Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure. (b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack.
Appears in 4 contracts
Sources: Share Purchase Agreement (Revelyst, Inc.), Share Purchase Agreement (Outdoor Products Spinco Inc.), Share Purchase Agreement (Outdoor Products Spinco Inc.)
Privacy and Data Security. (a) Each Group The Company that maintains a web site is and has posted on its web site a privacy policy regarding at all times been in compliance with all applicable Privacy Laws and the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilationhandling, use, maintenance, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, transfer, or transfer other processing of, Personal Information (including cross-border) Personal Informationany such information of individuals, clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists that interact with the Company in connection with the operation of the Company’s business), except, in each case, for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to To the Knowledge of the Company, the Company (i) has any such claim been threatened in writing. Each Group Company has taken commercially implemented and maintains reasonable administrative, physical written policies and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure procedures that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps are designed to protect the privacy and secure security of Personal Information from (the “Privacy Policies”) and (ii) has complied with such Privacy Policies, except for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. To the Knowledge of the Company, no Legal Proceeding has been asserted or threatened against the Company by any Person alleging a violation of Privacy Laws, Privacy Policies, or the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, misuse or unauthorized accessbreach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, modification maintenance, storage, disclosure, transfer, or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Lawsother processing of, Personal Information. Except as set forth on Schedule 3.13.9(b)To the Knowledge of the Company, there is not and has not have been no data security incidents or data breaches or other adverse events or incidents that have resulted in any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authorityunauthorized access to, or any other Governmental Authority with respect to the Group Companies’ collection, use, storagedisclosure, transfer, modification or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Setsdestruction of, Personal Information or other Sensitive Data data in the possession or control of the Company or any Group service provider acting on behalf of the Company. No Group Company has notified, in each case, where such incident, breach or been required event resulted in a notification obligation to notify, any Person under applicable Law or Governmental Authority pursuant to the terms of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackContract.
Appears in 4 contracts
Sources: Agreement and Plan of Merger and Reorganization (Pulmatrix, Inc.), Acquisition Agreement (MingZhu Logistics Holdings LTD), Merger Agreement (ARCA Biopharma, Inc.)
Privacy and Data Security. (a) Each Group Company that maintains a web site complies, and at all times has posted on its web site a privacy policy regarding the collectioncomplied, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects respects, with all Information applicable Privacy and Security Laws and Requirements. There are no material agreements unsatisfied requests from individuals to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No any Group Company has been notified in writing of seeking to exercise rights under any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, norRequirement. The Transactions and, to the Knowledge knowledge of the Company, the Share Purchase will not constitute a material breach or violation of any applicable Privacy Requirement. There is no, and has not been any, (i) Action of any such claim been nature pending or, to the knowledge of the Company, threatened in writing. Each against any Group Company has taken commercially reasonable administrativerelating to privacy, physical and technical measures designed data protection, or data security with respect to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Processing of Personal Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies Companies; or (ii) notice of any actual or asserted noncompliance with any Privacy Requirement, except as would not, individually or in connection with their businessthe aggregate, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps reasonably be expected to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of have a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureMaterial Adverse Effect.
(b) There The Group Companies have (i) implemented and maintained reasonable measures to ensure material compliance with applicable Privacy Requirements; (ii) implemented and maintained reasonable measures to preserve and protect the confidentiality, availability, security, and integrity of all Systems and Personal Data within the possession or control of the Group Companies; and (iii) implemented and maintained reasonable technical, physical and organizational measures and security systems and technologies that are no unsatisfied written requests that designed to protect the Personal Data within the possession or control of the Group Companies in a manner appropriate to the risks represented by the Processing of such data by the Group Companies and any Group Company has received from individuals seeking third parties Processing Personal Data on their behalf, including with respect to exercise their data protection rights under Information Privacy redundancy, reliability, scalability and Security Lawssecurity. Except as set forth on Schedule 3.13.9(b)in Section 3.15(b) of the Disclosure Schedules, none of the Group Companies has suffered any material security breach resulting in any material unauthorized access to, or acquisition of, any Personal Data within the possession or control of the Group Companies and, to the knowledge of the Company, no circumstances have arisen in which the Privacy Requirements would require any of the Group Companies to notify any Governmental Authority of any material data security breach or material security incident.
(c) The execution and consummation of the Transactions and, to the knowledge of the Company, the Share Purchase and the continued Processing of the Personal Data by the Group Companies in a manner consistent with the current Processing of the Personal Data will not violate any Privacy Requirement in any material respect.
(d) The Company IT Assets, including any portions which are provided or operated by Third Parties, are adequate and sufficient to protect the privacy and confidentiality of all Personal Data and Third Party information and are in material compliance with all applicable Privacy Requirements. To the knowledge of the Company, there is not and has not have been any no material instances of unauthorized access, intrusions or breaches of the security of (i) Action any such Company IT Assets operated or controlled by any Group Company or any Third Party or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to Personal Data under the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession custody or control of any Group Company. No , and no person (including any Governmental Authority) has made any claim in writing or commenced any proceeding against any Group Company has notified, or been required any Third Party service provider to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ with respect to loss, damage or unauthorized access, disclosure, use, modification or other misuse of Personal Data by any Group Company or any service provider to any perpetrator as a result of any actual or threatened cyber-attackGroup Company.
Appears in 3 contracts
Sources: Plan of Merger (Sogou Inc.), Merger Agreement (Sogou Inc.), Merger Agreement (Sohu.com LTD)
Privacy and Data Security. (a) Each Group The Company that maintains a web site and each of its Subsidiaries is currently and has posted on its web site a privacy policy regarding the collection, use been in compliance with (i) HIPAA and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information other applicable Privacy and Security Laws and material agreements Standards; and (ii) any obligations of the Company or its Subsidiaries under Contracts to which it the Company or a Subsidiary is a party that contain, involve or deal with receiptconcerning the protection, collection, compilationaccess, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected any related notifications. Without limiting the foregoing, the Company and its Subsidiaries have entered into business associate agreements (“▇▇▇▇”) with each applicable third party to the extent required by or on behalf of the Group Companies in connection with their business, including in each caseHIPAA and have posted, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Standards, a privacy policy governing the use of Personal Information on public-facing websites and internally for employees.
