Data Privacy and Security. (a) To the Company’s knowledge, each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) To the Company’s knowledge, there is (and since the Lookback Date there has been) no material Proceeding pending or, to the Company’s knowledge, threatened against or involving any Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official; (ii) any other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoing. (c) To the Company’s knowledge, since the Lookback Date: (i) no person has alleged or given written notice of unauthorized access to, or use, disclosure, or Processing of Personal Data in the possession or control of any Group Company or any of its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; (ii) no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effect. (d) Each Group Company owns or has license to use such Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear). To the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of business.
Appears in 4 contracts
Sources: Business Combination Agreement (Adagio Medical Holdings, Inc.), Business Combination Agreement (Chain Bridge I), Business Combination Agreement (ARYA Sciences Acquisition Corp IV)
Data Privacy and Security. (a) To Each Group Company does not knowingly collect or process Personal Data contrary to law, to each Group Company’s knowledge. The Company has safeguards in place that are sufficient to protect Personal Data and confidential information in the Company’s knowledge, possession or control from unauthorized access by third Persons and to ensure that the operation of the businesses of each Group Company has implemented adequate written policies relating (including with respect to the Processing of Personal Data as and to the extent required by applicable Law (“employee matters) are in compliance with all Privacy and Data Security Policies”)Requirements in all material respects.
(b) To the Company’s knowledgeThere are no pending Proceedings, nor has there is (and since the Lookback Date there has been) no material Proceeding pending or, to the Company’s knowledge, threatened been any Proceedings against or involving any Group Company initiated by any Person (including (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; (iiiii) any other Governmental Entity, foreign or domestic; Entity or (iiiiv) any regulatory or self-regulatory entity) , in each case, alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any applicable Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingLaws.
(c) To the Company’s knowledge, since Since the Lookback Date: , (i) there has been no person has alleged material unauthorized access, use, acquisition or given written notice disclosure of unauthorized access toPersonal Data, or use, disclosure, or Processing of Personal Data confidential business information in the possession or control of any Group Company or or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or third party service provider on behalf of a any Group Company; , and (ii) to the Company’s knowledge, there have been no person has alleged or given written notice of unauthorized intrusions into or breaches Security Breaches of security into any Group Company systems networks, communication equipment or other technology necessary for the operations of the Group Companies’ business. The Group Companies have not experienced any material successful unauthorized access to, use or modification of, or interference with Company IT Systems; Systems since the Lookback Date and (iii) none of the Group Companies has notified is aware of any written or, to the knowledge of the Company, oral notices or been required to notify complaints from any Person regarding such a Security Breach or incident. None of the Group Companies has received any written complaints, claims, demands, inquiries or other notices, including a notice of investigation, from any Person (including any Governmental Entity or self-regulatory authority) regarding any of the Group Companies’ Processing of Personal Data or compliance with applicable Privacy and Security Requirements. Since the Lookback Date, none of the Group Companies have provided or have been obligated to provide notice under any Privacy and Security Requirements to regarding any Security Breach or unauthorized access to or use of any (A) loss, theft Company IT System or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effect.
(d) Each Group Company owns or has a license to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All The Group Companies have a sufficient number of license seats for all Software included in the Company IT Systems are: Systems.
(ie) free from any material defect, bug, virus or programming, design or documentation error The Group Companies are and (ii) have been in sufficiently good working condition to effectively perform compliance in all material information technology operations necessary for the operation of the Business (except for ordinary wear respects with all applicable Privacy and tear). To the Company’s knowledge, Security Requirements since the Lookback Date.
(f) The Group Companies have implemented reasonable physical, there have not been any material failurestechnical and administrative safeguards to protect the privacy, breakdowns or continued substandard performance operation, confidentiality, integrity and security of any all Company IT Systems that have caused a material failure and Personal Data in their possession or disruption control from unauthorized access by any Person, including each of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of businessGroup Companies’ employees and contractors.
Appears in 4 contracts
Sources: Business Combination Agreement (Integrated Wellness Acquisition Corp), Business Combination Agreement (Integrated Wellness Acquisition Corp), Business Combination Agreement (TortoiseEcofin Acquisition Corp. III)
Data Privacy and Security. (a) To the Company’s knowledge, each Each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”)Requirements. Each Group Company is and has been in compliance in all material respects with all Privacy and Data Security Requirements in all relevant jurisdictions.
(b) To the Company’s knowledgeNo Group Company has received notice of any pending Proceedings, nor has there is (and since the Lookback Date there has been) no been any material Proceeding pending or, to the Company’s knowledge, threatened Proceedings against or involving any Group Company initiated by any Person (including (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; or (iiiii) any other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) in each case, alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws or any applicable Privacy and Data Security Policies norRequirements. No Group Company has been notified in writing, or been required by Privacy and Data Security Requirements to the Company’s knowledgenotify in writing, is there (nor since the Lookback Date has there been) any basis for the foregoingPerson or entity of any personal data or information security-related incident.
(c) To Since the incorporation of the Company’s knowledge, since the Lookback Date: (i) there has been no person has alleged or given written notice of loss, damage, unauthorized access toaccess, or use, disclosure, breach of security of any Company IT Systems or Processing disclosure of Personal Data or Company information in the possession possession, custody or control of any Group Company or any of otherwise held or processed on its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; and (ii) there has been no person has alleged failure, breakdown, continued substandard performance, data loss, outage, unscheduled downtime, unauthorized intrusion, or given written notice of unauthorized intrusions or breaches breach of security into or technology security or any related incident affecting any such Company IT Systems; Systems that has impacted the integrity or availability of the Company IT Systems or that have caused or could reasonably be expected to result in the substantial disruption of or interruption in or to the use of such Company IT Systems or the conduct and (iii) none operation of the business of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal DataCompanies, except, in each casethe case of clauses (i) and (ii), as would not have a Company Material Adverse Effect.
