Data Security; Privacy. The Company and each Company Subsidiary: (i) have complied and are presently in compliance in all material respects with all internal and external written privacy policies, contractual obligations, applicable laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other applicable legal obligations, in each case, relating to the collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing by or on behalf of the Company or any Company Subsidiary of personal data, personal information, personally identifiable information, and any similar term as defined by applicable law (“Data Security Obligations”, and such data and information, “Personal Data”); (ii) maintain and have maintained commercially reasonable policies and procedures designed to ensure the Company’s, and the Company Subsidiaries’ compliance with the Data Security Obligations except to the extent it would not be reasonably expected to have a Material Adverse Effect, (iii) have not received any notification of or complaint regarding, and are unaware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance with any Data Security Obligation. There is no action, suit, investigation or proceeding by or before any court or Governmental Entity or authority pending or threatened in writing against the Company or any Company Subsidiary alleging non-compliance with any Data Security Obligation.
Data Security; Privacy. Except as would not, individually or in the aggregate, have a Material Adverse Effect: (i) the Company and the Company Subsidiaries have complied and are presently in compliance with all internal and external written privacy policies, contractual obligations, industry standards, applicable laws, statutes, judgments, orders, rules and regulations of any court or arbitrator or other governmental or regulatory authority and any other applicable legal obligations, in each case, relating to the collection, use, transfer, import, export, storage, protection, disposal and disclosure by the Company or any Company Subsidiary of personal, personally identifiable, household, sensitive, confidential or regulated data (“Data Security Obligations,” and such data, “Personal Data”); (ii) the Company and the Company Subsidiaries maintain and have maintained commercially reasonable policies and procedures designed to ensure the Company’s, and the Company Subsidiaries’, compliance with the Data Security Obligations; (iii) neither the Company nor any Company Subsidiary has received any notification of or complaint regarding and is unaware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance with any Data Security Obligation; and (iv) there is no action, suit or proceeding by or before any court or governmental agency, authority or body pending, or, to the Company’s knowledge, threatened in writing against the Company or any Company Subsidiary alleging non-compliance with any Data Security Obligation.
Data Security; Privacy. Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, (i) to the Knowledge of the Company and its Subsidiaries, since July 3, 2021, there has been no security breach or incident, unauthorized access or disclosure, or other compromise of the Company’s and its Subsidiaries’ information technology and computer systems, networks, equipment, hardware, software, data and databases, including all personally identifiable information and sensitive and confidential data maintained, processed or stored by the Company and its Subsidiaries (collectively, “IT Systems and Data”), and any such personally identifiable information and sensitive and confidential data of the Company and its Subsidiaries that is processed or stored by third parties on behalf of the Company and its Subsidiaries, except for those that have been remedied; (ii) the Company and its Subsidiaries have implemented and maintain controls, policies, procedures, and technological safeguards designed to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards, or as required by applicable laws or statutes; and (iii) the Company and its Subsidiaries are presently in compliance with, and since July 3, 2021 have complied with, all applicable laws or statutes relating to privacy and security of IT Systems and Data.
Data Security; Privacy. (a) Except as described in Section 3.21(a) of the Company Disclosure Schedule, in connection with the Company’s collection, use, disclosure, storage and other Processing of all Personal Information (and that of any third party engaged by the Company, including any subservicer), the Company is, and to the Knowledge of the Company, any third party to the extent acting at the discretion or on the behalf of the Company, and since the Look-Back Date has been, in compliance with (i) all Privacy Laws applicable to the Company, (ii) any applicable privacy and security policies of the Company concerning the collection, dissemination, storage or use of Personal Information or other Company Proprietary Information, including any privacy disclosures posted to websites or other media maintained or published by the Company and, as applicable, the privacy policies of any one or more third parties with which the Company is required to comply, (iii) all contractual commitments that the Company has entered into or is otherwise bound with respect to privacy and/or data security, and (iv) applicable industry standards (e.g., PCI DSS) (collectively, the “Data Privacy and Security Requirements”).
Data Security; Privacy. (a) Except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Material Adverse Effect: (i) Company and each of its Subsidiaries are in compliance, and have since January 1, 2023 complied, with all applicable Data Privacy Laws; (ii) neither Company nor any of its Subsidiaries has, since January 1, 2023, received any written notice from any applicable Governmental Authority alleging any violation of applicable Data Privacy Laws by Company, any of its Subsidiaries or, to the knowledge of Company, any third-party service providers, outsourcers, processors or other third parties who process, store or otherwise handle Personal Data for or on behalf of Company or any of its Subsidiaries (“Company Data Processors”), nor has Company or any of its Subsidiaries been threatened in writing to be charged with any such violation by any Governmental Authority; (iii) Company and each of its Subsidiaries have, since January 1, 2023, taken commercially reasonable steps (including, as appropriate, implementing reasonable technical, physical or administrative safeguards) designed to protect Personal Data in their possession or under their control against loss and unauthorized access, use, modification or disclosure, and, to the knowledge of Company, since January 1, 2023, there has been no incident of the same, or of the same with respect to any Personal Data maintained or otherwise processed for or on behalf of Company or its Subsidiaries; (iv) Company and each of its Subsidiaries have, since January 1, 2023, taken commercially reasonable steps with respect to Company Data Processors to obligate such persons to comply in all material respects with applicable Data Privacy Laws and to take reasonable steps to protect and secure Personal Data from loss or unauthorized use, access, modification or disclosure; and (v) the execution, delivery and performance of this Agreement complies with all applicable Data Privacy Laws and Company’s and each of its Subsidiaries’ applicable published policies, statements, and notices relating to privacy, data protection or information security regarding Personal Data.