(b) Except as set forth on Section 3.08(b) of the Company Disclosure Letter, the Company and each of its Subsidiaries has taken (i) developed, implemented, and conducted its business in compliance with any public privacy notices and data security or privacy policies and procedures (copies of which have been made available to Parent); (ii) maintained commercially reasonable steps administrative, physical, and technical safeguards designed to ensure that all material third party service providersprotect the confidentiality, outsourcersintegrity, contractorsand availability of Personal Information in its possession or control, and to prevent the loss and unauthorized use, access, alteration, destruction, or other persons who disclosure of such Personal Information; and (iii) trained its employees to follow these policies and procedures.
(c) Neither the Company nor any of its Subsidiaries have been subject to or received notice of any Order or Legal Action by any Person (including any Governmental Entity) or any complaints regarding the protection, collection, access, processuse, store storage, disposal, disclosure, or otherwise handle transfer of Personal Information for or on behalf the violation of a Group Company have agreed in writing to materially comply with any applicable Information Privacy and Security Laws and taken reasonable steps to protect Standards. To the Knowledge of the Company and secure Personal Information from lossits Subsidiaries, theftno such Legal Action is threatened against the Company or any of its Subsidiaries.
(d) Neither the Company nor any of its Subsidiaries have suffered, misuse discovered, or been notified of any unauthorized accessacquisition, use, modification disclosure, access to, or disclosurebreach of any Personal information that (i) constitutes a breach or a data security incident under any applicable Privacy and Security Laws and Standards or that would trigger a notification or reporting requirement under any BAA or Contract to which the Company or any of its Subsidiaries is a party, or the PCI-DSS; or (ii) materially compromises (individually or in the aggregate) the security or privacy of such Personal Information.
(be) There are no unsatisfied written requests that any Group The Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. not created, received, maintained, or transmitted protected health information (“PHI”) or electronic PHI (“ePHI), as defined by HIPAA regulations at 45 C.F.R. 160.103.
(f) Except as set forth on Schedule 3.13.9(b)Section 3.08(f) of the Company Disclosure Letter, there the Company and each of its Subsidiaries has complied with all Contracts and all Privacy and Security Laws and Standards, including the HIPAA standards for de-identification set forth in 45 C.F.R. 164.514(b) and for data aggregation, as that term is not defined in 45 C.F.R. 164.501, in each case, as applicable.
(g) Neither the Company nor any of its Subsidiaries have any Contract obligation to maintain Personal Information in a manner that physically separates data of one customer from that of another.
(h) The Company and each of its Subsidiaries has not been any (i) Action or annually performed a security risk assessment, (ii) written allegation that created and maintained documentation in accordance with applicable Laws, including Privacy and Security Laws and Standards, and (iii) addressed and remediated all threats and deficiencies identified in such security risk assessment.
(i) Neither the Company nor any of its Subsidiaries have reported a Group Company has received by any private party, any data protection authority, breach or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing compromise of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority Authority, either voluntarily or based on Contract obligations or Privacy and Security Laws and Standards.
(j) The consummation of the Transaction does not violate any Privacy and Security BreachLaws and Standards, nor has Contract obligation related to Personal Information, or an applicable privacy policy or notice. Upon the Group Closing Date, the Surviving Corporation will own and continue to have the right to use all Personal Information on identical terms and conditions as the Company paid a ▇▇▇▇▇▇ and its Subsidiaries enjoyed immediately prior to any perpetrator as a result of any actual or threatened cyber-attackthe Closing Date.
Appears in 2 contracts
Sources: Merger Agreement (Panbela Therapeutics, Inc.), Merger Agreement (Panbela Therapeutics, Inc.)
Privacy and Data Security. (a) Each Group Company that maintains complies, and at all times have complied, except as has not been and would not reasonably be expected to be material to the Company or its Subsidiaries, taken as a web site has posted on whole, with all applicable Privacy Laws, with applicable Privacy Policies, and with applicable contractual obligations of the Company and its web site a privacy policy regarding Subsidiaries governing privacy, data protection, and data security with respect to the collection, use and disclosure Processing of Personal Information that it collectsData by the Company and its Subsidiaries. There are no material unsatisfied requests from individuals to the Company or any of its Subsidiaries seeking to exercise rights under any Privacy Law. Neither the execution of this Agreement nor the consummation of the Transactions constitutes a material breach or violation of any applicable Privacy Law, is in its possessionany applicable Privacy Policy, or any applicable contractual obligations of the Company and its Subsidiaries governing privacy, data protection, and data security with respect to the Processing of Personal Data by the Company and its Subsidiaries. There is no, and has not been any, (i) Action of any nature pending or threatened against the Company or any of its Subsidiaries relating to privacy, data protection, or data security with respect to the Processing of Personal Data by the Company and its Subsidiaries; or (ii) written notice of any actual or asserted noncompliance with any Law to which the Company or any of its Subsidiaries are subject relating to privacy, data protection, or data security with respect to the Processing of Personal Data by the Company.
(b) The Company and its Subsidiaries have at all times (i) implemented and maintained reasonable measures in compliance with applicable Privacy Laws, designed to preserve and protect the confidentiality, availability, security, and integrity of all Systems and Personal Data within the possession or control of the Company and its custody Subsidiaries; (ii) implemented and maintained reasonable disaster recovery and business continuity plans for their business; and (iii) not suffered any security breach (x) resulting in any material unauthorized access to, or control. Each Group acquisition of, any Personal Data within the possession or control of the Company has complied or any of its Subsidiaries or (y) which required a regulatory notification or reporting requirement to any Governmental Authority.
