Common use of Privacy and Data Security Clause in Contracts

Privacy and Data Security. (a) Foamix and the Foamix Subsidiary: (a) is, and at all times has been, in compliance with all Data Protection Requirements in all material respects; (b) has not received any written subpoenas, demands, or other notices from any Governmental Entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law and, to the Knowledge of Foamix, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Law, and no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized access, use, disclosure, and modification; (d) to the Knowledge of Foamix, has not experienced any material failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents related to Personal Data during the past three (3) years that would require notification of individuals, law enforcement, or any Governmental Entity, or any remedial action under any applicable Data Protection Law, and there are no pending, or expected complaints, actions, fines, or other penalties facing Foamix or the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Law. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. (a) Foamix Parent and the Foamix Subsidiary: (a) is, and at all times has been, in compliance each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all material respectsnecessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (bii) has not been subject to or received any written subpoenasnotice of any audit, demandsinvestigation, complaint, or other notices from Legal Action by any Governmental Entity investigatingor other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, inquiring intoalleged, or otherwise relating to any actual or potential suspected violation of any Data Protection Law andRequirement concerning privacy, to the Knowledge of Foamixdata security, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Lawdata breach notification, and no written noticeto Parent’s Knowledge, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized access, use, disclosure, and modification; (d) to the Knowledge of Foamix, has not experienced any material failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents related to Personal Data during the past three (3) years that would require notification of individuals, law enforcement, or any Governmental Entity, or any remedial action under any applicable Data Protection Law, and there are no pending, facts or circumstances that could reasonably be expected complaints, actions, fines, or other penalties facing Foamix or the Foamix Subsidiary in connection with to give rise to any such failuresLegal Action, crashesin each case except as would not reasonably be expected to have, security breachesindividually or in the aggregate, unauthorized accessa Parent Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), use(B) “covered entity” (as described by HIPAA and the corresponding regulations), or disclosure, or other adverse events or incidentsand (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (eii) materially comply with such Business Associate Agreements. The Company and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the Knowledge requirements of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any HIPAA and other Data Protection LawRequirements. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. Except as would not reasonably be expected to result in a Material Adverse Effect, (a) Foamix the Company and the Foamix Subsidiary: (a) is, and at all times has been, in compliance with all Data Protection Requirements in all material respects; (b) has not received any its Subsidiaries have established written subpoenas, demands, or other notices from any Governmental Entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law and, privacy policies applicable to the Knowledge of Foamix, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Law, and no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized accesscollection, use, disclosure, maintenance and modification; transmission of Personal Data, (db) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the Knowledge collection, processing, storage, disclosure, disposal or other handling of FoamixPersonal Data, has any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not experienced reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material failuresrespect any applicable law regarding privacy, crashesdata protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2021, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, useunauthorized disclosure or unauthorized use of any Personal Data, or disclosure(ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, would not reasonably be expected to result in a Material Adverse Effect, the hardware, software, databases, web s▇▇▇▇, ▇▇▇▇▇▇ applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other adverse events information technology owned, licensed, leased or incidents related to Personal Data during otherwise used, distributed or held for use by the past Company or its Subsidiaries (i) have not, within the three (3) years prior to the date of this Agreement, malfunctioned or failed in a manner that would require notification resulted in chronic or otherwise material disruptions to the operation of individuals, law enforcement, or any Governmental Entity, or any remedial action under any applicable Data Protection Lawthe business of the Company and its Subsidiaries, and there (ii) are no pending, or expected complaints, actions, fines, or other penalties facing Foamix or adequate for the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; Company’s and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Lawits Subsidiaries’ businesses as currently conducted. