all reasonable steps in accordance with normal industry practice to appropriately protect, maintain and safeguard the confidentiality of all Intellectual Property Rights, the value of which to
the Company is contingent upon maintaining the confidentiality thereof, including the execution of appropriate nondisclosure and confidentiality agreements and, to the Knowledge of the Company, no such Intellectual Property Rights have been
disclosed other than pursuant to such confidentiality obligations.
(bb) Privacy Laws. The Company is, and takes all commercially
reasonable actions to be, in compliance in all respects with all published privacy policies, contractual obligations, all applicable laws, statutes, judgments, orders, rules, regulations of any court or arbitrator or any other governmental or
regulatory entity, and any other applicable legal obligations governing the collection, use, transfer, import, export, storage, protection, disposal and disclosure by the Company of personal, personally identifiable data, including, without
limitation, and to the extent applicable: the California Consumer Privacy Act, as amended (CCPA); the European Union General Data Protection Regulation (GDPR) (EU 2016/679); and HIPAA and
the HITECH Act (collectively, Data Security Obligations), except where noncompliance would not, singularly or in the aggregate, have a Material Adverse Effect. To the Companys Knowledge, the Company, (i) has not
received any written notification of or written complaint regarding any actual or potential liability under or relating to, or actual or potential violation of, any Data Security Obligation, and has no Knowledge of any event or condition that would
reasonably be expected to result in any such notice; (ii) is not currently conducting or paying for, in whole or in part, any investigation, remediation or other corrective action pursuant to any Data Security Obligation; (iii) is not a
party to any order of any court or regulatory authority that imposes on the Company any obligation or liability under any Data Security Obligation; or (iv) is not a party to any action, suit investigation or proceeding by or before any court or
regulatory authority pending or, to the Companys Knowledge, threatened alleging non-compliance with any Data Security Obligation that could reasonably be expected, singularly or in the aggregate, to have
a Material Adverse Effect.
(cc) IT Systems. The Companys information technology assets and computer systems, networks,
hardware, software, websites, applications, equipment or technology, data (including confidential information, trade secrets or other data of the Company or its respective users, customers, employees, suppliers, vendors, patient data, clinical data
and any third party data maintained by or the Company) and databases (collectively, IT Systems and Data) are adequate for and operate and perform in all material respects as required in connection with the operation of the
business of the Company as currently conducted, and, to the Companys Knowledge, are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company, in all respects, has complied and
is presently in compliance with, all applicable laws, statutes or any judgment, order, rule or regulation of any court or arbitrator or other governmental or regulatory authority, published policies, contractual obligations and any other legal
obligations, in each case, relating to the security of IT Systems and Data and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification, except where noncompliance would not, singularly or in the
aggregate, have a Material Adverse Effect. The Company has implemented and maintained commercially reasonable information technology, information security, cyber security and data protection controls, policies and procedures (such as oversight,
access controls, encryption, technological and physical safeguards and business continuity/disaster recovery and security plans, consistent with industry standards and practices) that are designed to maintain and protect the Companys
confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and Data used in connection with its business, except where failure to implement and maintain such policies and procedures, would not,
singularly or in the aggregate, have a Material Adverse Effect. To the Companys Knowledge, (i) there has been no material security breach or attack, violations, outages or unauthorized uses of, losses of, or accesses to any IT Systems and
Data used in connection with the operation of the Companys business and (ii) the Company has not been notified of any event or condition that would reasonably be expected to result in, any such security breach or attack to its IT Systems
and Data that could reasonably be expected, singularly or in the aggregate, to have a Material Adverse Effect.