(c) The IT Assets of the Company and its Subsidiaries, including any portions of which are provided or operated by Third Parties, are adequate and sufficient to protect the privacy and confidentiality of all Personal Data and Third Party information in compliance in all material respects with reasonable industry practices and all Information applicable Privacy and Security Laws and agreements. There have been no material agreements to which it is a party that containunauthorized access, involve intrusions or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, breaches of the security of (technical, physical and administrative), disposal, destruction, disclosure, i) any such IT Assets operated or transfer (including cross-border) Personal Information. No Group controlled by the Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, Subsidiaries or any Information Privacy and Security Law, nor, to Third Party or (ii) any Personal Data under the Knowledge custody or control of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein No person (including any Governmental Authority) has made any claim or commenced any proceeding against the Company Data and Data Sets and other data subject or any Third Party service provider to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by the Company or on behalf any of the Group Companies in connection its Subsidiaries with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps respect to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse damage or unauthorized access, disclosure, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received other misuse of Personal Data by any private partythe Company, any data protection authorityof its Subsidiaries, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attacktheir respective service providers.
Appears in 2 contracts
Sources: Merger Agreement (Tang Liang), Merger Agreement (Ossen Innovation Co. Ltd.)
Privacy and Data Security. (a) Each Group Except as would not be material to the Company that maintains and its Subsidiaries, taken as a web site has posted on its web site a privacy policy regarding whole, the collection, use Company and disclosure of Personal Information that it collects, is the Company Subsidiaries have been and are in its possession, or in its custody or control. Each Group Company has complied compliance in all material respects with all Information applicable Privacy and Data Security Laws Laws, any internal and material agreements external policies relating to which it is a party that containprivacy or data security, involve or deal with receiptany contractual obligations relating to privacy, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or Processing of Personal Information binding on the Company or Company Subsidiaries, and any applicable industry standards or self-regulatory standards relating to privacy or alleging data security binding on the Company or Company Subsidiaries (collectively with Privacy and Data Security Laws, “Privacy and Data Security Obligations”). Except as, individually or in the aggregate, does not constitute a violation of any of its privacy policiesMaterial Adverse Effect, the Company and the Company Subsidiaries have a valid and legal right (whether contractually, by law, or otherwise) to access or use any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein Company Data (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all any Personal Information and other Sensitive Data collected contained therein) received, Processed, used or disclosed by or on behalf of the Group Companies Company or the Company Subsidiaries in connection with their the use or operation of its products, services and business. Except as, including individually or in each casethe aggregate, does not constitute a Material Adverse Effect, (a) the Company and Company Subsidiaries have provided any and all necessary notices, obtained any and all necessary consents or other forms of authorization required for the Processing of Personal Information, and honored any and all opt-out requests or privacy choices made by a Person in accordance with all Information applicable Privacy and Data Security Laws Obligations; and Group (b) the Company’s published policiesand Company Subsidiaries’ use of cookies or other forms of tracking technologies, including but not limited to session replay software, comply with and have at all times complied with applicable Privacy and Data Security Obligations. Each Group Except as would not be material to the Company has and its Subsidiaries, taken commercially as a whole, the Company and the Company Subsidiaries have not received any notification of any complaint, audit, investigation, inquiry, claim, suit, action or other legal proceeding asserted against the Company or the Company Subsidiaries initiated by (i) any Person, (ii) any Governmental Authority or (iii) any regulatory or self-regulatory entity alleging that any activity or conduct of the Company or the Company Subsidiaries is in violation of applicable Privacy and Data Security Obligations and have no Knowledge of any facts or circumstances that, individually or in the aggregate, would reasonably indicate material non-compliance of applicable Privacy and Data Security Obligations by the Company and Company Subsidiaries and there are no pending, nor have there been in the past three (3) years, complaints, actions, suits, audits, investigations, inquiries, claims, suits, actions or other proceedings by or before any court or Governmental Authority or body threatened against the Company or the Company Subsidiaries alleging non-compliance with any Privacy and Data Security Obligations. Except as would not be material to the Company and its Subsidiaries, taken as a whole, the Company and the Company Subsidiaries have at all times (A) implemented and maintain a written information security program designed to protect and appropriate to the level of risk posed to Company Systems and Company Data (and any Personal Information contained therein), including against Security Events and (B) taken reasonable steps to ensure that all material any third party service providersor subcontractor with access to any Company Systems or Company Data has implemented and maintain the same. Except as would not be material to the Company and its Subsidiaries, outsourcerstaken as a whole, contractorsthe Company and the Company Subsidiaries, as part of its written information security program, have established and maintain commercially reasonable information technology, information security, cyber security and data protection controls, policies and procedures (including incident response, disaster recovery and business continuity plans and procedures) consistent with industry practice and applicable Privacy and Data Security Obligations; and for the past three (3) years the Company Systems (I) have not experienced any material failure, breakdown, or other persons who accessadverse event, process(II) have been and are sufficient and adequate for the needs of the business of the Company and Company Subsidiaries as presently conducted and (III) are in sufficiently good working condition to effectively perform all information technology operations and include sufficient licensed capacity (whether in terms of authorized sites, store units, users, seats or otherwise handle Personal Information otherwise), in each case, as necessary for the conduct of the business as currently conducted. To the Company’s knowledge there are no material bugs, backdoors, Trojan Horses, worms, spyware, viruses, malware, malicious computer code or on behalf of other similar programs or defects in the Company Systems that would reasonably be expected to cause material harm or unauthorized disruption, access or other breach to any Company System. Except as would not be material to the Company and its Subsidiaries, taken as a Group whole, to the Company’s knowledge, for the past three (3) years, (1) the Company and Company Subsidiaries have agreed in writing not been subject to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from a cybersecurity breach, any loss, thefttheft or misuse of, misuse or any unauthorized accessaccess to, use, modification Processing or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing disclosure of Personal Information (collectively, “Security Event”), and (2) no circumstances have arisen that would require the Company or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, the Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required Subsidiaries to notify, any Person or notify a Governmental Authority or a Person of any a Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackEvent.
