Common use of Data Security; Privacy Clause in Contracts

Data Security; Privacy. (a) Except as described in Section 3.21(a) of the Company Disclosure Schedule, in connection with the Company’s collection, use, disclosure, storage and other Processing of all Personal Information (and that of any third party engaged by the Company, including any subservicer), the Company is, and to the Knowledge of the Company, any third party to the extent acting at the discretion or on the behalf of the Company, and since the Look-Back Date has been, in compliance with (i) all Privacy Laws applicable to the Company, (ii) any applicable privacy and security policies of the Company concerning the collection, dissemination, storage or use of Personal Information or other Company Proprietary Information, including any privacy disclosures posted to websites or other media maintained or published by the Company and, as applicable, the privacy policies of any one or more third parties with which the Company is required to comply, (iii) all contractual commitments that the Company has entered into or is otherwise bound with respect to privacy and/or data security, and (iv) applicable industry standards (e.g., PCI DSS) (collectively, the “Data Privacy and Security Requirements”). (b) The Company (i) solely owns and possesses all right, title and interest in and to the Business Data, free and clear of any restrictions other than those imposed by applicable Privacy Laws, or (ii) has the right to use, exploit, publish, reproduce, distribute, license, sell, and create derivative works of such Business Data, in whole or in part, in the manner in which the Company receives and uses such Business Data. The Data Privacy and Security Requirements will not prohibit New PubCo or Suntuity from Processing Personal Information or Business Data after the Closing Date, in the same manner in which the Company Processes such Personal Information and other Business Data prior to the Closing Date or cause New PubCo or Suntuity to incur liability in connection with the receipt or Processing of such Personal Information or Business Data. The Company maintains commercially reasonable security measures to protect all Personal Information under its control from unauthorized access, use, disclosure, modification, deletion or other Processing. The Company has not suffered any breach that has resulted in any unauthorized access to, use of, disclosure of or other loss of any Personal Information. Except as described in Section 3.21(b) of the Company Disclosure Schedule, since the Look-Back Date, the Company has not been subject to any written complaints, lawsuits, investigations or other written claims regarding its Processing of any Personal Information, and to the Knowledge of the Company, there are no such pending complaints, lawsuits, investigations or claims. The Company has not provided and has not been legally required to provide any notices to data owners or Governmental Authorities in connection with any unauthorized access, use or disclosure of Personal Information.

Data Security; Privacy. (a) Except as described in Section 3.21(a) of the Company Disclosure Schedule, in connection with the Company’s collection, use, disclosure, storage and other Processing of all Personal Information (and that of any third party engaged by the Company, including any subservicer), the Company is, and to the Knowledge of the Company, any third party to the extent acting at the discretion or on the behalf of the CompanyCompany is, and since the Look-Back Date has been, in compliance with (i) all Privacy Laws applicable to the Company, (ii) any applicable privacy and security policies of the Company concerning the collection, dissemination, storage or use of Personal Information or other Company Proprietary Information, including any privacy disclosures posted to websites or other media maintained or published by the Company and, as applicable, the privacy policies of any one or more third parties with which the Company is required to comply, (iii) all contractual commitments that the Company has entered into or is otherwise bound with respect to privacy and/or data security, and (iv) applicable industry standards (e.g., PCI DSS) (collectively, the “Data Privacy and Security Requirements”). (b) The Company (i) solely owns and possesses all right, title and interest in and to the Business Data, free and clear of any restrictions other than those imposed by applicable Privacy Laws, or (ii) has the right to use, exploit, publish, reproduce, distribute, license, sell, and create derivative works of such Business Data, in whole or in part, in the manner in which the Company receives and uses such Business Data. The Data Privacy and Security Requirements will not prohibit New PubCo the Surviving Company or Suntuity Acquiror from Processing Personal Information or Business Data after the Closing Date, in the same manner in which the Company Processes such Personal Information and other Business Data prior to the Closing Date or cause New PubCo the Surviving Company or Suntuity Acquiror to incur liability in connection with the receipt or Processing of such Personal Information or Business Data. The Company maintains commercially reasonable security measures to protect all Personal Information under its control from unauthorized access, use, disclosure, modification, deletion or other Processingprocessing. The Company has not suffered any breach that has resulted in any unauthorized access to, use of, disclosure of or other loss of any Personal Information. Except as described in Section 3.21(b) of the Company Disclosure Schedule, since the Look-Back Date, the Company has not been subject to any written complaints, lawsuits, investigations or other written claims regarding its Processing of any Personal Information, and to the Knowledge knowledge of the Company, there are no such pending complaints, lawsuits, investigations or claims. The Company has not provided and has not been legally required to provide any notices to data owners or Governmental Authorities in connection with any unauthorized access, use or disclosure of Personal Information.