(d) Each Group Company has implemented, and required that its third party vendors implement, adequate policies and commercially reasonable security (i) regarding the confidentiality, integrity, and availability of personal data, and business proprietary or sensitive information, in its possession, custody, or control, or held or processed on its behalf, and (ii) regarding the integrity and availability of the Company IT Systems.
(e) Each Group Company owns or has a license to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All The Company IT Systems are: are adequate in all material respects for the operation and conduct of the business of the Group Companies as currently conducted. To the knowledge of the Company, neither the Company IT Systems nor any Software that constitutes Company Owned Intellectual Property contains any viruses, worms, Trojan horses, bugs, faults or other devices, errors, contaminants or effects that (i) free from any material defect, bug, virus materially disrupt or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for materially adversely affect the operation of the Business (except for ordinary wear and tear). To the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption functionality of the Company IT Systems other than routine failures Systems, except as disclosed in their documentation or disruptions that have been remediated (ii) enable or assist any Person to access without authorization any Company IT Systems. The consummation of the transaction contemplated by this Agreement will not result in the ordinary course any violation of businessany Privacy and Data Security Requirements.
Appears in 2 contracts
Sources: Business Combination Agreement (HighCape Capital Acquisition Corp.), Business Combination Agreement (HighCape Capital Acquisition Corp.)
Data Privacy and Security. (a) To Except as set forth on Section 3.22(a) of the Company’s knowledgeCompany Disclosure Schedules, each Group Company has implemented adequate written internal and external policies relating to the Processing of Personal Data as and to the extent required by applicable Privacy Law (“Privacy and Data Security Policies”). Except as set forth on Section 3.22(a) of the Company Disclosure Schedules, for the past three years, each Group Company has at all times complied with all applicable Privacy Laws, the Privacy and Data Security Policies, and contractual obligations entered into by a Group Company relating to the Processing of Personal Data and any other applicable industry standards or requirements binding upon such Group Company (collectively, the “Privacy Requirements”).
(b) To the Company’s knowledgeThe Company has not received notice of any pending Proceedings, nor has there is (and since the Lookback Date there has been) no been any material Proceeding pending or, to the Company’s knowledge, threatened Proceedings against or involving any Group Company initiated by any Person (including (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; (iiiii) any other Governmental Entity, foreign or domestic; or (iiiiv) any regulatory state, federal, or self-regulatory entity) international data protection authority, in each case, alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingRequirements.
(c) To Except as set forth on Section 3.22(c) of the Company’s knowledgeCompany Disclosure Schedules, since for the Lookback Date: past three years, (i) there has been no person has alleged material unauthorized access, use or given written notice of unauthorized access to, or use, disclosure, or Processing disclosure of Personal Data in the possession or control of any Group Company or and/or any of its contractors with regard to the service providers of any Personal Data obtained from or on behalf of a Group Company; Company and (ii) there have been no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; and (iii) none of Systems under the Group Companies has notified or been required to notify any Person control of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse EffectGroup Company.
(d) Each Group Company owns or has a license to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Each Group Company IT Systems are: has taken commercially reasonable steps to protect (i) free from any material defectthe operation, bugconfidentiality, virus or programming, design or documentation error integrity and security of the Company IT systems and (ii) personal data in sufficiently good working condition the Group Company’s possession or control, or otherwise processed by the Group Company, from unauthorized, accidental or unlawful use, disclosure and modification.
(e) Each Group Company is, and at all times has been, in compliance with all legal requirements that are applicable to effectively perform all material information technology operations necessary for each Group Company’s business as presently conduct pertaining to sales, marketing, and electronic communications, including, without limitation, the operation U.S. CAN-SPAM Act, the U.S. Telephone Consumer Protection Act (TCPA), and the Fair Credit Reporting Act (FCRA).
(f) Each Group Company has reasonable procedures in place to ensure that the third parties with which such Group Company shares or transfers Personal Data are required to protect the confidentiality of the Business (except for ordinary wear and tear)shared or transferred Personal Data in compliance with all applicable Privacy Requirements. To Each Group Company has contractual arrangements with such third parties that comply with all applicable Privacy Requirements to the Companyextent applicable to the third party’s knowledgeservices, since the Lookback Dateuse, there have not been any material failures, breakdowns or continued substandard performance processing of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of businessPersonal Data.
Appears in 2 contracts
Sources: Business Combination Agreement (Digerati Technologies, Inc.), Business Combination Agreement (Minority Equality Opportunities Acquisition Inc.)
Data Privacy and Security. (aA) To Except as would not, individually or in the Company’s knowledgeaggregate, reasonably be expected to result in a Material Adverse Effect or as otherwise disclosed in the Registration Statement, the Pricing Disclosure Package and the Final Prospectus, (A) the Company and each Group Company has implemented adequate written policies of its Designated Subsidiaries have complied and are presently in compliance in all material respects with all internal and external privacy policies, contractual obligations, industry standards, applicable laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other legal obligations, in each case, relating to the Processing collection, use, transfer, import, export, storage, protection, disposal and disclosure by the Company or any of Personal Data as and to the extent required by applicable Law its Designated Subsidiaries of personal, personally identifiable, household, sensitive, confidential or regulated data (“Privacy and Data Security PoliciesObligations,” and such data, “Data”).
; (bB) To the Company’s knowledge, Company has not received any notification of or complaint regarding material non-compliance with any Data Security Obligation; and (C) there is (and since the Lookback Date there has been) no material Proceeding action, suit or proceeding by or before any court or governmental agency, authority or body pending or, to the knowledge of the Company’s knowledge, threatened against or involving alleging non-compliance with any Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official; Data Security Obligation.
