contractual obligations, applicable industry standards, applicable laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other legal obligations, in each case, relating to the collection, use, transfer, import, export, storage, protection, disposal and disclosure by the Company or any of its subsidiaries of personal, personally identifiable, household, sensitive, confidential or regulated data (collectively, Data Security Obligations, and such data, Data); (ii) the Company has not received any written notification of or written complaint regarding (or, to the Companys knowledge, oral notification or complaint), and the Company has no knowledge of any event or condition that would reasonably be expected to result in non-compliance with any Data Security Obligation; and (iii) there is, and in the last three (3) years, has been no action, suit or proceeding by or before any court or governmental agency, authority or body pending or threatened alleging non-compliance with any Data Security Obligation by the Company or its subsidiaries.
(aa) The Company and each of its subsidiaries have taken commercially reasonable technical, administrative, physical, and organizational measures necessary to protect the information technology and computer assets, equipment, systems, networks, hardware, software, applications, websites, data and databases (collectively, IT Systems) and Data used in connection with the operation of the Companys and its subsidiaries respective businesses as currently conducted. Without limiting the foregoing, the Company and its subsidiaries have established, maintained, implemented and complied with information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical safeguards and business continuity/disaster recovery and security plans, that are designed to (i) protect and maintain the integrity, continuous operation, redundancy, and security of the IT Systems and Data consistent with applicable industry standards and practices, or as otherwise required by applicable regulatory standards, and (ii) that are designed to protect against and prevent breach, destruction, loss, unauthorized distribution, use, access, disablement, misappropriation or modification, or other compromise or misuse of or relating to any of the IT Systems or Data used in connection with the operation of the Companys and its subsidiaries respective businesses as currently conducted (Breach). The Company and its subsidiaries have implemented applicable industry standard measures designed to ensure that the IT Systems and Data used in connection with the operation of the Companys and its subsidiaries respective businesses as currently conducted are free and clear of all bugs, errors, defects, Trojan horses, time bombs, malware, and other corruptants. To the Companys knowledge, there has been no Breach, and the Company and its subsidiaries have not received written notification of and have no knowledge of any event or condition that would reasonably be expected to result in, any such Breach (including, but not limited to, any event that would reasonably be expected to give rise to a Breach or incident for which notification by the Company or its subsidiaries to individuals and/or governmental agency, authority or body is required under any applicable law, regulation, code of conduct or contract to which the Company or its subsidiaries is a party).