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. (a) Foamix and the Foamix Subsidiary: (a) isThe Company complies with, and has at all times has beensince January 1, in compliance with 2017 complied with, all Data Protection Requirements in all Requirements, except for any noncompliance that would not reasonably be expected to be material respects; to the Company and its Subsidiaries, taken as a whole. (b) Since January 1, 2017, except as would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole, the Company has not received any written subpoenas, demands, or other written notices from any Governmental Entity investigating, investigating or inquiring into, or otherwise relating to into any actual or potential violation of any Data Protection Law and, to the Knowledge of Foamix, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or identified potential violation of any Data Protection Law. Since January 1, 2017, except as would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole, no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, on or initiated against, Foamix or against the Foamix Subsidiary under Company alleging any violation by the Company of any applicable Data Protection Law; Requirement. (c) uses commercially Except as would not reasonably be expected to be material to the Company and its Subsidiaries, taken as a whole, the Company takes reasonable measures best steps, in compliance with applicable Data Protection Requirements, to protect (i) the confidentiality, integrity, integrity and security of its software, systems and websites involved in the collection and/or processing of Personal Data; and (ii) Personal Data it collects in its possession and/or processes control from unauthorized use, access, use, disclosure, disclosure and modification; . (d) Since January 1, 2017, except as would not reasonably be expected to be material to the Knowledge of FoamixCompany and its Subsidiaries, taken as a whole, the Company has not experienced suffered any material failuressecurity breaches or unauthorized access to, crashes, security breaches, or unauthorized access, use, disclosure or disclosure, or other adverse events or incidents related to modification of Personal Data during the past three (3) years in its possession or control that would require notification of individuals, law enforcement, or any Governmental Entity, or any remedial action Person under any applicable Data Protection Law, and there are no pending, or expected complaints, actions, fines, or other penalties facing Foamix or the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection LawRequirement. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, (a) Foamix each of the Company and its Subsidiaries, has been since the Foamix Subsidiary: (a) isLookback Date, and at all times has beenis, in compliance with all their written externally published privacy policies, contracts which impose requirements relating to the collection, processing, storage, disclosure, disposal or other handling of Personal Data, any applicable Laws relating to privacy, data protection and Personal Data, and any applicable binding industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data Protection Requirements in all material respects; (collectively, the “Privacy Requirements”), (b) since the Lookback Date, none of the Company nor any of its Subsidiaries has not received any written subpoenas, demands, experienced (i) incidents of unauthorized access or other notices from any Governmental Entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law and, to the Knowledge of Foamix, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Law, and no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized access, use, disclosure, and modification; (d) to the Knowledge of Foamix, has not experienced any material failures, crashes, security breaches, including any loss, misuse, damage, unauthorized access, useunauthorized disclosure or unauthorized use of any Personal Data, or disclosure, or (ii) any other adverse events or incidents related to Personal Data during event that required the past three (3) years that would require notification of individuals, law enforcement, Company or any of its Subsidiaries to give a data breach notice to any Person or Governmental EntityAuthority under Privacy Requirements, or any remedial action under any applicable Data Protection Lawexcept, in each case of clauses (i) and (ii), as has not had, and there are no pendingwould not reasonably be expected to have, individually or expected complaintsin the aggregate, actionsa Company Material Adverse Effect, fines, or other penalties facing Foamix or the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (ec) the hardware, software, databases, websites, mobile applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other information technology owned, licensed or leased by the Company or its Subsidiaries (i) have not, since the Lookback Date, malfunctioned or failed in a manner that resulted in chronic or otherwise material disruptions to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Law. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability operation of the information technology systembusiness of the Company and its Subsidiaries, operational technology system or software applications used, owned or operated by Foamix or and (ii) are adequate for the Foamix SubsidiaryCompany’s and its Subsidiaries’ businesses as currently conducted.