(ii) any other Governmental EntityThe Company and each of its Designated Subsidiaries have implemented and maintain controls, foreign policies, procedures, and technological safeguards reasonably consistent with industry standards and practices that are designed to protect against and prevent breach, destruction, loss, unauthorized distribution, use, access, disablement, misappropriation or domestic; or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoing.
(c) To the Company’s knowledge, since the Lookback Date: (i) no person has alleged or given written notice of unauthorized access tomodification, or use, disclosure, other compromise or Processing misuse of Personal Data in the possession or control of any Group Company or any of its contractors with regard relating to any Personal Data obtained from or on behalf of a Group Company; (ii) no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effect.
(d) Each Group Company owns or has license to use such Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for system or Data used in connection with the operation of the Business Company’s and its subsidiaries’ businesses (except for ordinary wear and tear“Breach”). To Except as would not, individually or in the Company’s knowledgeaggregate, since reasonably be expected to result in a Material Adverse Effect or as otherwise disclosed in the Lookback DateRegistration Statement, the Pricing Disclosure Package and the Final Prospectus, (a) there has been no such Breach, and (b) the Company and its Designated Subsidiaries have not been any material failures, breakdowns or continued substandard performance notified of and have no knowledge of any Company IT Systems event or condition that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions would reasonably be expected to result in, any such Breach, except for those that have been remediated in remedied without material cost or liability or the ordinary course of businessduty to notify any governmental or regulatory authority.
Appears in 2 contracts
Sources: Underwriting Agreement (SiriusPoint LTD), Underwriting Agreement (SiriusPoint LTD)
Data Privacy and Security. (a) To the Company’s knowledge, each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there There is (and since the Lookback Date date of incorporation of each Group Company there has been) no material Proceeding pending or, to the Company’s knowledge, threatened against or involving any Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official; , (ii) any other Governmental Entity, foreign or domestic; domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws and Security Requirements.
(b) Since January 1, 2018, (i) there has been no Security Incidents with respect to any Company IT Systems, Personal Data, or Company Products or otherwise related to the business of any Privacy and Data Security Policies norGroup Company (including, to the Company’s knowledge, is there prior to each Group Company’s ownership of its business), (nor since the Lookback Date has there beenii) any basis for the foregoing.
(c) To to the Company’s knowledge, since the Lookback Date: (i) knowledge there has been no person has alleged or given written notice of unauthorized access to, or use, disclosure, or Processing of Personal Data or any trade secrets, know-how or confidential information of or in the possession or control of any Group Company or any of its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; (ii) no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; , and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as is not and would not have reasonably be excepted to be, individually or in the aggregate, material to the Group Companies, taken as a Company Material Adverse Effectwhole.
(dc) Each Group Company owns or has license to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. The Group Companies have taken reasonable precautions to protect the confidentiality, integrity and security of the Company IT Systems and all information stored or contained therein or transmitted thereby from any loss, theft, or unauthorized disclosure, use, access, interruption or modification by any Person. All Company IT Systems are: are (i) free from any Malicious Code, material defect, bug, virus bug or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business business of the Group Companies (except for ordinary wear and tear). To the Company’s knowledgeSince January 1, since the Lookback Date2018, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures Systems, including, to the Company’s knowledge, prior to each Group Company’s ownership of its business. The Group Companies have implemented, maintained and tested adequate and commercially reasonable disaster recovery procedures and facilities for their respective businesses.
(d) The Group Companies (i) engage and have engaged in, directly or disruptions that have been remediated indirectly, Data Processing only with respect to such Data as they are authorized to so engage (or to cause such Processing, as applicable) by Law and Contract, except as is not and would not reasonably be expected to be, individually or in the ordinary course aggregate, material to the Group Companies, taken as a whole, and (ii) have implemented reasonable safeguards designed to prevent unauthorized use or disclosure of businesssuch Data. The Group Companies have, with respect to all such Data that is subjected to any Processing directly or indirectly in connection with the business of the Group Companies, all rights necessary to conduct the operation of their respective businesses as then-currently conducted, in all material respects.
Appears in 2 contracts
Sources: Business Combination Agreement (Bannix Acquisition Corp.), Business Combination Agreement (Bannix Acquisition Corp.)
Data Privacy and Security. (a) To the Company’s knowledge, each The Company has not received any written notice of any pending or threatened Proceeding against or involving any Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there is (and since the Lookback Date there has been) no material Proceeding pending or, to the Company’s knowledgeKnowledge, threatened against or involving any Group Company Company’s Affiliates initiated by any Person (Person, including (i) the United States Federal Trade Commission, any state attorney general or similar state official; (ii) any other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a any Group Company or its Affiliates is or was in violation of any Privacy Laws or any Privacy and Data Security Policies norRequirements.
(b) The Group Companies take, to in the reasonable determination of the Company’s knowledgemanagement team, is there commercially reasonable measures designed to protect and maintain (nor since i) the Lookback Date has there beenownership and confidentiality of their material proprietary Company Intellectual Property and (ii) any basis the security, confidentiality, continuous operation and integrity of their Company IT Systems (and all confidential data and Protected Data stored therein or transmitted thereby). The Group Companies have back-up and disaster recovery arrangements for the foregoingcontinued operation of their business in the event of a failure of its Company IT Systems that are, in the reasonable determination of the Company’s management team, commercially reasonable and in accordance with standard industry practice.
