Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.
Confidentiality/Protection of Customer Information The Company shall keep confidential and shall not divulge to any party, without the Purchaser's prior written consent, the price paid by the Purchaser for the Mortgage Loans, except to the extent that it is reasonable and necessary for the Company to do so in working with legal counsel, auditors, taxing authorities or other governmental agencies. Each party agrees that it shall comply with all applicable laws and regulations regarding the privacy or security of Customer Information and shall maintain appropriate administrative, technical and physical safeguards to protect the security, confidentiality and integrity of Customer Information, including maintaining security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information, 66 Fed. Reg. 8616 (the "Interagency Guidelines"). For purposes of this Section, the term "Customer Information" shall have the meaning assigned to it in the Interagency Guidelines.
Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and members of its Group may presently have and, following the Effective Time, may gain access to or possession of confidential or proprietary information of, or personal information relating to, Third Parties (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or members of such Party’s Group, on the other hand, prior to the Effective Time; or (ii) that, as between the two Parties, was originally collected by the other Party or members of such Party’s Group and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause the members of its Group and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary information of, or personal information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or members of the other Party’s Group, on the one hand, and such Third Parties, on the other hand.
Data Protection The Administrator shall implement and maintain a comprehensive written information security program that contains appropriate security measures to safeguard the personal information of the Trust’s shareholders, employees, directors and/or officers that the Administrator receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
Privacy and Data Protection The Company and its subsidiaries have operated their business in a manner compliant in all material respects with all United States federal, state, local and non-United States privacy, data security and data protection laws and regulations applicable to the Company’s collection, use, transfer, protection, disposal, disclosure, handling, storage and analysis of personal data. The Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure the integrity and security of the data collected, handled or stored in connection with its business; the Company and its subsidiaries have been and are in compliance in all material respects with internal policies and procedures designed to ensure compliance with the Health Care Laws that govern privacy and data security and take, and have taken reasonably appropriate steps designed to assure compliance in all material respects with such policies and procedures. The Company and its subsidiaries have taken reasonable steps to maintain the confidentiality of its personally identifiable information, protected health information, consumer information and other confidential information of the Company, its subsidiaries and any third parties in its possession (“Sensitive Company Data”). The tangible or digital information technology systems (including computers, screens, servers, workstations, routers, hubs, switches, networks, data communications lines, technical data and hardware), software and telecommunications systems used or held for use by the Company and its subsidiaries (the “Company IT Assets”) are adequate and operational for, in accordance with their documentation and functional specifications, the business of the Company and its subsidiaries as now operated and as currently proposed to be conducted as described in the Registration Statement, the General Disclosure Package and the Prospectus. The Company and its subsidiaries have used reasonable efforts to establish, and have established, commercially reasonable disaster recovery and security plans, procedures and facilities for the business consistent with industry standards and practices in all material respects, including, without limitation, for the Company IT Assets and data held or used by or for the Company and its subsidiaries. The Company and its subsidiaries have not suffered or incurred any security breaches, compromises or incidents with respect to any Company IT Asset or Sensitive Company Data, except where such breaches, compromises or incidents would not, individually or in the aggregate, be material to the Company or any of its subsidiaries; and there has been no unauthorized or illegal use of or access to any Company IT Asset or Sensitive Company Data by any unauthorized third party. The Company and its subsidiaries have not been required to notify any individual of any information security breach, compromise or incident involving Sensitive Company Data.
Ownership and Protection of Proprietary Information (i) As used herein, the term “
Cyber Security; Data Protection The Company’s and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are reasonably believed by the Company to be adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted and are free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with their businesses, and there have been no material breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any material incidents under internal review or investigations relating to the same. The Company and its subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification (“Data Protection Requirements”), in each case, except for such failures as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. To ensure compliance with the Data Protection Requirements, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Data Protection Requirements, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability by any governmental authority under any Data Protection Requirement, in each case except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.
Security and Safeguarding Information (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (“FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that:
Confidential Information Protections 4.1 At all times during and after the Employee’s employment, the Employee will hold in confidence and will not disclose, use, lecture upon, or publish any of Company’s Confidential Information (defined below), except as may be required in connection with the Employee’s work for Company, or as expressly authorized by the Board. The Employee will obtain the written approval of the Board before publishing or submitting for publication any material (written, oral, or otherwise) that relates to the Employee’s work at Company and/or incorporates any Confidential Information. The Employee hereby assigns to Company any rights the Employee may have or acquire in any and all Confidential Information and recognize that all Confidential Information shall be the sole and exclusive property of Company and its assigns.
