Economic and market conditions, particularly those affecting our customers, have harmed and may
continue to harm our business.
In addition to the global COVID-19 pandemic, other
unfavorable changes in economic conditions, including recession, inflation, lack of access to capital, lack of consumer confidence or other changes have resulted and may continue to result in lower spending among our customers and target customers.
Further, we sell our products throughout the United States, as well as in several international countries to commercial, non-profit and government customers. Our business may be adversely affected by factors in the United States and other countries such as disruptions in financial markets, reductions in government spending, or
downturns in economic activity in specific countries or regions, or in the various industries in which we operate; social, political or labor conditions in specific countries or regions; or adverse changes in the availability and cost of capital,
interest rates, tax rates, or regulations. These factors are beyond our control but may result in further decreases in spending among customers and softening demand for our products.
Further, challenging economic conditions also may impair the ability of our customers to pay for products and services they have purchased. As
a result, our cash flow may be negatively impacted and our allowance for doubtful accounts and write-offs of accounts receivable may increase.
Legal
and Regulatory Risks
We are subject to stringent U.S. and foreign data privacy and protection laws, rules, regulations, policies, industry
standards and contractual obligations, and our failure to comply could subject us to fines and damages and would harm our reputation and business.
We are subject to a variety of data privacy and protection laws, rules, regulations, policies and industry standards adopted by federal, state,
local and foreign legislatures and governmental agencies, as well as contractual privacy obligations. Data privacy and protection is highly regulated, and may become the subject of additional regulation in the future. Privacy laws restrict our
collection, storage, use, processing, disclosure, transfer and protection of non-public personal information, including but not limited to credit card data, social security numbers, and passport numbers,
provided to us by our event organizers and registrants. We strive to comply with all applicable laws, rules, regulations, policies, industry standards and other legal and contractual obligations relating to privacy and data protection. However, it
is possible that these requirements may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. Any failure, or perceived failure, by us to comply with federal,
state, local or international laws, including laws, rules and regulations regulating privacy, payment card information, personal health information, data or consumer protection, could result in proceedings, litigation or actions against us by
governmental entities or others, significant fines and penalties for noncompliance, regulatory inquiries or investigations, increases in compliance costs and reputational damage, any of which could have a material and adverse effect on our business,
financial condition, operating results, cash flows and prospects.
The regulatory framework for privacy and data protection issues
worldwide is evolving, and various government and consumer agencies and public advocacy groups have called for new regulation and changes in industry practices, including some directed at providers of mobile and online resources in particular. Our
obligations with respect to privacy and data protection may become broader or more stringent. New laws, amendments to or reinterpretations of existing laws, regulations, standards and other obligations may require us to incur additional costs and
restrict our business operations, and may require us to change how we use, collect, store, transfer or otherwise process certain types of personal data and to implement new processes to comply with those laws and our customers exercise of
their rights thereunder. If we are required to change our business activities or revise or eliminate services, or to implement costly compliance measures, our business and results of operations could be harmed.
Internationally, many jurisdictions have established their own data security and privacy legal frameworks with which we may need to comply,
and compliance with regulations that differ from country to country may impose substantial burdens on our business. For example, in 2016, the E.U. adopted a new regulation governing data privacy called the GDPR, which became effective in May 2018.
The GDPR established numerous new requirements applicable to the handling of personal data, including more robust obligations on data processors and heavier documentation
34