(c) To Except as would not, individually or in the Company’s knowledgeaggregate, since the Lookback Date: have, or be reasonably expected to result in, a Company Material Adverse Effect, (i) no person there has alleged or given written notice of unauthorized access to, or use, disclosure, or Processing of Personal not been any Data Breach with respect to any Protected Data in the possession or control of any Group Company or its Affiliates, or any of its contractors with regard to any Personal Protected Data obtained from or on behalf of a any Group Company; Company or its Affiliates, (ii) there have been no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; Systems or Protected Data, and (iii) none of the Group Companies has nor their Affiliates have been notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure Data Breach or other Processing of, Personal intrusion or breach of security into any Company IT Systems or Protected Data, except, in each case, as would not have a Company Material Adverse Effect.
(d) Each Group Company owns or has license to use such Company IT Systems as necessary to operate the business The Company’s and its Subsidiaries’ collection, use, disclosure, storage and transfer of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) Personal Data complies in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation respects with all Privacy Requirements. The execution, delivery and performance of the Business (except for ordinary wear and tear). To transactions contemplated by this Agreement do not materially violate the Company’s knowledgeprivacy policy as it currently exists or, since to the Lookback Date, there have not been extent any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption previous privacy policy of the Company IT Systems other than routine failures remains applicable to Personal Data maintained by the Company or disruptions that have been remediated in the ordinary course of businessits Subsidiaries, as such previous privacy policy existed before.
Appears in 1 contract
Sources: Business Combination Agreement (Calisa Acquisition Corp)
Data Privacy and Security. (a) To the Company’s knowledge, each Each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”) compliant with all Laws related to the Processing of Personal Data. Each Group Company is, and has been since December 31, 2018, in compliance with (i) all applicable Laws related to the Processing of Personal Data, (ii) Privacy and Data Security Policies, and (iii) contractual obligations of the Group Companies related to the Processing of Personal Data, in each case of (i)-(iii), in all material respects.
(b) To the Company’s knowledgeThere are no pending, nor have there is (and since the Lookback Date there has been) no been any material Proceeding pending or, to the Company’s knowledge, threatened Proceedings against or involving any Group Company initiated by any Person (including (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; (iiiii) any other Governmental Entity, foreign or domestic; or (iiiiv) any regulatory or self-regulatory entity) entity alleging that any Processing of Personal Data by or on behalf of a Group Company (A) is in violation of any applicable Privacy Laws or was (B) is in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingPolicies.
(c) To the Company’s knowledge, since the Lookback Date: (i) Since December 31, 2018, there has been no person has alleged unauthorized access, use or given written notice of unauthorized access to, or use, disclosure, or Processing disclosure of Personal Data in the possession or control of any Group Company or and any of its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; Company and (ii) there have been no person has alleged or given written notice unauthorized intrusions, loss of unauthorized intrusions data, or breaches of security into any Group Company IT Systems; and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each casethe case of clauses (i) and (ii), as would not have reasonably be expected to be, individually or in the aggregate, material to the Group Companies, taken as a Company Material Adverse Effectwhole.
(d) Each Group Company owns or has license to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear). To the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of business.
Appears in 1 contract
Sources: Business Combination Agreement (Oaktree Acquisition Corp. II)
Data Privacy and Security. (a) To the knowledge of the Company’s knowledge, each Group the Company has at all times complied in all material respects with all applicable Privacy Laws, Privacy and Data Security Policies (as defined below), and contractual commitments concerning the Payment Card Industry Data Security Standards (if any) (collectively, the “Privacy Requirements”). The Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there There is (and since the Lookback Date there has been) no material Proceeding pending orpending, to the knowledge of the Company’s knowledge, threatened any material Proceedings against or involving any Group the Company initiated by any Person (including (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; (iiiii) any other Governmental Entity, foreign or domestic; or (iiiiv) any regulatory or self-regulatory entity) entity alleging that any Processing of Personal Data by or on behalf of a Group the Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingRequirements.
(c) To the knowledge of the Company’s knowledge, since the Lookback Date: (i) prior thereto, there has been no person has alleged material breach of security resulting in unauthorized access, use or given written notice of unauthorized access to, or use, disclosure, or Processing disclosure of Personal Data in the possession or control of any Group the Company or or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of a Group the Company; (ii) no person has alleged , or given written notice of any material unauthorized intrusions or breaches of security into any the Company IT Systems; and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effectsystems.
(d) Each Group The Company owns or has license to use such the Company IT Systems as necessary to operate the business of each Group the Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear). To the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other than disabling device, code, design or routine failures that causes the software of any portion thereof to be erased, inoperable or disruptions otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person.
(e) The Company has taken organizational, physical, administrative and technical measures required by Privacy Requirements consistent with standards prudent in the industry in which the Company operates to protect (i) the integrity, security and operations of the Company’s information technology systems, and (ii) the confidential data owned by the Company or provided by the Company’s customers, and Personal Data against data security incidents or other misuse. The Company has implemented reasonable procedures, satisfying the requirements of applicable Privacy Laws in all material respects, to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse.
(f) In connection with each third-party service provider whose services are material to the Company and involve the Processing of Personal Data on behalf of the Company, the Company has in accordance with Privacy Laws, entered into valid data processing agreements with any such third party in accordance with applicable Privacy Laws.
(g) The consummation of any of the transactions contemplated hereby, will not violate any applicable Privacy Requirements.
(h) There have not been any Proceedings related to any data security incidents or any violations of any Privacy Requirements that have been remediated asserted in writing against the ordinary course Company, and, to the Company’s knowledge, the Company has not received any written correspondence relating to, or written notice of businessany Proceedings with respect to, alleged violations by the Company of, Privacy Requirements.
(i) To the knowledge of the Company, the Company has not transferred any Personal Data from the European Union or United Kingdom.
