Common use of Data Compliance Clause in Contracts

Data Compliance. (a) Both the Group Companies and any of their Affiliated Persons have, abided by applicable Cyber Security and Data Protection Related Laws, adopted sufficient technical measures and other necessary measures to protect data security when collecting, storing, using, processing, sharing, transferring, publicly disclosing and cross-border transmitting Personal Information. (b) Neither the Group Companies nor any of their Affiliated Persons have taken any action that constitutes data breach, infringement of Personal Information or violation of Laws related to Personal Information protection and cyber security, including but not limited to: (i) collecting or using Personal Information without obtaining prior consent of the Persons whose information is collected unless otherwise stipulated by laws; (ii) collecting or using Personal Information without expressly indicating the purpose, methods and scope of collecting and using Personal Information to the Person whose Personal Information is collected, or collected Personal Information unrelated to the provided services; (iii) not strictly keeping confidential the Personal Information obtained during the course of providing services, or disclosed, damaged, tampered or illegally (including without obtaining authorization or beyond the authorization scope) provided such information to others; (iv) collecting, using or processing its stored Personal Information in violation of Laws or agreements with the Person whose Personal Information is collected; and (v) stealing or otherwise unlawfully obtaining Personal Information, including obtaining Personal Information from sources that may be illegal. (c) Except as disclosed in Section 3.16(c) of the Disclosure Schedule, neither the Group Companies nor any of their Affiliated Persons have been investigated, inquired or been subject to any other actions by the regulatory authorities against the Group Companies or any of their Affiliated Persons, or sued or claimed compensation by any third party as a result of data mismanagement or illegal use of data.