Appears in 2 contracts
Sources: Senior Preferred Stock Purchase Agreement (SelectQuote, Inc.), Senior Preferred Stock Purchase Agreement (SelectQuote, Inc.)
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group The Company has complied in provided true and correct copies of all material respects with all Information current Privacy and Security Laws and material agreements to which it is a party that contain, involve Policies adopted by the Company or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to Subsidiaries in connection with the operation of its business. To the Knowledge of the Company, The Company has, during the period beginning inception through the Agreement Date: (i) complied with all applicable Laws related to the protection, privacy and security of Personal Data, and any similar federal, state or foreign law and other laws regarding the disclosure of Personal Data; (ii) not violated its applicable Privacy Policies; (iii) taken commercially reasonable steps to protect and maintain the confidential nature of Personal Data provided to the Company, its Subsidiaries or any of their respective Affiliates in accordance with its applicable Privacy Policies; (iv) has not discovered any such claim unauthorized or improper access to or use or disclosure of Personal Data or other confidential information to any unauthorized or improper third party; and (v) no threatened or actual breach of Personal Data by or against the Company. No claims have been asserted or, are threatened in writingagainst the Company alleging a violation of any person’s privacy, confidentiality or other rights under any Company Privacy Policy, under any contract, or under any Law relating to any Personal Data or Customer Data. Each Group With respect to any Personal Data and Customer Data, the Company has taken commercially reasonable administrative, measures (including implementing and monitoring compliance with respect to technical and physical and technical measures security) designed to protect safeguard such data against loss and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or against unauthorized access, use, modification modification, disclosure or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatenedmisuse. There has been no material Security Breach involving Systems, Company unauthorized access to or other misuse of any Customer Data and Data Sets, Personal Information Data. The Company has not received any complaint from any Person (including any action letter or other Sensitive inquiry from any Governmental Authority) regarding the Company’s collection, storage, hosting, disclosure, transmission, transfer, disposal, other processing or security of Customer Data in the possession or control of any Group CompanyPersonal Data. No Group There have been no facts or circumstances that would require Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ give notice to any perpetrator as a result customers, suppliers, consumers or other similarly situated Persons of any actual or threatened cyber-attackperceived data security breaches pursuant to an applicable Laws requiring notice of such a breach.
Appears in 2 contracts
Sources: Merger Agreement (White River Energy Corp.), Asset Purchase Agreement (White River Energy Corp.)
Privacy and Data Security. Seller and each of its Affiliates (awith respect to the Company Business) Each Group and the Company that maintains a web site has posted on its web site a privacy policy regarding are and since July 1, 2024, have been in material compliance with all applicable Privacy Laws and the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilationhandling, use, maintenance, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, transfer, or transfer (including cross-border) other processing of, Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to To the Knowledge of the Company, Seller and each of its Affiliates (with respect to the Company Business) and the Company (i) has any such claim been threatened in writing. Each Group Company has taken commercially implemented and maintains reasonable administrative, physical written policies and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure procedures that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps are designed to protect the privacy and secure security of Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(bthe “Privacy Policies”) There that materially comply with applicable Privacy Laws and are no unsatisfied written requests that any Group Company has received from individuals seeking designed to exercise their data protection rights under protect the privacy and security of Personal Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that has complied with such Privacy Policies, except for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Group Company Material Adverse Effect. To the Knowledge of the Company, no Legal Proceeding has received by any private party, any data protection authority, been asserted or threatened against Seller or any other Governmental Authority of its Affiliates (with respect to the Group Companies’ Company Business) or the Company by any Person alleging a violation of Privacy Laws, Privacy Policies, or the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, maintenance, storage, disclosure, transfer, or other processing of, Personal Information. To the Knowledge of the Company, there have been no data security incidents or data breaches, or other adverse events or incidents that have resulted in any unauthorized access to, or collection, use, storagedisclosure, transfer, modification or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Setsdestruction of, Personal Information or other Sensitive Data data in the possession or control Seller or any of its Affiliates (with respect to the Company Business) or of the Company or any service provider acting on behalf of Seller or any of its Affiliates (with respect to the Company Business) or the Company, in each case, where such incident, breach, or event has resulted in a notification obligation to any Person under applicable Law or pursuant to the terms of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackContract.
Appears in 2 contracts
Sources: Share Purchase Agreement (Oramed Pharmaceuticals Inc.), Share Purchase Agreement (Lifeward Ltd.)
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack.
Appears in 1 contract
Privacy and Data Security. (a) Each Group The Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company material compliance with and has at all times materially complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its the Company’s internal privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), .
(b) With respect to all Personal Information and other Sensitive Data collected by user data gathered or on behalf accessed in the course of the Group Companies in connection with their businessoperation of the Business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group the Company has at all times taken commercially all reasonable steps measures to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy such data is protected against loss and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification modification, disclosure or disclosure.
other misuse, including by implementing, maintaining and executing, as necessary, a security plan that is designed to (bi) There are no unsatisfied written requests that identify, mitigate and resolve internal and external risks to the security of any Group Company has received from individuals seeking proprietary or confidential information in its possession, including Personal Information, (ii) implement and monitor adequate and effective administrative, technical and physical safeguards to exercise their control those risks and (iii) maintain notification procedures in compliance with applicable Laws in the case of any breach of security compromising unencrypted data protection rights under Information Privacy and Security Lawscontaining Personal Information. Except as set forth on Schedule 3.13.9(bSection 2.21(b) of the Disclosure Schedule, no Person has gained unauthorized access to or engaged in unauthorized Processing of Personal Information in the custody or control of the Company or any databases, computers, servers, storage media (e.g., backup tapes), network devices, or other devices or systems of the Company or the Business that Processes Personal Information.
