any, and to the Company’s knowledge no, Person will stop or decrease the rate of, or materially alter the terms of, the business it conducts with (or the Data it provides under any Material Data Supply Agreements to) any Group Company. No Group Company is in material breach of any Material Data Supply Agreements.

Data Privacy and Security Requirements. (a) The Group Companies are and, since December 31, 20182019, have been in material compliance with all Data Privacy and Security Requirements, . Except as set forth on Section 3.20 to the Company Schedules, there are no current, and since December 31, 2019, there have been no material Security Incidents since December 31at the Group Companies and, 2018 to the knowledge of the Group Companies, at their Data Processors (with respect to any Company IT Systems, Business Data, or Company Products or otherwise related to the BusinessData Processed by them). The Group Companies have implemented and maintain necessary and commercially reasonable security procedures and practices that include: (i) written policies and procedures regarding their Processing of Business Data; (ii) administrative, technical and physical safeguards designed to protect the security, confidentiality, availability, and integrity of Business Data Processed by the Company or Data Processors; and (iii) incident response, disaster recovery and business continuity plans, procedures and facilities, including by implementing systems and procedures to encrypt all transmission of material Business Data on or from Company IT Systems. In the last twelve (12) months, there has not been any material failure with respect to any of the Company IT Systems that has not been addressed, remedied or replaced in all material respects. The To the Group Companies’ knowledge, the Company IT Systems do not contain any material unauthorized feature (including any worm, bomb, Trojan Horse, backdoor, drop dead device, ransomware, clock, timer or other disabling device, code, design or routineroutine designed or intended to have, collectivelyor capable of performing, any of the following functions: (a) disrupting, disabling, harming, interfering with or otherwise impeding in any material manner the operation of, or providing unauthorized access to, a computer system or network or other device on which such code is stored or installed; or (b) materially damaging or destroying any data or file without the user’s consent, collectively (“Malicious Code”) or material defects, technical concerns or problems that would cause any Company IT System to be erased, inoperable or otherwise incapable of being used, or any computer code designed to disrupt, disable or harm in any manner the operation of any software or hardware, either automatically, with the passage of time or upon command, or otherwise that would prevent the same from performing substantially in accordance with their user specifications or functionality descriptions). (b) The Group Companies (i) engage and have engaged in, directly or indirectly, Data Processing only with respect to such Data as they are authorized to so engage (or to cause such Processing, as applicable) by Law and Contract, and (ii) have implemented reasonable safeguards designed to prevent unauthorized use or disclosure of such Data. The Group Companies have, with respect to all such that is subjected to any Processing directly or indirectly in connection with any BusinessBusiness Data, all rights necessary to conduct the operation of such Business as then-currently conducted, in all material respects. (c) . None of the Group Companies has received any written communication or electronic notice from any Person from whom it licenses, acquires or purchases any material Data (such arrangements, “Material Data Supply Agreements”) to the effect that any, and to the Company’s knowledge no, any such Person will stop or decrease the rate of, or materially alter the terms of, of the business it conducts with (or the Data it provides under any Material Data Supply Agreements to) with any Group Company. No Group Company is in material breach of any Material Data Supply AgreementsAgreements in any material respect.