Appears in 1 contract
Data Privacy and Security. (a) To the Company’s knowledgeExcept as would not have a Company Material Adverse Effect, each Private Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledgeExcept as would not have a Company Material Adverse Effect, there is (and since the Lookback Date there has been) no material Proceeding pending or, to the Company’s knowledge, threatened in writing, against or involving any Private Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official; , (ii) any other Governmental Entity, foreign or domestic; domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Private Group Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies Requirements, nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoing.
(c) To Since January 1, 2019, to the Company’s knowledge, since the Lookback Date: (i) there has been no person has alleged or given written notice of unauthorized access to, or use, disclosure, or Processing of Personal Data in the possession or control of any Private Group Company or any of its contractors with regard to any Personal Data obtained from or on behalf of a Private Group Company; , (ii) there have been no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; , and (iii) none of the Private Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each casecase of clauses (i), (ii) and (iii), as would not have a Company Material Adverse Effect.
(d) Each Except as would not have a Company Material Adverse Effect, (i) each Private Group Company owns or has license licenses to use such the Company IT Systems as necessary to operate the business of each Private Group Company as currently conducted. All , (ii) to the Company’s knowledge, all Company IT Systems are: (i) are free from any material defect, bug, virus or programming, design or documentation error and (iiiii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear). To the Company’s knowledgesince January 1, since the Lookback Date2019, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of business.
(e) To the knowledge of the Company, the consummation of this Agreement and any transfers of Personal Data necessary to give effect to the Agreement will not violate any Privacy and Security Requirement, except as would not have a Company Material Adverse Effect.
Appears in 1 contract
Sources: Business Combination Agreement (Montes Archimedes Acquisition Corp)
Data Privacy and Security. (a) To the Company’s knowledge, each The Company has not received any written notice of any pending or threatened Proceeding against or involving any Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there is (and since the Lookback Date there has been) no material Proceeding pending or, to the Company’s knowledgeKnowledge, threatened against or involving any Group Company Company’s Affiliates initiated by any Person (Person, including (i) the United States Federal Trade Commission, any state attorney general or similar state official; (ii) any other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a any Group Company or its Affiliates is or was in violation of any Privacy Laws or any Privacy and Data Security Policies norRequirements.
(b) The Group Companies take, to in the reasonable determination of the Company’s knowledgemanagement team, is there commercially reasonable measures designed to protect and maintain (nor since i) the Lookback Date has there beenownership and confidentiality of their material proprietary Company Intellectual Property and (ii) any basis the security, confidentiality, continuous operation and integrity of their Company IT Systems (and all confidential data and Protected Data stored therein or transmitted thereby). The Group Companies have back-up and disaster recovery arrangements for the foregoingcontinued operation of their business in the event of a failure of its Company IT Systems that are, in the reasonable determination of the Company’s management team, commercially reasonable and in accordance with standard industry practice.
(c) To the Company’s knowledgeKnowledge, since there have been no unauthorized intrusions or breaches of security that has resulted in unauthorized use of, or access to, the Lookback Date: Company IT Systems or Protected Data that, pursuant to any applicable Law, would require the Company or a Subsidiary to notify customers or employees of such breach or intrusion.
(d) Except as would not, individually or in the aggregate, have, or be reasonably expected to result in, a Company Material Adverse Effect, (i) no person there has alleged or given written notice of unauthorized access to, or use, disclosure, or Processing of Personal not been any Data Breach with respect to any Protected Data in the possession or control of any Group Company or its Affiliates, or any of its contractors with regard to any Personal Protected Data obtained from or on behalf of a any Group Company; Company or its Affiliates, (ii) there have been no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; Systems or Protected Data, and (iii) none of the Group Companies has nor their Affiliates have been notified or been required to notify any Person of any (Aa) loss, theft or damage of, or (Bb) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse EffectData Breach.
(de) Each Group Company owns or has license to use such Company IT Systems as necessary to operate the business The Company’s and its Subsidiaries’ collection, use, disclosure, storage and transfer of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) Personal Data complies in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation respects with all Privacy Requirements. The execution, delivery and performance of the Business (except for ordinary wear and tear). To transactions contemplated by this Agreement do not materially violate the Company’s knowledgeprivacy policy as it currently exists or, since to the Lookback Date, there have not been extent any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption previous privacy policy of the Company IT Systems other than routine failures remains applicable to Personal Data maintained by the Company or disruptions that have been remediated in the ordinary course of businessits Subsidiaries, as such previous privacy policy existed before.
Appears in 1 contract
Sources: Business Combination Agreement (AlphaVest Acquisition Corp.)
Data Privacy and Security. (a) To Except as would not reasonably be expected to be material to the Company’s knowledgeGroup Companies, taken as a whole, each Group Company has has, (i) for the past three (3) years, complied with applicable Privacy Obligations; and (ii) implemented adequate and complied with an appropriate data protection compliance program and appropriate written policies and procedures relating to the Processing of Personal Data as and to the extent required by applicable Law necessary in order to comply with all Privacy Obligations (“Privacy and Data Security Policies”). The Group Companies have adopted and published privacy notices and policies that describe their privacy practices to their websites, mobile applications or other electronic platforms and complied with those notices and policies, except where non-compliance would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. The Group Companies have implemented an information security program that, as of the date of this Agreement and as of the Closing Date, is comprised of commercially reasonable and appropriate physical, technical, organizational and administrative security measures and policies and that complies with all Privacy Obligations and that is reasonably designed to protect and maintain the privacy, security and integrity of any Personal Data, confidential information or trade secrets in their possession or under their control, or otherwise Processed by such Group Companies, including to protect such data from any Security Breaches.