(c) The Company has in place reasonable security measures, controls, technologies, polices and safeguards designed to protect Personal Information. The Company has all necessary authority, consents and authorizations to Process the Personal Information in its possession or under their control in connection with the operation of its business. To the Knowledge of any of the Sellers, none of the Personal Information in the possession, custody or control of the Company, or otherwise used or disclosed by the Company, has been provided to the Company by a third party in violation of applicable Law, including Privacy Laws or in a manner inconsistent with such third party’s own privacy policies. The Company has taken all commercially reasonable steps necessary to confirm that each third party that provides it with Personal Information has and will provide such Personal Information in accordance with applicable Laws (including Privacy Laws), contracts or other terms to which the Company bound and that those third parties have all necessary authority, consents and other rights to provide such Personal Information to the Company. Without limiting the generality of the foregoing, the Company has conducted diligence on all third parties that provide Personal Information to the Company regarding such third parties’ data collection methods and data sharing practices as necessary to ensure such collection and sharing complies with all applicable Laws (including Privacy Laws), contracts or other terms to which the Company is bound.
(d) There is no, and never has been, any Action pending or, to the any of the Seller’s Knowledge, threatened against the Company with respect to the Company’s privacy or data protection practices, including alleging a violation of any Person’s data privacy, data protection or data security rights, nor has there is not and been any court order affecting the Company’s use, disclosure or other Processing of any Personal Information. To the Knowledge of any of the Sellers, there are no facts or circumstances that constitute a reasonable basis for such proceeding relating to privacy or data protection. The Company has not received any communications from, or to the Knowledge of any of the Sellers, has been the subject of any (i) Action or (ii) written allegation that investigation by, the Federal Trade Commission, a Group Company has received by any private party, any data protection authority, authority or any other Governmental Authority Entity regarding its Processing of any Personal Information.
(e) The conduct and operation of the Business currently materially complies, and at all times has materially complied, with respect all applicable laws relating to the Group Companies’ collectiontransmission of unsolicited commercial emails, usephone calls, storagefaxes and mail and marketing campaigns. No solicitation, transferstatement, disclosure, or processing of Personal Information marketing, promotional or compliance with Information Privacy and Security Lawsadvertising material included in any email marketing campaigns or mail marketing campaigns initiated by the Company have been materially inaccurate, nor has any such Action been threatened. There has been no material Security Breach involving Systemsmisleading, Company Data and Data Setsor deceptive, Personal Information or other Sensitive Data in the possession or control violation of any Group Privacy Law. The execution, delivery, performance and consummation of the Transactions (including the Processing of Personally Identifiable Information in connection therewith complies with all Privacy Laws and the Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack’s applicable privacy notices and policies.
Appears in 1 contract
Sources: Membership Interest Purchase Agreement (Alj Regional Holdings Inc)
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a The Company’s data, privacy policy regarding the collectionand security practices comply, use and disclosure of Personal Information that it collectsat all times have complied, is in its possession, or in its custody or control. Each Group Company has complied in all material respects respects, with applicable Data Protection and Security Requirements. The Company has provided all notices and obtained all consents required by Data Protection and Security Requirements and satisfied all other requirements under Data Protection and Security Requirements for its Processing of Personal Data and that are necessary for the conduct of business as currently conducted, as proposed to be conducted, and in connection with the consummation of the transaction contemplated hereunder. The transactions to be consummated hereunder as of the Closing Date will comply with all Information Privacy Data Protection and Security Laws and material agreements Requirements applicable to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security the Company.
(technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-borderb) Personal Information. No Group The Company has been notified implemented and at all times has maintained reasonable and appropriate organizational, physical, administrative and technical measures consistent with the state of the art for the industry in writing which the Company operates to protect the operation, confidentiality, integrity and security of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge all of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets ’s confidential and other data subject to confidentiality obligations)and information, (b) all Personal Information and other Sensitive Data collected by in any format, generated or on behalf used in the conduct of the Group Companies business of the Company (“Business Data”) and the IT Assets, against unauthorized access, acquisition, interruption, alteration, modification or use (collectively, “Misuse”). Without limiting the generality of the foregoing, the Company has implemented a comprehensive written information security program that complies with 45 C.F.R. Part 164, Subpart C and (i) identifies internal and external risks to the security of the Business Data or IT Assets and (ii) implements, monitors and improves adequate and effective safeguards to control those risks. The Company has not experienced (nor have any Persons acting on the Company’s behalf experienced) any actual or alleged Security Incident, including, without limitation, any “breach” (as defined in connection with their business45 C.F.R. Part 164, Subpart D) of unsecured Protected Health Information or of EU Personal Data. The Company has not (nor have any Persons acting on the Company’s behalf) notified, and the Company has not experienced any event resulting in any requirement that the Company notify, any Person or Data Protection Authority of any Security Incident, including in each caseany loss or unauthorized access, in accordance with all use or disclosure, of EU Personal Data or of Protected Health Information Privacy that would constitute a breach for which notification to individuals, the media, or the United States Department of Health and Human Services (“HHS”) is required under 45 C.F.R. Part 164, Subpart D. In addition, the Company does not have any material data security, information security or other technological vulnerabilities that could adversely impact the operation of relevant IT Assets or cause a Security Laws and Group Company’s published policies. Each Group Incident.
(c) The Company has taken commercially reasonable steps to ensure that obligated all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or and processors of confidential information on their behalf and all third parties managing IT Assets on their behalf to appropriate contractual terms relating to the Processing of a Group Company have agreed in writing to materially comply with Business Data (as applicable Information Privacy and as required by Data Protection and Security Laws Requirements) and information security and have taken reasonable steps measures to protect ensure that such third parties have complied with their contractual obligations. Without limiting the generality of the foregoing, the Company has entered into business associate agreements with vendors and secure Personal Information from loss, theft, misuse customers in all situations where required by 45 C.F.R. §§ 164.502(e) and 164.504(e) or unauthorized access, use, modification or disclosureArticle 28 of the GDPR. The Company has taken reasonable measures to ensure that all third parties acting on its behalf have complied with their contractual obligations.
