(ll) Sanctions. Neither the Company nor any of its subsidiaries, nor, to the knowledge of the Company, any director, officer, employee, agent, affiliate or other person acting on behalf of the Company or any of its subsidiaries is currently the subject or the target of any U.S. sanctions administered by the Office of Foreign Assets Control of the U.S. Department of the Treasury or the U.S. Department of State, the United Nations Security Council, the European Union, Her Majestys Treasury of the United Kingdom, or other applicable sanctions authority (collectively, Sanctions); nor is the Company or any of its subsidiaries located, organized or resident in a country or territory that is the subject or the target of Sanctions, including, without limitation, Crimea, Cuba, Iran, North Korea, Sudan and Syria (each, a Sanctioned Country); and the Company will not directly or indirectly use the proceeds of this offering, or lend, contribute or otherwise make available such proceeds to any subsidiary, or any joint venture partner or other person or entity, for the purpose of financing the activities of or business with any person known to the Company, after reasonable investigation, to be currently subject to, or in or with any country or territory, that at the time of such financing, is the subject or the target of Sanctions. For the past five years, the Company and its subsidiaries have not knowingly engaged in and are not now knowingly engaged in any dealings or transactions with any person that at the time of the dealing or transaction is or was the subject or the target of Sanctions or with any Sanctioned Country.
(mm) Cybersecurity. Except as could not reasonably be expected, individually or in the aggregate, to result in a Material Adverse Change, (i) the Company and its subsidiaries information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, IT Systems) operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants; and (ii) the Company and its subsidiaries have at all times in the past five years implemented and maintained commercially reasonable physical, technical and administrative controls, policies, procedures, and safeguards designed to maintain and protect their material confidential information and the integrity, operation, redundancy and security of all IT Systems and confidential data, including Personal Data, used in connection with their businesses. Personal Data means (i) a natural persons name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, drivers license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as personally identifying information under the Federal Trade Commission Act, as amended; (iii) personal data as defined by GDPR (as defined below); (iv) any information which would qualify as protected health information under the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, HIPAA); and (v) any other piece of information that allows the identification of such natural person, or his or her family, or is related to an identified persons health or sexual orientation. Except as could not reasonably be expected, individually or in the aggregate, to result in a Material Adverse Change, in the past five years, there have been no breaches, violations, outages or unauthorized uses of or accesses to such IT Systems or confidential data, including Personal Data, except for those that have been remedied without material cost or liability or the duty to notify any other person. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all applicable judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, and all of the Companys and its subsidiaries internal policies and contractual obligations, relating to the privacy and security of such IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.