Privacy and Data Security. (a) Foamix Since August 1, 2014, Purchaser and its Subsidiaries have complied, to the Foamix Subsidiary: (a) is, and at all times has beenextent applicable, in compliance all material respects with (i) all Data Protection Requirements Laws; (ii) binding industry standards to protect the operation, confidentiality, integrity, and security of its software, systems, and websites that are involved in the collection and/or processing of Personal Data; (iii) all binding published, posted, and internal policies, procedures, agreements, and notices of Purchaser and its Subsidiaries relating to the collection, use, or disclosure of Personal Data (“Purchaser Privacy Policies”); and (iv) any applicable regulatory requirements or restrictions relating to the transfer of Personal Data across national borders. (b) Purchaser Privacy Policies comply in all material respects with applicable Data Protection Laws. (c) Since August 1, 2014, Purchaser and its Subsidiaries have in all material respects made all required registrations and notifications required by and in accordance with all applicable Data Protection Laws, and any such registrations and notifications are current, complete, and accurate in all material respects; . (bd) Since August 1, 2014, neither Purchaser nor any of its Subsidiaries has not received any written material subpoenas, demands, or other written notices from any Governmental Entity Authority investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law Law, and, to the Knowledge of FoamixPurchaser, neither Foamix Purchaser nor the Foamix Subsidiary any of its Subsidiaries is under investigation by any Governmental Entity Authority for any actual or potential material violation of any Data Protection Law. Since August 1, and 2014, no material written notice, complaint, claim, enforcement actionAction, or litigation Litigation of any kind has been served on, or initiated againstor, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized access, use, disclosure, and modification; (d) to the Knowledge of FoamixPurchaser, has not experienced initiated against, Purchaser or any of its Subsidiaries under any applicable Data Protection Law. (e) Since August 1, 2014, there have been no material failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents related to Personal Data during the past three (3) years that affecting Purchaser or any of its Subsidiaries which would require notification by Purchaser or any of its Subsidiaries of individuals, law enforcement, or any Governmental Entity, Authority or any remedial action by Purchaser or any of its Subsidiaries under any applicable Contract or Data Protection Law. To the Knowledge of Purchaser, and there are no pending, or expected pending material complaints, actionsActions, fines, or other penalties facing Foamix Purchaser or the Foamix Subsidiary any of its Subsidiaries in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Law. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. (a) Foamix Since August 1, 2014, the Company and its Subsidiaries have complied, to the Foamix Subsidiary: (a) is, and at all times has beenextent applicable, in compliance all material respects with (i) all Data Protection Requirements Laws; (ii) binding industry standards to protect the operation, confidentiality, integrity, and security of its software, systems, and websites that are involved in the collection and/or processing of Personal Data; (iii) all binding published, posted, and internal policies, procedures, agreements, and notices of the Company and its Subsidiaries relating to the collection, use, or disclosure of Personal Data (“Company Privacy Policies”); and (iv) any applicable regulatory requirements or restrictions relating to the transfer of Personal Data across national borders. (b) The Company Privacy Policies comply in all material respects with applicable Data Protection Laws. (c) Since August 1, 2014, the Company and its Subsidiaries have in all material respects made all required registrations and notifications required by and in accordance with all applicable Data Protection Laws, and any such registrations and notifications are current, complete, and accurate in all material respects; . (bd) Since August 1, 2014, neither the Company nor any of its Subsidiaries has not received any written material subpoenas, demands, or other written notices from any Governmental Entity Authority investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law Law, and, to the Knowledge of Foamixthe Company, neither Foamix the Company nor the Foamix Subsidiary any of its Subsidiaries is under investigation by any Governmental Entity Authority for any actual or potential material violation of any Data Protection Law. Since August 1, and 2014, no material written notice, complaint, claim, enforcement actionAction, or litigation Litigation of any kind has been served on, or initiated againstor, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized access, use, disclosure, and modification; (d) to the Knowledge of Foamixthe Company, has not experienced initiated against, the Company or any of its Subsidiaries under any applicable Data Protection Law. (e) Since August 1, 2014, there have been no material failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents related to Personal Data during affecting the past three (3) years that Company or any of its Subsidiaries which would require notification by the Company or any of its Subsidiaries of individuals, law enforcement, or any Governmental Entity, Authority or any remedial action by the Company or any of its Subsidiaries under any applicable contract or Data Protection Law. To the Knowledge of the Company, and there are no pending, or expected pending material complaints, actionsActions, fines, or other penalties facing Foamix the Company or the Foamix Subsidiary any of its Subsidiaries in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Law. