Privacy and Data Security Sample Clauses
POPULAR SAMPLE Copied 163 times
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Auth...
Privacy and Data Security. The Company and each of its Subsidiaries have complied with all applicable Laws and all internal or publicly posted policies, notices, and statements concerning the collection, use, processing, storage, transfer, and security of personal information in the conduct of the Company’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. In the past three years, the Company and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving personal information in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning the Company’s or any of its Subsidiaries’ collection, use, processing, storage, transfer, or protection of personal information or actual, alleged, or suspected violation of any applicable Law concerning privacy, data security, or data breach notification, and to the Company’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect.
Privacy and Data Security. (a) The parties will keep confidential any information regarding the Trust, the Company, Nationwide, the Variable Accounts and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Trust or Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”), and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company and the Trust will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available ...
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to a...
Privacy and Data Security. Since May 16, 2023, and to the Company’s Knowledge, between June 30, 2022 and May 16, 2023, each of the Company and its Subsidiaries has complied with all applicable Privacy Laws, including with respect to the collection, acquisition, use, storage and transfer (including cross-border transfer) of Personal Information, except for such non-compliance as is not, and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. Since May 16, 2023, the Company and its Subsidiaries have complied in all material respects with each of their respective written and published policies concerning the privacy of Personal Information (“Privacy Policies”), if applicable and required. The Company and its Subsidiaries maintain commercially reasonable policies, procedures and security measures with respect to the physical and electronic security and privacy of Personal Information that are designed to achieve compliance in all material respects with Privacy Laws, and the Company and its Subsidiaries are in compliance in all material respects with such policies and procedures. To the Knowledge of the Company, there have been no material breaches or material violations of any security measures of the Company and its Subsidiaries, or any material unauthorized access, use or disclosure of any Personal Information. None of the Company and its Subsidiaries has received written notice (or, to the Knowledge of the Company, any other communication) of (a) any material violation or breach, or alleged material violation or breach, of Privacy Laws and/or Privacy Policies, or (b) any claims against any of the Company and its Subsidiaries by any Person, and there is no Legal Proceeding pending or, to Knowledge of the Company, threatened against any of the Company and its Subsidiaries, alleging a violation or breach of Privacy Laws and/or Privacy Policies, except in each case as would not be material to the Company and its Subsidiaries, taken as a whole.
Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.
Privacy and Data Security. (a) The Seller has a privacy policy regarding the collection, use, and disclosure of personal information in connection with the operation of the Business and is and in the past two years has been in compliance in all material respects with such privacy policy. True and complete copies of all privacy policies that have been used by the Seller in the past two years have been provided to the Buyer. The Seller has posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by the Seller.
(b) The Seller and its Subsidiaries have complied at all times in all material respects with all Laws applicable to the Business or the Acquired Assets regarding the collection, use, storage, transfer, or disposal of personal information. The Seller is in compliance in all material respects with the terms of all agreements to which the Seller is a party applicable to the Business or the Acquired Assets relating to data privacy, security, or breach notification (including provisions that impose conditions or restrictions on the collection, use, storage, transfer, or disposal of personal information).
(c) No Person (including any Governmental Entity) has commenced any action relating to the Seller’s information privacy or data security practices, including with respect to the collection, use, transfer, storage, or disposal of personal information maintained by or on behalf of the Seller, or to the knowledge of the Seller, threatened any such action, or made any complaint, investigation, or inquiry relating to such practices, except as would not, individually or in the aggregate, reasonably be expected to have, individually or in the aggregate, a Business Material Adverse Effect.
(d) The Seller has established and implemented policies, programs, and procedures that are in material compliance with industry practice, including administrative, technical, and physical safeguards, to protect the confidentiality, integrity and security of personal information in its possession, custody or control against unauthorized access, use, modification, disclosure or other misuse. To the knowledge of the Seller, Seller has not, in the past two years, experienced any loss, damage, or unauthorized access, disclosure, use, or breach of security of any personal information relating to the Business or the Acquired Assets in the possession of the Seller or any of its Subsidiaries, custody or control or otherwise held or processed on its be...
