Common use of Privacy and Data Security Clause in Contracts

Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.

Privacy and Data Security. (a) The Since May 16, 2023, and to the Company: (i) has at all times since January 1’s Knowledge, between June 30, 2022 been and May 16, 2023, each of the Company and its Subsidiaries has complied with all applicable Privacy Laws, including with respect to the collection, acquisition, use, storage and transfer (including cross-border transfer) of Personal Information, except for such non-compliance as is not, and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. Since May 16, 2023, the Company and its Subsidiaries have complied in all material respects with each of their respective written and published policies concerning the privacy of Personal Information (“Privacy Policies”), if applicable and required. The Company and its Subsidiaries maintain commercially reasonable policies, procedures and security measures with respect to the physical and electronic security and privacy of Personal Information that are designed to achieve compliance in all material respects with Privacy Laws, and the Company and its Subsidiaries are in compliance in all material respects with such policies and procedures. To the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity Knowledge of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January 1, 2022, there have been no data material breaches or other data incidents material violations of any security measures of the Company and its Subsidiaries, or intrusions: (i) resulting in the material loss, damage or any material unauthorized access, use unauthorized transmission, modification or other material misuse disclosure of any Personal Information maintained by or on behalf Information. None of the Company and its Subsidiaries has received written notice (or, to the Knowledge of the Company, any other communication) of (a) any material violation or breach, or alleged material violation or breach, of Privacy Laws and/or Privacy Policies, or (iib) that have caused a material disruption any claims against any of the Company and its Subsidiaries by any Person, and there is no Legal Proceeding pending or, to the function Knowledge of the Company’s information technology systems, threatened against any of the Company and its Subsidiaries, alleging a violation or breach of Privacy Laws and/or Privacy Policies, except in each case with respect as would not be material to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the Company nor and its subsidiaries have received any written complaintsSubsidiaries, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Lawstaken as a whole.

Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither Since January 1, 2022, neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.

Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been Companies are in compliance in all material respects with (i) the Data Privacy Companies’ external-facing, posted and Security Requirements; internal written notices, policies, and procedures relating to the collection, use, processing, storage, or destruction of Personal Information, (ii) has implemented and maintainedPrivacy Laws, since January 1, 2022, commercially reasonable measures designed to ensure (iii) applicable provisions of contracts regulating the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized accesscollection, use, modification processing, storage, or other misuse; destruction of Personal Information, and (iiiiv) is if applicable, the Payment Card Industry Data Security Standard (collectively, the “Privacy Commitments”). (b) The Companies have in place, and has beenhave maintained, at all times since January 1physical, 2022technical, processing Personal Information and administrative security measures and policies, including commercially reasonable information security and data privacy safeguards, that are in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data applicable Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger ClosingCommitments. (bc) Since January 1, 20222021, there have has been no data breaches or other data incidents or intrusions: (i) resulting in the material lossloss of, damage intentional, unlawful, or material unauthorized access, use unauthorized transmissionuse, disclosure or modification or other material misuse of of, any Personal Information maintained maintained, used, or owned by or on behalf of the Company, Companies or (ii) that have caused a material disruption any other security breach or security incident relating to the function of the Company’s Personal Information or information technology systems, in each case with respect to clauses that would require notification of individuals, other affected parties, law enforcement, or any Governmental Authority. (id) and (ii)None of the Companies has since January 1, that required notification to Governmental Entities2021 received any subpoenas, individualsdemands, or other third party under applicable Data Privacy and Security Requirements. Neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity Authority investigating, inquiring into, or received written notice otherwise relating to any actual or potential violation of Privacy Laws and, to the Knowledge of the Companies, no Company is under investigation by any Governmental Authority for any actual or potential violation of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws. Except as set forth on Schedule 3.25, no notice, complaint, claim, inquiry, audit, enforcement action, proceeding, or litigation of any kind has been served on, or initiated against any Company by any private party or Governmental Authority, foreign or domestic, under any Privacy Commitments. (e) The execution, delivery, and performance of this Agreement shall not cause, constitute, or result in a breach or violation of any Privacy Commitments.

Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the The Company nor its subsidiaries have has not received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.