(bd) There are no unsatisfied written requests that any Group The Company has not received from individuals seeking to exercise their data protection rights under Information Privacy any notice of any claims, investigations (including investigations by any Governmental Authority, including the HHS Office for Civil Rights and any other Data Protection Authority), for alleged violations of Data Protection and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority Requirements with respect to the Group Companies’ collection, use, storage, transferPersonal Data Processed by, or processing of Personal Information under the control of, Company, and, to the Company’s Knowledge, there are no facts or compliance with Information Privacy and Security Laws, nor has circumstances that are likely to form the basis for any such Action been threatened. There has been no material Security Breach involving Systemsclaims, Company Data and Data Sets, Personal Information investigations or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackallegations.
Appears in 1 contract
Sources: Agreement and Plan of Merger (Anika Therapeutics, Inc.)
Privacy and Data Security. (a) Each Group of the Company that maintains a web site has posted on and its web site a Subsidiaries have, since January 1, 2017 (i) been in compliance in all material respects with all applicable Laws and with their own respective published privacy policy regarding policies and internal privacy policies relating to privacy, data protection and data security, including with respect to the collection, storage, transmission, transfer (including cross-border transfers), disclosure and use and disclosure of Personal Data; and (ii) taken commercially reasonable measures to protect against loss, damage, and unauthorized access, use, modification, or other misuse of Personal Data collected, transmitted or stored by the Company or its Subsidiaries. Since January 1, 2017, no Person (including any Governmental Authority) has commenced any Legal Proceeding against the Company or its Subsidiaries with respect to the Company’s alleged loss, damage, or unauthorized access, use, modification, or other misuse of any Personal Data collected, transmitted or stored by the Company or any of its Subsidiaries (or any of their respective employees or contractors), and to the knowledge of the Company, there is no reasonable basis for any such Legal Proceeding.
(b) None of the Company or its Subsidiaries has experienced any material unauthorized access to, use or misuse of, or other breach of security with respect to (A) any Software or other Company Systems or any Personal Data or other Data or information stored or Processed thereon or thereby; (B) the Confidential Information that it collects, is in the Company’s or its Subsidiaries’ possession, or in its custody or control. Each Group ; (C) the Company has Data, in each case, collected, held or otherwise managed by the Company or any of its Subsidiaries; or (D) the Company Data, in each case, collected, transmitted or stored on behalf of the Company or any of its Subsidiaries.
(c) Since January 1, 2017, the Company and its Subsidiaries have taken reasonable measures for responding, and have complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that containany obligations relating, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security subject requests for access, rectification, deletion, portability or privacy objections to Processing of Personal Data or alleging a violation of other rights under Privacy Laws. To the extent the Company or any of its privacy policies, Subsidiaries have entered into Contracts with any third parties who are Processing Personal Data on behalf of the Company or any Information of its Subsidiaries, such Contracts obligate any such third parties to comply with all Privacy and Security Law, nor, to Laws. To the Knowledge knowledge of the Company, has any such claim been threatened third parties are in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems compliance with such Contracts and all data contained therein (including Privacy Laws, except as would not, individually or in the aggregate, be material to the Company Data and Data Sets and other data subject to confidentiality obligations)its Subsidiaries, (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of as a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosurewhole.
(bd) There are no unsatisfied written requests that The execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby complies (and the disclosure to and use by the Surviving Corporation, the Surviving Entity, and Parent and its Affiliates of such information after the Effective Time will comply) with the Company’s and its Subsidiaries’ applicable privacy policies and in all material respects with all applicable Laws relating to privacy and data security. Since January 1, 2017, the Company and each of its Subsidiaries have made all material disclosures to, and obtained any Group Company has received from individuals seeking necessary consents from, users, customers, employees, contractors and other applicable Persons required by applicable Laws related to exercise their privacy and data protection rights under Information Privacy security and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been have filed any (i) Action or (ii) written allegation that a Group Company has received by any private party, any required registrations with the applicable data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack.
Appears in 1 contract
Sources: Agreement and Plan of Merger and Reorganization (SoFi Technologies, Inc.)
Privacy and Data Security. (a) Each Group The Company has not and no third party that maintains Processes Protected Data for or on behalf of the Company has, experienced any Security Breaches, and the Company has not received any notices or complaints from any Person regarding such a web site Security Breach. The Company has posted not, and no third party that Processes Protected Data for or on its web site behalf of the Company has, received any notices, complaints, claims, demands, inquiries or other notices, including a privacy policy notice of investigation, or any other notices from any Person (including any Governmental Entity or self-regulatory authority or entity) regarding the collectionunauthorized Processing of Protected Data or non-compliance with applicable Privacy and Security Requirements. The Company maintains systems and procedures to receive and effectively respond to complaints and, use to the extent required by applicable Privacy and disclosure Security Requirements, individual rights requests in connection with the Company’s Processing of Personal Information that it collectsInformation, is in its possessionand, or in its custody or control. Each Group to the extent required by applicable Privacy and Security Requirements, the Company has complied with all such individual rights requests. The Company does not engage in the sale, as defined by applicable Privacy and Security Requirements, of Personal Information.
(b) The Company is and always has been in material compliance with all Privacy and Security Requirements and has Processed Protected Data in material compliance with all Privacy and Security Requirements and with appropriate disclosures and consents as required to provide the Protected Data to third parties in the course of its business. The Company has valid and legal rights to Process all Protected Data that is Processed by or on behalf of the Company in connection with the use and/or operation of its products, services and business, and the execution, delivery, or performance of this Agreement will not affect these rights or violate any applicable Privacy and Security Requirements. The Company has implemented, and all third parties that receive Protected Data from or on behalf of the Company have implemented, reasonable physical, technical and administrative safeguards consistent with industry standards that are designed to protect Protected Data from unauthorized access by any Person, and to ensure compliance in all material respects with all Information applicable Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureRequirements.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack.
Appears in 1 contract
Sources: Securities Purchase Agreement (Vahanna Tech Edge Acquisition I Corp.)