(b) To For the Company’s knowledgepast three (3) years, there is (and since the Lookback Date there no Group Company has been) no material Proceeding received written notice of any pending orProceedings, nor, to the knowledge of the Company’s knowledge, threatened has there been any Proceedings against or involving any Group Company initiated by any Person (including by: (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; or (iiiii) any other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) in each case, alleging that any Processing of Personal Data by or on behalf of a Group Company Company: (A) is in violation of any applicable Privacy Obligations; or was (B) is in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingPolicies.
(c) To For the Company’s knowledge, since the Lookback Date: past three (3) years no Group Company has (i) no person has alleged received any written notice, request, correspondence or given written notice other communication from any Supervisory Authority, or, to the knowledge of unauthorized access tothe Company, or use, disclosure, or Processing of Personal Data in the possession or control of any Group Company or any of its contractors with regard been subject to any Personal Data obtained from investigation or on behalf of a Group Company; enforcement action (ii) no person has alleged or given written notice of unauthorized intrusions or breaches of security into including any Company IT Systems; and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure fines or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effect.
(d) Each Group Company owns or has license to use such Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tearsanctions). To the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of business.,
Appears in 1 contract
Sources: Business Combination Agreement (Sandbridge Acquisition Corp)
Data Privacy and Security. (a) To the Company’s knowledge, each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there There is (and since the Lookback Date January 1, 2018 there has been) no material Proceeding pending or, to the Company’s knowledge, threatened against or involving any Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official; , (ii) any other Governmental Entity, foreign or domestic; domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingprivacy Laws.
(cb) To the Company’s knowledgeSince January 1, since the Lookback Date: 2018, (i) there has been no person has alleged or given written notice of unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of any Group Company or any of its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; , (ii) there have been no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; , and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each casecase of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect.
(dc) Each Group Company owns or has a license or other right to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems are: are (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Group Companies, taken as a whole. To the Company’s knowledgeSince January 1, since the Lookback Date2018, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of business.
Appears in 1 contract
Sources: Business Combination Agreement (ARYA Sciences Acquisition Corp III)
Data Privacy and Security. (a) To the Company’s knowledge, each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there There is (and since the Lookback Date January 1, 2018 there has been) no material Proceeding Proceedings pending or, to the Company’s knowledge, threatened against or involving any Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official; (ii) any other Governmental Entity, foreign or domestic; or (iii) any supervisory authority or other regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any applicable Privacy Laws Laws.
(b) Since January 1, 2018, (i) there has been no material loss, damage, or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoing.
(c) To the Company’s knowledgeunauthorized or unlawful access, since the Lookback Date: (i) no person has alleged use or given written notice of unauthorized access to, or use, disclosure, or Processing disclosure of Personal Data in the possession or control of any Group Company or and any of its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; Company and (ii) to the Company’s knowledge, there have been no person has alleged or given written notice of material unauthorized intrusions or breaches of security into any Group Company IT Systems; systems, and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effect.
(dc) Each Group Company owns or has a license or other right to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted, except as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Group Companies. All Company IT Systems are: are (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business business of the Group Companies (except for ordinary wear and tear), except in the case of each of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Group Companies, taken as a whole. To the Company’s knowledgeSince January 1, since the Lookback Date2018, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that (i) have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of business, and (ii) have not caused any events of the type described in Section 3.20(b) or affected Personal Data or Trade Secrets owned by or pertaining to each Group Company.
Appears in 1 contract
Sources: Business Combination Agreement (Investindustrial Acquisition Corp.)
Data Privacy and Security. (a) To the Company’s knowledge, each Group The Company has implemented adequate not received any written policies relating to the Processing notice of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) To the Company’s knowledge, there is (and since the Lookback Date there has been) no material any Proceeding pending ornor, to the Company’s knowledgeKnowledge, threatened is any Proceeding threatened, against or involving any Group Company or its Affiliates initiated by any Person (Person, including (i) the United States Federal Trade Commission, any state attorney general or similar state official; (ii) any other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a any Group Company or its Affiliates is or was in violation of any Privacy Laws Requirements.
(b) The Group Companies take commercially reasonable measures designed to protect and maintain (i) the ownership and confidentiality of their material proprietary Company Intellectual Property and (ii) the security, confidentiality, continuous operation and integrity of their Company IT Systems (and all confidential data and Protected Data stored therein or any Privacy transmitted thereby). The Group Companies have back-up and Data Security Policies nordisaster recovery arrangements for the continued operation of their business in the event of a failure of its Company IT Systems that are, to in the reasonable determination of the Company’s knowledgemanagement team, is there (nor since the Lookback Date has there been) any basis for the foregoingcommercially reasonable and in accordance with standard industry practice.
(c) To There have been no unauthorized intrusions or breaches of security that has resulted in unauthorized use of, or access to, the Company’s knowledgeCompany IT Systems or Protected Data that, since pursuant to any applicable Law, would require the Lookback Date: Company or a Subsidiary to notify customers or employees of such breach or intrusion.
(d) Except as would not, individually or in the aggregate, have, or be reasonably expected to result in, a Company Material Adverse Effect, (i) no person there has alleged or given written notice of unauthorized access to, or use, disclosure, or Processing of Personal not been any Data Breach with respect to any Protected Data in the possession or control of any Group Company or its Affiliates, or any of its contractors with regard to any Personal Protected Data obtained from or on behalf of a any Group Company; Company or its Affiliates, (ii) there have been no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; Systems or Protected Data, and (iii) none of the Group Companies has nor their Affiliates have been notified or been required to notify any Person of any (Aa) loss, theft or damage of, or (Bb) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse EffectData Breach.