Data Privacy and Security Requirements. (a) The Group Companies are and, since December 31, 20182015, have been in material compliance with all Data Privacy and Security Requirements, . Except as set forth on Section 3.20 3.21 to the Company SchedulesSchedules and to the knowledge of the Company, there have been no material Security Incidents since December 31, 2018 2017 with respect to any Company IT Systems, Business Data, or Company Products or otherwise related to the Business. No Group Company has since December 31, 2017 received any written notice from any Person, been required by applicable Law or Contract to give any notice to any Person, or been subject to any Proceeding, in each case with respect to any Security Incident or otherwise with respect to any breach or purported breach of any Data Privacy and Security Requirements. The Group Companies have implemented and maintain necessary and commercially reasonable security, disaster recovery and business continuity plans, procedures and facilities, including by implementing systems and procedures to encrypt all transmission of material Business Data on or from Company IT Systems. In the last twelve (12) monthsSince December 31, 2017, there has not been any material failure with respect to any of the Company IT Systems that has not been remedied or replaced in all material respects. The Group Companies have taken commercially reasonable steps intended to ensure that the Company IT Systems do not contain contain, and to the knowledge of the Company the Company IT Systems do not contain, any material unauthorized feature (including any worm, bomb, Trojan Horse, backdoor, clock, timer or other disabling device, code, design or routine, collectively, “Malicious Code”) or material defects, technical concerns or problems that would cause any Company IT System to be erased, inoperable or otherwise incapable of being used, or any computer code designed to disrupt, disable or harm in any manner the operation of any software Software or hardware, either automatically, with the passage of time or upon command, or otherwise that would prevent the same from performing substantially in accordance with their user specifications or functionality descriptions. (b) The Group Companies (i) engage and have engaged in, directly or indirectly, Data Processing only with respect to such Data as they are authorized to so engage (or to cause such Processing, as applicable) by Law and and, in the case of Data obtained from third parties, Contract, and (ii) have implemented reasonable safeguards designed to prevent unauthorized use or disclosure of such Data. The Group Companies have, with respect to all such Data that is subjected to any Processing directly or indirectly in connection with any the Business, all rights necessary to conduct the operation of such Business Processing as then-currently conducted, in all material respects. (c) None of the Group Companies has received any written communication from any Person since December 31, 2017 from whom it licenses, acquires or purchases any material Data (such arrangements, “Material Data Supply Agreements”) to the effect that any, and to the Company’s knowledge no, Person will stop or decrease the rate of, or materially alter the terms of, the business it conducts with (or the Data it provides under any Material Data Supply Agreements to) any Group Company. No Group Company is in material breach of any Material Data Supply Agreements.

Data Privacy and Security Requirements. (a) The Group Companies are and, since December 31, 20182016, have been in material compliance with all Data Privacy and Security Requirements, . Except as set forth on Section 3.20 3.21 to the Company SchedulesSchedules and to the knowledge of the Company, there have been no material Security Incidents since December 31, 2018 with respect to any Company IT Systems, Business Data, or Company Products or otherwise related to the Business. No Group Company has since December 31, 2018 received any written notice from any Person, been required by applicable Law or Contract to give any notice to any Person, or been subject to any Proceeding, in each case with respect to any Security Incident or otherwise with respect to any breach or purported breach of any Data Privacy and Security Requirements. The Group Companies have implemented and maintain necessary and commercially reasonable security, disaster recovery and business continuity plans, procedures and facilities, including by implementing systems and procedures to encrypt all the transmission of material Business Data on or from Company IT Systems. In the last twelve (12) monthsSince December 31, 2018, there has not been any material failure with respect to any of the Company IT Systems that has not been remedied or replaced in all material respects. The Group Companies have taken commercially reasonable steps intended to ensure that the Company IT Systems do not contain contain, and, to the knowledge of the Company, the Company IT Systems do not contain, any material unauthorized feature (including any worm, bomb, Trojan Horse, backdoor, clock, timer or other disabling device, code, design or routine, collectively, “Malicious Code”) or material defects, technical concerns or problems that would cause any Company IT System to be erased, inoperable or otherwise incapable of being used, or any computer code designed to disrupt, disable or harm in any manner the operation of any software Software or hardware, either automatically, with the passage of time or upon command, or otherwise that would prevent the same from performing substantially in accordance with their user specifications or functionality descriptions. (b) The Group Companies (i) engage and have engaged in, directly or indirectly, Data in Processing only with respect to such Data as they are authorized to so engage (or to cause such Processing, as applicable) by Law and and, in the case of Data obtained from third parties, Contract, and (ii) have implemented reasonable safeguards designed to prevent unauthorized use or disclosure of such Data. The Group Companies have, with respect to all such Data that is subjected to any Processing directly or indirectly in connection with any the Business, all rights necessary to conduct the operation of such Business Processing as then-currently conducted, in all material respects. (c) None of the Group Companies has received any written communication from any Person since December 31, 2018 from whom it licenses, acquires or purchases any material Data (such arrangements, “Material Data Supply Agreements”) to the effect that any, and to the Company’s knowledge no, Person will stop or decrease the rate of, or materially alter the terms of, the business it conducts with (or the Data it provides under any Material Data Supply Agreements to) any Group Company. No Group Company is in material breach of any Material Data Supply Agreements.