Privacy and Data Security. (a) The Company: (i) has at all times Sellers are, and since January 1, 2022 been in compliance 2017 have been, in all material respects in compliance with the Data all applicable Information Privacy and Security Requirements; (ii) has implemented Laws with respect to the Business. With respect to the Business, the Sellers maintain policies and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, procedures regarding data security and integrity of the Company’s information technology systemsprivacy and maintain administrative, technical, organizational and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information physical security safeguards that are required in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data applicable Information Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger ClosingLaws. (b) Since January 1, 20222017, and solely to the extent required under applicable Information Privacy and Security Laws, the Sellers have had in place written data processing agreements with any key vendors acting as processors in material compliance with applicable Information Privacy and Security Laws in the case of processors. (c) With respect to the Business, to the Knowledge of the Sellers, since January 1, 2017, there have been no data material Personal Data breaches or material cybersecurity incidents (collectively, “Breaches“) subject to any Information Privacy and Security Laws. No notice or claim has been received by any of the Sellers from a third party vendor or any other Person alleging any Breach, including those alleging any breach of the GDPR since January 1, 2017. With respect to the Business, to the Knowledge of the Sellers, none of the Sellers has experienced a loss, or an unauthorized disclosure, use, or breach of data incidents protection, privacy or intrusions: security, of any Sensitive Data that required notice to any Person (iincluding any Governmental Authorities or parties to any Contract) resulting under any applicable Information Privacy and Security Laws since January 1, 2017. No Person (including any Governmental Authority or parties to any Contract) has commenced any Action relating to any Seller’s information privacy or data security practices with respect to the Business or, to the Knowledge of the Sellers, threatened any such Action or made any complaint, investigation, or inquiry relating to such practices since January 1, 2017. None of the Sellers has received any notice, request or other communication from any supervisory authority (as defined in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the CompanyGDPR), or has been subject to any investigation or proceedings (iiwhether of a criminal, civil or administrative nature) that have caused a material disruption to the function of the Company’s information technology systemsby any competent legal or regulatory authority, in each case relating to its processing of Personal Data with respect to clauses (i) and (ii)the Business since January 1, that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws2017.

Privacy and Data Security. (a) The Company: Company (i) has at all times since January 1October 6, 2022 2021 been in compliance in all material respects with the Data Privacy and Security Requirements; Requirements applicable to the Company and its business activities, (ii) takes, and has implemented and maintainedtaken since October 6, since January 12021, 2022, commercially reasonable industry standard measures designed to ensure preserve the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; misuse and (iii) has and is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all related consents obtained by the Company and notices that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights right to use, process, store and maintain such Personal Information in substantially the same manner as the Company had to use, process, and store such Personal Information enjoyed immediately prior to the Merger Closing. (b) Since January 1October 6, 20222021, there have been no data breaches or other data incidents or intrusions: (i) intrusions resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), systems that required would require notification to Governmental Entities, individuals, individuals or other third party under applicable Data Privacy and Security Requirementsparty. Neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence in connection with respect to any investigation from any Governmental Entity Entity, individual, or other third party, or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws. (c) The Company is not a “Covered Entity” (as defined by HIPAA) and, in all cases where required by Law, the Company has executed a “Business Associate Agreement” (in accordance with HIPAA) with (i) each “Covered Entity” (as defined by HIPAA) or “Business Associate” (as defined by HIPAA) for which or whom the Company provides services or performs functions or activities that render such Company a Business Associate and (ii) each “Subcontractor” (as defined by HIPAA) of such Company.

Privacy and Data Security. (a) The Company: (i) The Company and its Subsidiaries have in place (A) administrative, technical and physical safeguards designed to protect against the destruction, loss, or alteration of Personal Information, (B) reasonable security measures designed to protect Personal Information, and (C) privacy policies and procedures, all of which safeguards, measures and policies and procedures described in (A) – (C) above meet or exceed the requirements of applicable Law; (ii) the Company and each of its Subsidiaries have complied with applicable Law in all material respects and with all applicable contractual privacy obligations and their respective internal privacy policies and guidelines relating to the collection, storage, use and transfer of Personal Information; (iii) neither the Company nor any of its Subsidiaries is, or, during the preceding three (3) years, has at all times been, under investigation or audit, by any private party or Governmental Authority, arising out of an actual or alleged data privacy or security incident nor, to the Knowledge of the Seller Parties, has any private party or Governmental Authority alleged any breach of contract or non-compliance with Law related to a data privacy or security matter, and (iv) since January 1, 2022 2016, there has been in compliance in all material respects with (x) to the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity Knowledge of the Company’s information technology systemsSeller Parties, and to protect Personal Information in its possession or control against loss, damage and no unauthorized access, use, modification disclosure or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse transfer of any Personal Information maintained by in the possession, custody or control of the Company, any of its Subsidiaries, or a contractor or agent acting on behalf of the CompanyCompany or any of its Subsidiaries, or and (iiy) that have caused a material disruption no claim communicated to the function of the Company’s information technology systems, Company or any if its Subsidiaries in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the Company writing from any affected individual nor its subsidiaries have received any written complaints, notices of investigation request or other written correspondence with respect to any investigation inspection from any Governmental Entity Authority that will likely give rise or received written notice of has given rise to any litigation currently pending liability under applicable Law in relation to data protection, data security or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Lawsprivacy.