Privacy and Data Security. The Company, the Company Subsidiaries, and to the Company’s Knowledge, any Person acting for or on the Company’s or any Company Subsidiary’s behalf have since December 31, 2015 materially complied with (ai) Each Group all applicable Privacy Laws, (ii) all of the Company’s and any Company that maintains a web site has posted on its web site a privacy policy Subsidiary’s policies and notices regarding Personal Information, and (iii) all of the collection, use Company’s and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group any Company has complied in all material respects Subsidiary’s contractual obligations with all Information Privacy and Security Laws and material agreements respect to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge None of the Company’s or any Company Subsidiary’s privacy policies or notices have contained any material omissions or been misleading or deceptive. The Company and the Company Subsidiaries have implemented and since December 31, has any such claim been threatened 2015 have maintained reasonable safeguards, consistent with practices in writing. Each Group the industry in which the Company has taken commercially reasonable administrativeand the Company Subsidiaries operate, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by confidential data in their possession or on behalf of the Group Companies in connection with under their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from control against loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests , and the Company and the Company Subsidiaries have taken reasonable steps to ensure that any Group third party with access to Personal Information collected by or on behalf of the Company or the Company Subsidiaries has received from individuals seeking to exercise their data protection rights under Information Privacy implemented and Security Lawsmaintained the same. Except as set forth on Schedule 3.13.9(b)To the Company’s Knowledge, there is not and has not have been no breaches, security incidents, misuse of or unauthorized access to or disclosure of any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of the Company or the Company Subsidiaries or collected, used or processed by or on behalf of the Company or the Company Subsidiaries. The Company and the Company Subsidiaries have not provided or been legally required to provide any Group Companynotices to any Person in connection with a disclosure of Personal Information. No Group The Company has notifiednot received any written notice of any claims (including written notice from third parties acting on their behalf), of or been charged with, the violation of, any Privacy Laws, applicable privacy policies, or been required contractual commitments with respect to notifyPersonal Information and to the Company’s Knowledge, any Person there are no facts or Governmental Authority circumstances that could reasonably form the basis of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual such notice or threatened cyber-attackclaim.
Appears in 1 contract
Sources: Merger Agreement (Avista Healthcare Public Acquisition Corp.)
Privacy and Data Security. (a) Each Group The Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use use, and disclosure of Personal Information personal information in connection with the operation of its business that it collects, is in its the Company's possession, or in its custody custody, or control, or otherwise held or processed on its behalf and is and in the past six years has been in compliance in all material respects with its privacy policy. Each Group A complete copy of all privacy policies that have been used by the Company during the past two (2) years have been provided to TheMaven. The Company has during the past six years posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by the Company.
(b) The Company has complied at all times in all material respects with all Information Privacy applicable Federal and Security Laws state laws, rules and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to regulations regarding the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing disposal of Personal Information personal information applicable to the business of the Company.
(c) The Company is in compliance in all material respects with the terms of all Contracts to which the Company is a party relating to data privacy, security, or breach notification (including provisions that impose conditions or restrictions on the collection, use, storage, transfer, or disposal of personal information).
(d) No Person (including any Governmental Body) has commenced any action relating to the Company’s information privacy or data security practices, including with respect to the collection, use, transfer, storage, or disposal of personal information maintained by or on behalf of the Company, or, to the Knowledge of the Company, threatened any such action, or made any complaint, investigation, or inquiry relating to such practices, except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect.
(e) The execution, delivery, and performance of this Agreement and the consummation of the contemplated transactions, including any transfer of personal information resulting from such transactions, will not violate any applicable law or the privacy policy of the Company as it currently exists or as it existed at any time during which any personal information was collected or obtained by or on behalf of Company or other privacy and data security requirements imposed on Company or any party acting on its behalf under any Contracts, except in each case as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Upon the Closing, theMaven will continue to have the right to use such personal information on identical terms and conditions as the Company enjoyed immediately prior to the Closing.
(f) The Company has established and implemented policies, programs, and procedures that are commercially reasonable for a company of its size and designed to be in compliance with Information Privacy applicable industry practices/necessary and Security Lawsappropriate to protect the confidentiality, nor has any such Action been threatened. There has been no material Security Breach involving Systemsintegrity, Company Data and Data Setssecurity of personal information in its possession, Personal Information custody, or control against unauthorized access, use, modification, disclosure, or other Sensitive Data misuse.
(g) To the Knowledge of the Company, in the possession past six years, it has not experienced any material loss, damage, or control unauthorized access, disclosure, use, or breach of security of any Group personal information in the Company. No Group Company has notified's possession, custody, or been required to notifycontrol, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual otherwise held or threatened cyber-attackprocessed on its behalf.
Appears in 1 contract
Sources: Merger Agreement (theMaven, Inc.)
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, The use and disclosure dissemination by the Company of any Personal Information that it collects, Data is in its possession, or in its custody or control. Each Group Company has complied compliance in all material respects with the Company’s privacy policies and terms of use, industry standards, all applicable Information Privacy and Security Laws, Personal Data Obligations, and all Contracts to which the Company is bound. No Personal Data is stored or otherwise maintained outside the United States by the Company or any third party. The Company has not engaged in cross-border processing of Personal Data. True and complete copies of all privacy policies that have been used by the Company in the past three (3) years have been provided to Parent. The Company has consistently posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by the Company.
(b) The Company does not Collect or Use Personal Data from any Person in any manner other than as described in the Contracts or, to the extent applicable, any privacy policies delivered to Parent.
(c) The Company maintains policies and procedures regarding data security and privacy and maintains administrative, technical and physical safeguards that are commercially reasonable and, in any event, in compliance with industry standards, all applicable Information and Privacy and Security Laws and material agreements all Contracts to which it the Company is bound. True and complete copies of all such policies and procedures have been provided to Parent. The Company has complied at all times in all material respects with the terms of all Contracts to which the Company is a party relating to data privacy, security or breach notification (including provisions that contain, involve impose conditions or deal with receipt, restrictions on the collection, compilation, use, disclosure, transmission, destruction, maintenance, storage, processing, sharing, safeguarding, security or safeguarding of Personal Data).