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. Except as would not reasonably be expected to result in a Material Adverse Effect, (a) Foamix the Company and the Foamix Subsidiary: (a) is, and at all times has been, in compliance with all Data Protection Requirements in all material respects; (b) has not received any its Subsidiaries have established written subpoenas, demands, or other notices from any Governmental Entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law and, privacy policies applicable to the Knowledge of Foamix, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Law, and no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized accesscollection, use, disclosure, maintenance and modification; transmission of Personal Data, (db) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the Knowledge collection, processing, storage, disclosure, disposal or other handling of FoamixPersonal Data, has any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not experienced reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material failuresrespect any applicable law regarding privacy, crashesdata protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2019, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, useunauthorized disclosure or unauthorized use of any Personal Data, or disclosure(ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, would not reasonably be expected to result in a Material Adverse Effect, the hardware, software, databases, web s▇▇▇▇, ▇▇▇▇▇▇ applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other adverse events information technology owned, licensed, leased or incidents related to Personal Data during otherwise used, distributed or held for use by the past Company or its Subsidiaries (i) have not, within the three (3) years prior to the date of this Agreement, malfunctioned or failed in a manner that would require notification resulted in chronic or otherwise material disruptions to the operation of individuals, law enforcement, or any Governmental Entity, or any remedial action under any applicable Data Protection Lawthe business of the Company and its Subsidiaries, and there (ii) are no pending, or expected complaints, actions, fines, or other penalties facing Foamix or adequate for the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; Company’s and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Lawits Subsidiaries’ businesses as currently conducted. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. Except as would not reasonably be expected to result in a Material Adverse Effect, (a) Foamix the Company and the Foamix Subsidiary: (a) is, and at all times has been, in compliance with all Data Protection Requirements in all material respects; (b) has not received any its Subsidiaries have established written subpoenas, demands, or other notices from any Governmental Entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law and, privacy policies applicable to the Knowledge of Foamix, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Law, and no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized accesscollection, use, disclosure, maintenance and modification; transmission of Personal Data, (db) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the Knowledge collection, processing, storage, disclosure, disposal or other handling of FoamixPersonal Data, has any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not experienced reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material failuresrespect any applicable law regarding privacy, crashesdata protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2021, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, useunauthorized disclosure or unauthorized use of any Personal Data, or disclosure(ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, would not reasonably be expected to result in a Material Adverse Effect, the hardware, software, databases, web ▇▇▇▇▇, ▇▇▇▇▇▇ applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other adverse events information technology owned, licensed, leased or incidents related to Personal Data during otherwise used, distributed or held for use by the past Company or its Subsidiaries (i) have not, within the three (3) years that would require notification of individuals, law enforcement, or any Governmental Entity, or any remedial action under any applicable Data Protection Law, and there are no pending, or expected complaints, actions, fines, or other penalties facing Foamix or the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (e) prior to the Knowledge date of Foamixthis Agreement, has not received any pending malfunctioned or threatened claims from individuals alleging any breach of, failed in a manner that resulted in chronic or exercising their rights under, any Data Protection Law. (b) Foamix and otherwise material disruptions to the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability operation of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.business of the