(de) Each Group Company owns or has license to use such Company IT Systems as necessary to operate the business The Company’s and its Subsidiaries’ collection, use, disclosure, storage and transfer of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) Personal Data complies in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation respects with all Privacy Requirements. The execution, delivery and performance of the Business (except for ordinary wear and tear). To transactions contemplated by this Agreement do not materially violate the Company’s knowledgeprivacy policy as it currently exists or, since to the Lookback Date, there have not been extent any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption previous privacy policy of the Company IT Systems other than routine failures remains applicable to Personal Data maintained by the Company or disruptions that have been remediated in the ordinary course of businessits Subsidiaries, as such previous privacy policy existed before.
Appears in 1 contract
Sources: Business Combination Agreement (Blockchain Coinvestors Acquisition Corp. I)
Data Privacy and Security. (a) To the Company’s knowledgeEach Group Company has since January 1, each 2017 (i) complied in all material respects with all applicable Privacy Laws and published interpretations by Governmental Entities and supervisory authorities of such Privacy Laws. Each Group Company has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”)) and has complied in all material respects with all Privacy and Data Security Policies, including (A) all privacy policies and similar disclosures published on each web site or mobile app of the Group Company or otherwise communicated in writing to users of any such web site or mobile app and other third parties, (B) any notice to or consent from the provider or data subject of Personal Data, and (C) any contractual commitment made by the Group Company with respect to such Personal Data.
(b) To the There is no pending, nor has there been any material Proceedings against any Group Company’s knowledge, there is (and since the Lookback Date there has been) no material Proceeding pending orand, to the Company’s knowledge, threatened against there are no facts or involving circumstances which could reasonably serve as the basis for any Group Company such material Proceedings, initiated by any Person (including (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; (iiiii) any other Governmental Entity, foreign or domestic; or (iiiiv) any supervisory authority of any member state of the European Union or the United Kingdom, or any regulatory or self-regulatory entity) entity alleging that any Processing of Personal Data by or on behalf of a Group Company (A) is in violation of any applicable Privacy Laws or was (B) is in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingPolicies.
(c) To the Company’s knowledge, since the Lookback Date: (i) Since January 1, 2018, to the knowledge of the Company, there has been no person has alleged material personal data breaches (as defined in the GDPR), unauthorized access, use or given written notice of unauthorized access to, or use, disclosure, or Processing disclosure of Personal Data in the possession or control of any Group Company or and any of its contractors or service providers with regard to any Personal Data obtained from or on behalf of a Group Company; Company and (ii) there have been no person has alleged or given written notice of unauthorized intrusions or breaches of security into any Group Company IT Systems; and (iii) none systems. Each Group Company maintains a commercially reasonable data breach response plan that is designed to ensure material compliance with Privacy Laws in the event of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effectpersonal data breach.
(d) Each Except as set forth on Section 3.21(d) of the Company Disclosure Schedules, each Group Company owns or has license to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All The Company IT Systems are: (i) free from any material defectare sufficient to operate the Business and the Company owns or has valid and enforceable rights to use the Company IT Systems. The Company has commercially reasonable backup and disaster recovery plans, bug, virus or programming, design or documentation error procedures and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary facilities for the operation business of the Business (except for ordinary wear Group Companies, and tear)has taken and implemented commercially reasonable technical, organizational and security measures to safeguard the Company IT Systems and all data and information processed on the Company IT Systems. To the knowledge of the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns no unauthorized intrusions or continued substandard performance breaches of any Company IT Systems that have caused a material failure or disruption the security of the Company IT Systems or infections by viruses or other than routine failures harmful code. The Company IT Systems operate in a reasonable manner sufficient for the needs of the business of the Group Companies as currently conducted, and there has not been any material known malfunction with the Company IT Systems that has not been remedied or disruptions that have been remediated replaced in all material respects, or any material unplanned downtime or material service interruption.
(e) Each Group Company has (a) taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Laws and consistent with commercially reasonable industry standards in the ordinary course industry in which the Group Company operates, any existing contractual commitment made by the Group Company that is applicable to Personal Data and the Group Company's information security program to protect (i) the integrity, security and operations of businessthe Group Company's information technology systems, and (ii) the data owned by the Group Company and Personal Data against data security incidents or other misuse. The Group Company has (a) implemented commercially reasonable procedures, satisfying the requirements of applicable Privacy Laws, to detect data security incidents; and (b) implemented and monitored compliance with commercially reasonable measures with respect to technical and physical security, to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse.
Appears in 1 contract
Sources: Business Combination Agreement (Qell Acquisition Corp)
Data Privacy and Security. (a) To the Company’s knowledgeSince January 1, 2021, each member of the Company Group complies and at all times has complied with (i) the written privacy policies and external representations of the Company has implemented adequate written policies relating to regarding the Processing of Personal Information, (ii) written contractual obligations governing the treatment and Processing of Personal Information by the Company Group, (iii) applicable industry standards legally binding on the Company Group (including, as applicable, the Payment Card Industry Data Security Standard), (iv) registration requirements with any applicable Governmental Entity for the Processing of Personal Information by the Company Group and (v) all Privacy Laws (collectively, the “Company Data Privacy Requirements”), in each case with respect to clauses (i) through (v), except where noncompliance would not reasonably be expected to be material to the Company Group, taken as a whole. Except as would not reasonably be expected to be material to the Company Group, taken as a whole: (i) each member of the Company Group has at all times presented a privacy policy or other privacy-related notices (such as notice of financial incentives) to individuals and obtained prior express consent prior to the collection of any Personal Information, in each case, to the extent required of the Company Group by Company Data Privacy Requirements, and (ii) such privacy policies, notices, and consents are: (a) sufficient under applicable Law Company Data Privacy Requirements to permit the Processing of Personal Information by each member of the Company Group as currently Processed by or for each member of the Company Group and (“Privacy b) have at all times been materially accurate, consistent and Data Security Policies”complete, and not materially misleading or deceptive (including by any material omission).
