(y) The Company and each of its subsidiaries: (i) have complied and are presently in compliance in all material respects with all internal and external written privacy policies, contractual obligations, applicable laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other applicable legal obligations, in each case, relating to the collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing by or on behalf of the Company or any of its subsidiaries of personal data, personal information, personally identifiable information, and any similar term as defined by applicable law (Data Security Obligations, and such data and information, Personal Data); (ii) maintain and have maintained commercially reasonable policies and procedures designed to ensure the Companys and its subsidiaries compliance with the Data Security Obligations except to the extent it would not be reasonably expected to have a material adverse effect on the Company and its subsidiaries, taken as a whole, (iii) have not received any notification of or complaint regarding, and are unaware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance with any Data Security Obligation. There is no action, suit, investigation or proceeding by or before any court or governmental agency or authority pending or threatened in writing against the Company or any of its subsidiaries alleging non-compliance with any Data Security Obligation.
(z) Except to the extent it would not be reasonably expected to have a material adverse effect on the Company and its subsidiaries, taken as a whole, the information technology assets, equipment, computers, systems, networks, hardware, software, internet websites, applications, data and databases (including the Personal Data, the data of their respective customers, employees, suppliers, vendors and any other third party data maintained, processed or transmitted by or on behalf of the Company and its subsidiaries) used by or on behalf of the Company and its subsidiaries (collectively, IT Systems and Data) are reasonably adequate for, and operate and perform as required in connection with, the operation of the businesses of the Company and its subsidiaries as currently conducted and as proposed to be conducted by them as described in each of the Registration Statement, the Time of Sale Prospectus and the Prospectus, in each case, free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and each of its subsidiaries take and have taken all reasonable technical and organizational measures necessary to protect the IT Systems and Data. Without limiting the foregoing, the Company and its subsidiaries have used commercially reasonable efforts to establish and maintain, and have established, maintained, implemented and complied with, reasonable information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical safeguards and business continuity/disaster recovery and security plans, consistent with industry standards and practices, that are designed to protect against and prevent the breach, destruction, loss, unauthorized distribution, use, access, disablement, misappropriation or modification, or any other compromise or misuse, in each case, of or relating to any IT Systems and Data (Breach). There has been no Breach, and the Company and its subsidiaries have not been notified of and have no knowledge of any event or condition that would reasonably be expected to result in, any Breach except as would not be reasonably expected to have a material adverse effect on the Company and its subsidiaries, taken as a whole.