Privacy and Data Security. (a) The Company: Company (i) has at all times since January 1December 23, 2022 2021 been in compliance in all material respects with the Data Privacy and Security Requirements; Requirements applicable to the Company and its business activities, (ii) takes, and has implemented and maintainedtaken since December 23, since January 12021, 2022, commercially reasonable industry standard measures designed to ensure preserve the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; misuse and (iii) has and is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all related consents obtained by the Company and notices that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights right to use, process, store and maintain such Personal Information in substantially the same manner as the Company had to use, process, and store such Personal Information enjoyed immediately prior to the Merger Closing. (b) Since January 1December 23, 20222021, there have been no data breaches or other data incidents or intrusions: (i) intrusions resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), systems that required would require notification to Governmental Entities, individuals, individuals or other third party under applicable Data Privacy and Security Requirementsparty. Neither the The Company nor its subsidiaries have has not received any written complaints, notices of investigation or other written correspondence in connection with respect to any investigation from any Governmental Entity Entity, individual, or other third party, or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws. (c) The Company is not a “Covered Entity” (as defined by HIPAA) and, in all cases where required by Law, the Company has executed a “Business Associate Contract” (in accordance with HIPAA) with (i) each “Covered Entity” (as defined by HIPAA) or “Business Associate” (as defined by HIPAA) for which or whom the Company provides services or performs functions or activities that render such Company a Business Associate and (ii) each “Subcontractor” (as defined by HIPAA) of such Company.

Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) intrusions resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii)case, that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the The Company nor its subsidiaries have has not received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.

Privacy and Data Security. (a) The Company: (i) has at all times since January June 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January June 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January June 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January June 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither Since June 1, 2022, the Company nor its subsidiaries have has not received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.

Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with Company and the Sellers have provided to Purchaser true and correct copies of Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained Laws related documents adopted by the Company that apply Group Members in connection with their operations. To the Individual Sellers’ Knowledge, each Group Member has initiated several actions to the Company’s processing of such Personal Information, including to the extent applicable, comply with Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger ClosingLaws. (b) Since To the Individual Sellers’ Knowledge, and except for the cyberattack suffered by the Company between January 17, 2021 and January 18, 2021, as described in the report of Access Ingénierie Informatique dated February 1, 20222021 attached in Schedule 4.26(b)(i) of the Disclosure Schedule, for which (i) a complaint was filed (dépôt de plainte) by ▇▇. ▇▇▇▇ ▇▇▇▇▇▇ at the Gendarmerie Nationale – ▇▇, ▇▇▇ ▇▇ ▇▇▇▇▇▇▇▇▇▇ – ▇▇▇▇▇ ▇▇▇▇▇▇▇▇ on January 18, 2021, (ii) a notification de violation de données personnelles was filed with the CNIL on February 4th, 2021 and (iii) and all corrective measures to be taken before the Closing Date pursuant to the corrective action plan attached in Schedule 4.26(b)(ii) of the Disclosure Schedule will be implemented before the Closing Date, there have not been no data breaches any incidents of, or other data incidents or intrusions: third party claims alleging, (i) resulting in Security Breaches, unauthorized access or unauthorized use of any the material Group Members’ IT Systems; or (ii) loss, damage theft, unauthorized access or material unauthorized accessacquisition, use unauthorized transmissionmodification, modification disclosure, corruption, or other material misuse of any Personal Information maintained in the Group Members’ possession, or other confidential data owned by the Group Members (or on behalf provided to the Group Members by their customers) in the Group Members’ possession. None of the CompanyGroup Members has notified in writing, or (ii) that have caused a material disruption to the function Individual Sellers’ Knowledge, been required by applicable Law or a Governmental Authority to notify in writing, any Person of any Security Breach. To the Individual Sellers’ Knowledge, none of the Company’s information technology systemsGroup Members has received any notice of any claims, in each case investigations (including investigations by a Governmental Authority), or alleged violations of Laws with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information possessed by the Company or alleging any violation by the Company of Privacy LawsGroup Members.