Data Security; Privacy. (a) Except as individually or in the aggregate would not reasonably be expected to have a Material Adverse Effect, (i) no Loan Party or any of its Subsidiaries has lost or had stolen any cardholder account information, information related to cardholder accounts (including social security numbers) or merchant information and (ii) each Loan Party and each of its Subsidiaries has complied with all applicable laws, requirements of Governmental Authorities and the requirements of all PCI Compliance Programs related to data security, and the protection, use, storage, handling and processing of personal information, including credit card information.
Data Security; Privacy. NECS shall maintain a data security program that includes physical, technical, and managerial procedures that are up-to-date and generally accepted in the industry to prevent unauthorized use or disclosure of Customer Property and other Confidential Information of Customer. NECS will have the right to suspend Customer’s access to the Services on an emergency basis: (a) in the event that NECS detects any actual or apparent theft, unauthorized access or use of the Services, or other malicious activity by Customer or any third party; and/or (b) to maintain data integrity within the Services. The parties shall each comply with all applicable privacy laws and regulations relating to the protection of personal or personally identifiable information of all third parties. Customer hereby consents to NECS’s use of Customer’s personally identifiable information: (i) for the purpose of providing the Services to Customer; (ii) as provided in Section 3.3; and (iii) in the manner described in the NECS privacy policy governing the Application Service.
Data Security; Privacy. The software, systems, networks, databases and other information technology assets (“IT Assets”) used by the Company Group are adequate for the operation of their businesses as currently conducted and are free of defects, malware, viruses or other corruptants. The Company Group takes, and have taken, commercially reasonable actions (including implementing organizational, physical, administrative and technical measures) to protect and maintain the integrity, security, operation and redundancy of the IT Assets used by or on behalf of the Company Group, whether proprietary or those of third parties (including all data, including personal and confidential data, stored thereon and processed thereby), and there have been no violations, outages, breaches, interruptions, or unauthorized accesses to same, other than those that would not reasonably be expected to have a Material Adverse Effect. Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect: (i) the Company Group has complied and is in compliance with all internal and external privacy policies, contractual obligations, industry standards, applicable laws, statutes, judgments, Orders, rules and regulations of any Governmental Entity and any other legal obligations, in each case, relating to the collection, use, transfer, import, export, storage, protection, disposal and disclosure by the Company Group of personal, personally identifiable, household, sensitive, confidential or regulated data (“Data Security Obligations”); (ii) the Company Group has not received any notification of or complaint regarding and is unaware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance with any Data Security Obligation; and (iii) there is no action, suit or proceeding by or before any Governmental Entity pending or threatened against the Company Group alleging non-compliance with any Data Security Obligation.
Data Security; Privacy. The software, systems, networks, databases, websites, applications and other information technology assets (“IT Assets”) used by or on behalf of the Company, the Target and their respective Subsidiaries are adequate for the operation of their businesses as currently conducted and are free of material defects, malware, viruses or other corruptants. The Company, the Target and their respective Subsidiaries take, and have taken, reasonable actions (including implementing organizational, physical, administrative and technical measures) to protect and maintain the integrity, security, operation and redundancy of the IT Assets used by or on behalf of the Company, the Target and their respective Subsidiaries (including all data, including Personal Information and confidential data, stored thereon and processed thereby), and there have been no material violations, outages, breaches, interruptions, or unauthorized accesses to same, except as would not, individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect.
Data Security; Privacy. The software, systems, networks, databases and other information technology assets (“IT Assets”) used by the Company and its Subsidiaries are, in the Company’s belief, adequate for the operation of their businesses as currently conducted and are free of defects, malware, viruses or other corruptants. The Company and its Subsidiaries take, and have taken, commercially reasonable actions (including implementing organizational, physical, administrative and technical measures) to protect and maintain the integrity, security, operation and redundancy of the IT Assets used by or on behalf of the Company and its Subsidiaries, whether proprietary or those of third parties (including all data, including personal and confidential data, stored thereon and processed thereby), and there have been no violations, outages, breaches, interruptions, or unauthorized accesses to same, other than those that would not reasonably be expected to have a Material Adverse Effect.