Privacy and Data Security. Except as would not reasonably be expected to result in a Material Adverse Effect, (a) Foamix the Company and the Foamix Subsidiary: (a) is, and at all times has been, in compliance with all Data Protection Requirements in all material respects; (b) has not received any its Subsidiaries have established written subpoenas, demands, or other notices from any Governmental Entity investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law and, privacy policies applicable to the Knowledge of Foamix, neither Foamix nor the Foamix Subsidiary is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Law, and no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized accesscollection, use, disclosure, maintenance and modification; transmission of Personal Data, (db) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the Knowledge collection, processing, storage, disclosure, disposal or other handling of FoamixPersonal Data, has any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not experienced reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material failuresrespect any applicable law regarding privacy, crashesdata protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2021, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, useunauthorized disclosure or unauthorized use of any Personal Data, or disclosure(ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, would not reasonably be expected to result in a Material Adverse Effect, the hardware, software, databases, web ▇▇▇▇▇, ▇▇▇▇▇▇ applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other adverse events information technology owned, licensed, leased or incidents related to Personal Data during otherwise used, distributed or held for use by the past Company or its Subsidiaries (i) have not, within the three (3) years prior to the date of this Agreement, malfunctioned or failed in a manner that would require notification resulted in chronic or otherwise material disruptions to the operation of individuals, law enforcement, or any Governmental Entity, or any remedial action under any applicable Data Protection Lawthe business of the Company and its Subsidiaries, and there (ii) are no pending, or expected complaints, actions, fines, or other penalties facing Foamix or adequate for the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; Company’s and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Lawits Subsidiaries’ businesses as currently conducted. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. (a) Foamix Since August 1, 2014, TWG and its Subsidiaries have complied, to the Foamix Subsidiary: (a) is, and at all times has beenextent applicable, in compliance all material respects with (i) all Data Protection Requirements Laws; (ii) generally accepted industry standards to protect the operation, confidentiality, integrity, and security of its software, systems, and websites that are involved in the collection and/or processing of Personal Data; (iii) all binding published, posted, and internal policies, procedures, agreements, and notices of TWG and its Subsidiaries relating to the collection, use, or disclosure of Personal Data (“Privacy Policies”); (iv) the terms of TWG Material Contracts to the extent that such TWG Material Contracts include provisions relating to the collection, use, or disclosure of Personal Data; and (v) any applicable regulatory requirements or restrictions relating to the transfer of Personal Data across national borders. (b) The Privacy Policies comply in all material respects with applicable Data Protection Laws. All employees, officers, agents, and other representatives of TWG and its Subsidiaries have, where necessary or customary in the industry, received training with respect to compliance with Data Protection Law and the Privacy Policies. (c) TWG and its Subsidiaries have undertaken reasonable efforts to and will achieve material compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) and its implementing statutes prior to May 25, 2018. (d) Since August 1, 2014, TWG and its Subsidiaries have in all material respects made all required registrations and notifications required by and in accordance with all applicable Data Protection Laws, and any such registrations and notifications are current, complete, and accurate in all material respects; . (be) Since August 1, 2014, neither TWG nor any of its Subsidiaries has not received any written subpoenas, demands, or other written notices from any Governmental Entity Authority investigating, inquiring into, or otherwise relating to any actual or potential violation of any Data Protection Law Law, and, to the Knowledge of FoamixTWG, neither Foamix TWG nor the Foamix Subsidiary any of its Subsidiaries is under investigation by any Governmental Entity Authority for any actual or potential material violation of any Data Protection Law. Since August 1, and 2014 through the date hereof, no material written notice, complaint, claim, enforcement actionAction, or litigation Litigation of any kind has been served on, or initiated againstor, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized access, use, disclosure, and modification; (d) to the Knowledge of FoamixTWG, has not experienced initiated against, TWG or any of its Subsidiaries under any applicable Data Protection Law. (f) To the Knowledge of TWG, since August 1, 2014, there have been no material failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents related to Personal Data during the past three (3) years that affecting TWG or any of its Subsidiaries which would require notification by TWG or any of its Subsidiaries of individuals, law enforcement, or any Governmental Entity, Authority or any remedial action by TWG or any of its Subsidiaries under any applicable Contract or Data Protection Law. To the Knowledge of TWG, and as of the date hereof, there are no pending, or expected pending complaints, actionsActions, fines, or other penalties facing Foamix TWG or the Foamix Subsidiary any of its Subsidiaries in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection Law. (b) Foamix and the Foamix Subsidiary have implemented commercially reasonable security regarding the integrity and availability of any information or operational technology systems, or software applications used by or on behalf of Foamix and the Foamix Subsidiary. To the Knowledge of Foamix, there has been no security incident that has compromised the integrity or availability of the information technology system, operational technology system or software applications used, owned or operated by Foamix or the Foamix Subsidiary.

