Common use of Data Security and Privacy Clause in Contracts

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14, 2020 has been, in material compliance with all Data Security Requirements; and (ii) since August 14, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14, 2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14January 4, 2020 2021 has been, in material compliance with all Data Security Requirements, except for noncompliance that would have a Company Material Adverse Effect; and (ii) since August 14January 4, 20202021, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the have a Company Group, taken as a wholeMaterial Adverse Effect, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14January 4, 20202021, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with relating to any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14January 4, 20202021, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company Group and, to the Knowledge of the Company and each solely with respect to the Processing of its Subsidiaries (i) isPersonal Information jointly with, for, or on behalf of the Company Group, all Data Partners are, and since August 14January 1, 2020 has 2021, have been, in material compliance with all Data Security Requirements; Requirements in all material respects. Since January 1, 2021, the Company Group has implemented, maintained and (ii) since August 14, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance complied in all material respects with the Data Security Requirements technical, physical, and organizational measures appropriately designed to protect (Aa) the confidentiality, integrity, availability, integrity and security of its Business the Company IT Systems that are involved in the Processing of Personally Identifiable Personal Information, in the conduct of the business of the Company and its Subsidiaries as currently conductedGroup; and (Bb) Personally Identifiable Personal Information Processed by or on behalf of any member of the Company or such Subsidiary from unauthorized useGroup against a Specified Data Breach. Neither the Company Group nor, access, disclosure, theft, and modification, except in each case as would not be material to the business Knowledge of the Company and solely with respect to the Processing of Personal Information jointly with, for, or on behalf of the Company Group, taken any of its Data Partners has, as a whole. As of May 13, 2024, since three (3) years prior to the date of the date hereof, except as would not be material to the business of the Company Group, taken as a wholeOriginal Agreement, (i) there are no pending received any written complaints, investigations, inquiries, notices, enforcement proceedingsclaims, or actions by or before notices from any Governmental Authority and or other Person, or been notified that it is the subject of any investigation or enforcement action by any Governmental Authority; or (ii) since August 14notified or been required to notify any customer, 2020consumer, employee, Governmental Authority, or other Person, in each case, in relation to any material Specified Data Breaches or alleged or actual material violation of any Data Security Requirements. Since three (3) years prior to the date of the Original Agreement, no fines or other penalties have been imposed on on, or written claims for compensation have been received by by, any member of the Company or any SubsidiaryGroup, for violation of any Data Security Requirement or in connection with any Specified Data Breach. The Company and each of its Subsidiaries have Group has not since August 14, 2020three (3) years prior to the date of the Original Agreement, (1) experienced any material Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches. The Company Group, each except as would not be in all material respects, maintains insurance coverage containing policy terms and limits that are reasonably appropriate to the business risk of the Company Group’s liability relating to any Specified Data Breach, taken as a wholeunauthorized Processing of Personal Information, or violation of the Data Security Requirements, and since three (3) years prior to the date of the Original Agreement, no claims have been made under such insurance policy(ies).

Data Security and Privacy. The Company and each of its Subsidiaries (i) isare, and since August 14May 16, 2020 has 2018 have been, in material compliance with all Data Security Requirements; and (ii) since August 14May 16, 20202018, has have taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14May 16, 20202018, no fines or other penalties have been imposed on or written claims for compensation under applicable laws have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data BreachBreach or otherwise. The Company and each of its Subsidiaries have not since August 14May 16, 20202018, (1) to the Knowledge of the Company, experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14, 2020 the IPO Date has been, in material compliance with all Data Security Requirements; and (ii) since August 14, 2020the IPO Date, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements Requirements, to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, Information and in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14, 2020the IPO Date, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14, 2020the IPO Date, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since August 14January 1, 2020 has been, in material compliance with all Data Security Requirements; and (ii) since August 14January 1, 2020, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14January 1, 2020, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data Breach. The Company and each of its Subsidiaries have not since August 14January 1, 2020, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.

Data Security and Privacy. The Company and each of its Subsidiaries (i) isare, and since August 14May 16, 2020 has 2018 have been, in material compliance with all Data Security Requirements; and (ii) since August 14May 16, 20202018, has have taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereofDecember 11, 2020, except as would not be material to the business of the Company Group, taken as a whole, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since August 14May 16, 20202018, no fines or other penalties have been imposed on or written claims for compensation under applicable laws have been received by the Company or any Subsidiary, for violation of any Data Security Requirement in connection with any Specified Data BreachBreach or otherwise. The Company and each of its Subsidiaries have not since August 14May 16, 20202018, (1) to the Knowledge of the Company, experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.