Privacy and Data Security. (a) The Company: Company (i) has at all times since January 1April 3, 2022 2019 been in compliance in all material respects with the Data Privacy and Security Requirements; Requirements applicable to the Company and its business activities, (ii) takes, and has implemented and maintainedtaken since April 3, since January 1, 20222019, commercially reasonable measures designed to ensure preserve the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; misuse and (iii) has and is and has been, at all times since January 1, 2022, processing Personal Information in material compliance in all material respects with all related consents obtained by the Company and notices that apply to the Company’s processing of such Personal Information. The execution, including to delivery and performance of the extent applicable, Transactions will not violate the Data Privacy and Security Requirements. After Requirements and, immediately following the consummation of the Transactions, the Company will continue to have materially the same rights right to use, process, store and maintain such Personal Information in substantially the same manner in all material respects as the Company had to use, process, and store such Personal Information enjoyed immediately prior to the Merger Closing. (b) The Company takes actions consistent with commercially reasonable practices to protect, and maintain the integrity, availability, redundancy, backup, continuous operation and security of its information technology systems. The Company regularly trains employees and users of its information technology systems to identify security threats and intrusions, and takes appropriate steps to prevent security incidents. There is no known deficiency in the Company’s cybersecurity measures or policies that could reasonably be anticipated to result in a loss of data or a breach of security of the Company in any material respect. (c) Since January 1April 3, 20222019, there have been no data breaches or other data incidents or intrusions: (i) intrusions resulting in the material loss, damage or material unauthorized access, use use, unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), systems that required would require notification to Governmental Entities, individuals, individuals or other third party under applicable Data Privacy and Security Requirementsparties. Neither the The Company nor its subsidiaries have has not received any written complaints, notices of investigation or other written correspondence in connection with respect to any investigation from any Governmental Entity Entity, individual, or other third party, or received written notice of any litigation currently pending or or, to the knowledge of the Company, threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by of the Company of Privacy Laws. (d) The Company is not a “Covered Entity” (as defined by HIPAA) and, in all cases where required by Law, the Company has executed a “Business Associate Contract” (in accordance with HIPAA) with (i) each “Covered Entity” (as defined by HIPAA) or “Business Associate” (as defined by HIPAA) for which or whom the Company provides services or performs functions or activities that render such Company a Business Associate and (ii) each “Subcontractor” (as defined by HIPAA) of such Company.

Privacy and Data Security. (a) The Company: (i) has at To the Knowledge of Parent or Seller, the Company and Abacus have in place (A) administrative, technical and physical safeguards designed to protect against the destruction, loss, or alteration of Personal Information, (B) security measures designed to adequately protect Personal Information, and (C) privacy policies and procedures, all times since January 1of which safeguards, 2022 been measures and policies and procedures described in compliance (A) – (C) above meet or exceed the requirements of applicable Law; (ii) the Company and Abacus have complied with applicable Law in all material respects, with all applicable contractual privacy obligations in all materials respects, and their respective internal privacy policies and guidelines in all material respects with relating to the Data Privacy collection, storage, use and Security Requirementstransfer of Personal Information; (iiiii) has implemented and maintainedneither the Company nor Abacus is, or, since January 1, 20222018, commercially reasonable measures designed has been, under investigation or audit, by any private party or Governmental Authority, arising out of an actual or alleged Security Breach nor has any private party or Governmental Authority alleged any breach of contract or non-compliance with Law related to ensure the availability, a data privacy or security and integrity of the Company’s information technology systemsmatter, and (iv) since January 1, 2018, there has been (x) to protect Personal Information in its possession the Knowledge of Parent or control against lossSeller, damage and no unauthorized access, use, modification disclosure or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing. (b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse transfer of any Personal Information maintained by in the possession, custody or on behalf control of the Company or Abacus, and (y) no claim communicated to the Company or Abacus in writing from any affected individual nor any written request or inspection from any Governmental Authority that, to the Knowledge of the Company, will likely give rise or (ii) that have caused a material disruption has given rise to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party any liability under applicable Data Privacy and Security Requirements. Neither the Company nor its subsidiaries have received any written complaintsLaw in relation to data protection, notices of investigation data security or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Lawsprivacy.