Data Privacy and Security Requirements. (a) The Group Companies are and, since December 31, 2018, have been in compliance in all material compliance respects with all Data Privacy and Security Requirements, Except as set forth on Section 3.20 to the Company Schedules, there . There have been no material Security Incidents security incidents since December 31, 2018 with respect to any Company IT Systems, Business Data, or Company Products or otherwise related to the Business. No Group Company has since December 31, 2018 received any notice from any Person, been required to give any notice to any Person, or been subject to any Proceeding, in each case with respect to any security incident or otherwise with respect to any breach or purported breach of any Data Privacy and Security Requirements by any Group Company. The Group Companies have implemented and maintain necessary and commercially reasonable security, disaster recovery and business continuity plans, procedures and facilitiesfacilities and have employed commercially reasonable efforts to protect the confidentiality, including by implementing systems integrity and procedures to encrypt all transmission security of material Business Data on or from the Company IT Systems. In The Group Companies take and have at all times taken commercially reasonable steps to prevent the last twelve (12) monthsintroduction of any virus, there has not been any material failure with respect to any of the Company IT Systems that has not been remedied or replaced in all material respects. The Company IT Systems do not contain any material unauthorized feature (including any worm, bomb, Trojan Horse, backdoor, clock, timer horse or other similar disabling device, code, design code or routine, collectively, program (“Malicious Code”) or material defects, technical concerns or problems that would cause any Company IT System to be erased, inoperable or otherwise incapable of being used, or any computer code designed to disrupt, disable or harm in any manner the operation of any software or hardware, either automatically, with the passage of time or upon command, or otherwise that would prevent the same from performing substantially in accordance with their user specifications or functionality descriptionsdescriptions (collectively, “Contaminants”) into the Company IT Systems. The Company IT Systems are sufficient in capacity, functionality and operation for the operation of the Business. Since December 31, 2018, there has not been any failure with respect to any of the Company IT Systems that has not been remedied or replaced in all material respects. (b) The Group Companies (i) engage and have engaged in, directly or indirectly, Data Processing only with respect to such Data as they are authorized to so engage (or to cause such Processing, as applicable) by Law and Contract, and (ii) have implemented commercially reasonable safeguards designed to prevent unauthorized use or disclosure of such Dataconfidential data and Personal Information in their possession and control. The Except as would not be material to the Group Companies, taken as a whole, the Group Companies have, with respect to all such that is subjected to any Processing directly or indirectly in connection with any Business, all have rights necessary to Process Personal Information in the conduct of the operation of such Business as then-currently conducted, in all material respects. (c) None The Group Companies have all contractual rights necessary to process Business Data in the conduct of the Group Companies has received any written communication from any Person from whom it licenses, acquires or purchases any material Data Business as currently conducted. (such arrangements, “Material Data Supply Agreements”d) to the effect that any, and to the Company’s knowledge no, Person will stop or decrease the rate of, or materially alter the terms of, the business it conducts with (or the Data it provides under any Material Data Supply Agreements to) any Group Company. No Group Company is in material breach of any Material Data Supply Agreementsagreement pursuant to which a Group Company licenses, acquires, or purchases any material data.