Privacy and Data Security. The Loan Parties and their Subsidiaries shall, at all times, remain in compliance in all material respects with all applicable United States and international privacy and data security laws and regulations including GDPR (to the extent applicable).
Privacy and Data Security. (a) The Company and its Subsidiaries comply and have at all times complied in all material respects with all Privacy Obligations. The Company and its Subsidiaries have adopted and published a privacy notice and policy at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/Privacy that accurately describes their privacy practices. The Company and its Subsidiaries maintain commercially reasonable privacy and data security policies, processes, and controls, and an appropriate privacy program. The Company and its Subsidiaries have obtained all necessary consents, required for them to Process Personal Information.
(b) The execution, delivery, performance and consummation of the transactions contemplated by this Agreement (including the Processing of Personal Information in connection therewith) will not cause or constitute a breach or violation of any applicable Privacy Obligations.
(c) The Company and its Subsidiaries have implemented and maintain an information security program comprising reasonable and appropriate physical, administrative and technical safeguards that are (i) appropriate to the size and scope of the Company and its Subsidiaries and the Personal Information and other confidential information they Process in the conduct of their business, (ii) consistent with the best practices adopted for the industry in which the Company and its Subsidiaries operate, (iii) designed to protect the operation, confidentiality, integrity, availability and security of the Company’s and its Subsidiaries’ IT systems, and all Personal Information and other confidential information processed thereby, against unauthorized access, acquisition, interruption, alteration, modification, or use, and (iv) consistent with the Company’s and its Subsidiaries’ Privacy Obligations. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries has experienced any material failure of these physical, administrative and technical safeguards.
(d) The Company and its Subsidiaries have taken reasonable measures to ensure that all third parties that Process Personal Information on their behalf comply with applicable Privacy Obligations. The Company and its Subsidiaries obligate third parties that Process Personal Information on their behalf to take reasonable measures to safeguard Personal Information.
(e) The Company has: (i) regularly conducted and regularly conducts vulnerability testing, risk assessments, and external audits of, and tracks security incidents related to the Compan...
Privacy and Data Security. (i) The Collection and Use and dissemination by each member of the Company Group of any Personal Data within such member of Company Group’s custody or control is in compliance in all material respects with all applicable Information Privacy and Security Laws and all Personal Data Obligations. Each member of the Company Group has consistently posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by such member of the Company Group.
(ii) Each member of the Company Group maintains policies and procedures regarding data security and privacy and maintains administrative, technical and physical safeguards that are commercially reasonable and, in any event, in compliance with all applicable Information and Privacy and Security Laws and all Contracts to which such member of the Company Group is bound. Each member of the Company Group has complied at all times since the Reference Date in all material respects with the terms of all Contracts to which such member of the Company Group is bound relating to data privacy, security or breach notification (including provisions that impose conditions or restrictions on the collection, use, disclosure, transmission, destruction, maintenance, storage, or safeguarding of Personal Data).
(iii) At any time since the Reference Date, to the Knowledge of the Company, there have been no security breaches relating to, or violations of any Information Privacy and Security Law regarding, or any unauthorized access, disclosure, or use of, any Personal Data within a member of Company Group’s custody or control. No notice has been provided to any member of the Company Group by a third party vendor or any other person of any security breach relating to Personal Data that such Person maintains for or on behalf of the Company Group. To the Knowledge of the Company, no member of the Company Group has experienced a loss or unauthorized disclosure, use, or breach of privacy or security of any Personal Data in the custody or control of such member of the Company Group that would have required notice to any third Person (including any Governmental Entity or parties to any Contract) under any applicable Information Privacy and Security Law. No Person (including any Governmental Authority) has commenced any Action relating to any member of the Company Group’s information privacy or data security practices, or to the Knowledge of the Company, threatened any such Action or made any c...