(b) To The execution, delivery, and performance of this Agreement and the Company’s knowledge, there is (transactions contemplated by this Agreement do not and since the Lookback Date there has been) no material Proceeding pending or, to the Company’s knowledge, threatened against or involving any Group Company initiated by any Person (including will not: (i) the United States Federal Trade Commission, conflict with or result in a violation or breach of any state attorney general Company Data Privacy Requirements or similar state official; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information, in each case except for any such conflicts, violations, consents, prohibitions, or other Governmental Entity, foreign or domestic; or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of a Group Company is or was in violation of any Privacy Laws or any Privacy and Data Security Policies nor, occurrences which would not reasonably be expected to be material to the Company’s knowledgeCompany Group, is there (nor since the Lookback Date has there been) any basis for the foregoingtaken as a whole.
(c) To the Company’s knowledgeSince January 1, since the Lookback Date: (i) 2021, there has been no person has alleged or given written notice of unauthorized access toaccidental, unlawful, or use, disclosure, or unauthorized Processing of Personal Data Information in the possession or control of any the Company Group (“Company or any PII Security Incident”), except as would not reasonably be expected to be material to the Company Group, taken as a whole. Each member of its contractors with regard the Company Group has taken commercially reasonable steps and implemented and maintained commercially reasonable measures designed to any Personal Data obtained from or on behalf of a Group Company; (i) monitor, detect, prevent, mitigate, and remediate Company PII Security Incidents, (ii) no person has alleged identify and address internal and external material risks to the privacy and security of Personal Information in its possession or given written notice of unauthorized intrusions or breaches of security into any Company IT Systems; control, and (iii) none protect such Personal Information and the software, systems, applications, and websites owned and operated by the Company Group that are involved in the Processing of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, Information. Except as would not have reasonably be expected to be material to the Company Group, taken as a whole: (i) the Company Material Adverse Effectrequires all third parties that Process Personal Information on its behalf to enter into written contracts to provide security and privacy protections for Personal Information consistent with Privacy Laws, and (ii) to the Knowledge of Company, such third parties are not in breach of such Contracts with respect to such Personal Information.
(d) Each Group Since January 1, 2021, no member of the Company owns or has license to use such Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems areGroup: (i) free from has been the subject of any material defectinquiry, buginvestigation, virus or programmingenforcement action by any Governmental Entity with respect to such member’s compliance with any Privacy Law or its Processing of Personal Information, design or documentation error and (ii) in sufficiently good working condition is the subject of any Proceeding alleging or investigating a Company PII Security Incident, or violation of any Company Data Privacy Requirement or relating to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear). To the Company’s knowledgeProcessing of Personal Information, since or (iii) received a written claim by or before any Governmental Entity alleging a violation of Company Data Privacy Requirement or relating to the Lookback DateCompany’s Processing of Personal Information, there have in each case with respect to clauses (i) through (iii), except as would not been any reasonably be expected to be material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of to the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of businessGroup, taken as a whole.
Appears in 1 contract
Data Privacy and Security. (a) To the Company’s knowledge, each Each Group Company has implemented adequate written commercially reasonable practices, procedures and policies relating designed to address the Processing security and privacy of Personal Data as and Processed by each such Group Company to the extent required by applicable Law (“Privacy and Data Security Policies”)) and such Privacy and Data Security Policies comply with all applicable Privacy Laws in all material respects. Each Group Company complies in all material respects with all applicable Privacy Laws and with all Privacy and Data Security Policies.
(b) To the Company’s knowledgeThe Company has not received notice of any pending Proceedings, there is (and since the Lookback Date there has been) no material Proceeding pending or, nor to the Company’s knowledge, threatened knowledge has there been any material Proceedings against or involving any Group Company initiated by any Person (including (i) any Person; (ii) the United States Federal Trade Commission, any state attorney general or similar state official; (iiiii) any other Governmental Entity, Entity foreign or domestic; or (iiiiv) any regulatory or self-regulatory entityentity that, in each case of (i) alleging to (iv), allege that any Processing of Personal Data by or on behalf of a Group Company (A) is in violation of any applicable Privacy Laws or was (B) is in violation of any Privacy Laws or any Privacy and Data Security Policies nor, to the Company’s knowledge, is there (nor since the Lookback Date has there been) any basis for the foregoingPolicies.
(c) To the Company’s knowledgeSince January 1, since the Lookback Date: 2018, (i) there has been no person has alleged or given written notice material instance of unauthorized access toaccess, use or use, disclosure, or Processing disclosure of Personal Data in the possession or control of any Group Company or and, to the knowledge of the Company, any of its contractors with regard to any Personal Data obtained from or on behalf of a Group Company; Company and
(ii) there have been no person has alleged or given written notice of material unauthorized intrusions or breaches of security into any Company IT Systems; and (iii) none of the Group Companies has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case, as would not have a Company Material Adverse Effect.
(d) Each of the Group Companies has established and complied in all material respects with its information security practices, procedures, and policies, which include commercially reasonable measures such as back-ups, disaster recovery and administrative, technical, and physical safeguards designed to safeguard the security, confidentiality, integrity and availability of Company IT Systems and Personal Data in its possession, custody, or under its control, including against loss, theft, misuse or unauthorized Processing, access, use, modification or disclosure. Each Group Company owns or has a license or right to use such the Company IT Systems as necessary to operate the business of each Group Company as currently conducted. All Company IT Systems are: (i) free from any material defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all material information technology operations necessary for the operation of the Business (except for ordinary wear and tear). To the Company’s knowledge, since the Lookback Date, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the ordinary course of business.
Appears in 1 contract
Sources: Business Combination Agreement (Consonance-HFW Acquisition Corp.)