Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since February 1, 2020, been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies and contractual obligations, in each case relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Confidential Data and the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the “Data Protection Requirements”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since February 1, 2020, made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Except as described in the Registration Statement and the Prospectus, neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any Data Protection Requirement, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Data Protection Requirement.

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since February 1, 2020, 2020 been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies all policies, and contractual obligations, in each case obligations relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Confidential Data and, and to the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the “Data Protection Requirements”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since February 1, 2020, 2020 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Except as described in the Registration Statement and the Prospectus, neither Neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any Data Protection Requirement, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection Requirement; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Data Protection Requirement.

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since February August 1, 2020, 2018 been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies and contractual obligations, in each case relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Confidential Data and the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the “Data Protection Requirements”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since February August 1, 2020, 2018 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Except as described in the Registration Statement and the Prospectus, neither Neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any Data Protection Requirementof the Privacy Laws, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection RequirementPrivacy Law; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Data Protection RequirementPrivacy Law.

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since February June 1, 2020, 2019 been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies and contractual obligations, in each case relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Confidential Data and the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the “Data Protection Requirements”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since February June 1, 2020, 2019 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Except as described in the Registration Statement and the Prospectus, neither Neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any Data Protection Requirementof the Privacy Laws, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection RequirementPrivacy Law; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Data Protection RequirementPrivacy Law.

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, to the Knowledge of the Company, the Company and its subsidiaries Entities are, and at all times prior hereto have since February 1, 2020, been, in compliance with all applicable state, federal, and foreign international data privacy, security security, and consumer protection laws Laws regarding the collection, processing retention, use, and regulationsprotection of Personal Data, including including, without limitation, to the extent applicable, applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (the collectively, “HITECH ActHIPAA”), the California Consumer Privacy Act of 2018 (“CCPA”) and Act, as amended by the California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPACCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies and contractual obligations, in each case relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Confidential Data and the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, . To facilitate compliance with the Privacy Laws, the “Company Entities have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, processing, storage, use, disclosure, handling, and analysis of Personal Data. No Person (including any Governmental Body) has made any claim or commenced any Proceeding relating to any Company Entity’s privacy or data security practices, including with respect to the access, disclosure or use of Personal Data Protection Requirements”)maintained by or on behalf of any Company Entity, or, threatened in writing any such Proceeding or conducted any investigation or inquiry thereof. Except The respective businesses and operations of the Company Entities have not experienced any loss, damage, or unauthorized or unlawful access, disclosure, use, or breach of security of any Personal Data in any Company Entity’s possession, custody, or control, or otherwise held or processed on its behalf, except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Notwithstanding the foregoing, none of the Company and its subsidiaries have since February 1, 2020, made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Except as described in the Registration Statement and the Prospectus, neither the Company nor any subsidiaryEntities: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, processing or use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any Data Protection Requirementof the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to the Company’s knowledge, no result in any such notices are threatened or pendingnotice; (ii) is currently conducting or paying a third party for, in whole or in part, any investigation, remediation, or other corrective action implemented by a third party pursuant to any Data Protection RequirementPrivacy Law; or (iii) is a party to any order, decree, order or agreement with any governmental, regulatory or supervisory authority or body decree that imposes any obligation or liability under any Data Protection RequirementPrivacy Law.

Data Privacy and Security Laws. Except as described in the Registration Statement Statement, the Pricing Disclosure Package and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since February March 1, 2020, 2017 been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies and contractual obligations, in each case relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Confidential Data and the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the “Data Protection Requirements”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since February March 1, 2020, 2017 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Except as described in the Registration Statement and the Prospectus, neither Neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any Data Protection Requirementof the Privacy Laws, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Protection RequirementPrivacy Law; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Data Protection RequirementPrivacy Law.