Privacy and Data Security. (a) Foamix and the Foamix Subsidiary: (a) isSeller complies, and has at all times has beensince January 1, in compliance with all Data Protection Requirements 2013 complied, in all material respects; (b) respects with all Privacy and Information Security Requirements applicable to the Business and the Assigned Assets. Neither Seller nor, to the knowledge of Seller, any other Person, has not since January 1, 2013 received any written subpoenas, demands, notice or other notices communication, from any Governmental Entity investigatingor otherwise, inquiring into, or otherwise relating to regarding any actual or potential asserted violation of of, or failure to comply with, any Data Protection Law and, Privacy and Information Security Requirement by Seller with respect to the Knowledge of Foamix, neither Foamix nor Business and the Foamix Subsidiary Assigned Assets. There is under investigation by any Governmental Entity for any actual or potential violation of any Data Protection Law, and no written notice, complaint, claim, enforcement action, or litigation of any kind has been served on, or initiated against, Foamix or the Foamix Subsidiary under any Data Protection Law; (c) uses commercially reasonable measures to protect the confidentiality, integrity, and security of the Personal Data it collects and/or processes from unauthorized access, use, disclosure, and modification; (d) to the Knowledge of Foamix, has not experienced any material failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents related to Personal Data during the past three (3) years that would require notification of individuals, law enforcement, or any Governmental Entity, or any remedial action under any applicable Data Protection Lawcurrently pending, and there are no pendinghas not been since January 1, 2013, any Action against Seller alleging any violation of or expected complaintsfailure to comply with, actions, fines, or other penalties facing Foamix any Privacy and Information Security Requirement by Seller with respect to the Business or the Foamix Subsidiary in connection with any such failures, crashes, security breaches, unauthorized access, use, or disclosure, or other adverse events or incidents; and (e) to the Knowledge of Foamix, has not received any pending or threatened claims from individuals alleging any breach of, or exercising their rights under, any Data Protection LawAssigned Assets. (b) Foamix Seller has not, with respect to the Business and the Foamix Subsidiary have Assigned Assets since January 1, 2013, suffered a material security breach resulting in any unauthorized Processing of any Personal Data or confidential information Processed by Seller in the conduct of the Business. Seller has not since January 1, 2013, notified, or been required to notify, any Person of any information security breach involving Personal Data or confidential information processed by Seller, or on its behalf, with respect to the Business or the Assigned Assets. (c) Seller has, in all material respects, provided all requisite notices and obtained all required consents, and satisfied all other requirements (including but not limited to notification to Governmental Entities), necessary for the Processing (including international and onward transfer) of all Personal Data in connection with the conduct of the Business and the Assigned Assets as currently conducted and in connection with the consummation of the transactions contemplated hereunder. (d) Seller has since January 1, 2013, implemented with respect to the Business and the Assigned Assets, and maintains compliance in all material respects with, reasonable security measures (including data protection policies and procedures concerning the Processing of Personal Data, and training, use testing, audits or other documented mechanisms designed to ensure and monitor compliance with such policies and procedures) designed to ensure compliance in all material respects with all Privacy and Information Security Requirements. Seller has in place commercially reasonable disaster recovery and business continuity plans and procedures with respect to the Business and the Assigned Assets. Seller has required all vendors that Process Personal Data in connection with the conduct of the Business on its behalf to employ commercially reasonable security regarding measures that comply in all material respects with all Privacy and Information Security Requirements. (e) The IT Systems and Business Products, to the integrity and availability knowledge of any information or operational technology systemsSeller, contain no code designed to disrupt, disable, harm, distort, or software applications used by otherwise impede in any material respect the legitimate operation of such IT Systems or on behalf of Foamix Business Products (including what are sometimes referred to as “viruses”, “worms”, “time bombs”, or “back doors”) that have not been fully removed or remedied. The Business and the Foamix Subsidiary. To Assigned Assets have not, since January 1, 2013, except as has not been and would not reasonably be expected to be material to the Knowledge of FoamixBusiness, there has been no security incident that has compromised experienced any disruption to, or interruption in, the integrity or availability conduct of the information technology systemBusiness attributable to unauthorized access to, operational technology system or software applications usedintroduction of a virus or other malicious programming within, owned the IT Systems or operated by Foamix Business Products. (f) Notwithstanding the generality of the foregoing, Seller has, and has at all times since January 1, 2013 had, privacy and security policies, procedures and safeguards applicable to the Business and the Assigned Assets that comply in all material respects with then-applicable requirements of Health Care Privacy Laws (collectively, “Health Care Privacy and Security Policies”) and has complied in all material respects with such Health Care Privacy and Security Policies. Seller has, since January 1, 2016, to the extent required for compliance in all material respects with Health Care Privacy Laws in the conduct of the Business, entered into written and signed business associate agreements with each Person who is a “business associate” (as defined in HIPAA) of such Person and has a written and signed business associate agreement with each “covered entity” (as defined in HIPAA) and business associate of which such person is a business associate. Since January 1, 2016, except as has not been and would not reasonably be expected to be material to the Business or the Foamix SubsidiaryAssigned Assets, no “breach” (as defined in HIPAA) has occurred with respect to unsecured “protected health information” (as defined in HIPAA) in the possession or under the control of Seller or, to the knowledge of Seller, its business associates with respect to the Business or the Assigned Assets.