(technical, physical and administratived) Except as set forth on Schedule 3.15.7(d), disposalat any time during the three (3)-year period preceding the Agreement Date, destructionthere have been no security breaches relating to, or violations of any security policy or Information Privacy and Security Law regarding, or any unauthorized access, disclosure, or transfer (use of, any data or information used by the Company, including cross-border) Personal InformationData. No Group Company notice has been notified in writing of any Action provided to the Company by a third party vendor or any other claim related person of any security breach relating to Personal Data. The Company has not experienced a loss or unauthorized disclosure, use, or breach of privacy or security of any Personal Data in the custody or control of the Company that would have required notice to any third Person (including any Governmental Entity or parties to any Contract) under any applicable Law. No Person (including any Governmental Authority) has commenced any Action relating to the Company’s information privacy or data security or privacy or alleging a violation of any of its privacy policiespractices, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has threatened any such claim been threatened Action or made any complaint, investigation, or inquiry relating to such practices.
(e) The Company does not (i) have or solicit any customers in writing. Each Group the European Economic Area, or (ii) knowingly process, transmit, or store any Personal Data of any Persons located in the European Economic Area.
(f) The Company has taken commercially reasonable administrative, physical and technical measures designed all required steps to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) oflimit access to Personal Data to: (ai) Systems those Company personnel and all data contained therein (including Company Data and Data Sets and other data subject third-party vendors providing services to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies Company who have a need to know such Personal Data in connection with the execution of their business, including in each case, duties to the Company; and (ii) such other Persons permitted to access such Personal Data in accordance with the privacy policies and terms of use, industry standards, all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken all Contracts to which the Company is bound.
(g) The Company maintains a commercially reasonable steps written technical information security program that contains administrative, technical and physical safeguards (including encryption) compliant in all material respects with industry standards and applicable Information Privacy and Security Laws (the “Security Program”). The Company’s Security Program is designed to: (i) protect the integrity and confidentiality of Personal Data; (ii) protect against reasonably anticipated threats or hazards to the security of Personal Data; (iii) protect and secure Personal Information from loss, theft, misuse or against the unauthorized access, use, modification disclosure or disclosure.
use of Personal Data; (biv) There are no unsatisfied written requests that any Group Company address computer and network security; and (v) provide for the secure destruction and disposal of Personal Data. The Security Program has received from individuals seeking to exercise their data protection rights under been updated as required by all applicable Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there All third-party vendors or persons with access to Personal Data have entered into contracts or written agreements with the Company requiring that such vendors or persons maintain a substantially similar security program.
(h) The Company is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or in material compliance with all applicable Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Laws regarding the Collection and Use of the Personal Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group individual.
(i) The Company controls the access to its computer and information technology networks through the utilization of industry-standard or better security measures that are designed to prevent unauthorized access to such networks. All of the Company. No Group ’s security measures are designed to be materially consistent with or exceed industry standards and the requirements of applicable Laws and are designed to (i) prevent the unauthorized disclosure of confidential information (including Personal Data) of the Company’s customers, (ii) prevent access without express authorization (and immediately terminate such unauthorized access) to the networks and information system of the Company’s customers through the networks of the Company has notified, and (iii) facilitate the Company’s identification of the person making or been required attempting to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackmake such unauthorized access.
Appears in 1 contract
Sources: Merger Agreement (Invitae Corp)
Privacy and Data Security. (a) Each Group The Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has has: (i) complied in all material respects with all Information Privacy its published privacy policies and Security Laws internal privacy policies and material agreements guidelines (true, correct and complete copies of which have been made available to Buyer), Contracts to which it is a party that containor otherwise bound, involve or deal and all applicable Laws relating to data privacy, data protection and data security, including with receipt, respect to the collection, compilation, use, storage, processingtransmission, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-borderborder transfers), disclosure, destruction and use of Personally Identifiable Information; and (ii) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal ensure that Personally Identifiable Information and is protected against loss, damage, and unauthorized access, use, modification, or other Sensitive Data collected by misuse, including any Personally Identifiable Information created, received, maintained or transmitted on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policiesCompany customers. Each Group Company There has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from been no loss, theftdamage, misuse or unauthorized access, use, modification disclosure, modification, or disclosureother misuse of any Personally Identifiable Information or other information owned, held or controlled by Company (collectively, “Information”). No Person has provided any written notice, made any written claim, or commenced any Action with respect to loss, damage, or unauthorized access, use, modification, or other misuse of any such Information by the Company or any of its respective employees or contractors and, there is no reasonable basis for any such notice, claim or Action. Neither the execution of the Transaction Documents nor the consummation of the Transactions, with or without notice or lapse of time, violate any privacy policy, Contract or applicable Laws relating to the Information.
(b) There are no unsatisfied written requests To the extent that the Company receives, processes, transmits or stores any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except financial account numbers (such as set forth on Schedule 3.13.9(bcredit cards, bank accounts, PayPal accounts, debit cards), there passwords, CCV data, cardholder data (including as such term is not and has not been any defined in the Payment Card Industry Data Security Standards (i) Action or (ii) written allegation that a Group Company has received by any private party“PCI DSS”), any data protection authorityas amended from time to time), or any other Governmental Authority with respect related data (“Cardholder Data”), the Company’s information security procedures, processes and Systems have at all times met or exceeded all applicable Laws, and contractual obligations related to the Group Companies’ collection, use, storage, transferprocessing and transmission of Cardholder Data, or processing of Personal Information or compliance with Information Privacy and all requirements established by applicable governmental regulatory agencies, payment brands, and the Payment Card Industry Standards Council (including the Payment Card Industry Data Security Laws, nor has any such Action been threatenedStandard). There has never been no a material Security Breach security breach involving Systemsany such Cardholder Data. No material breach, Company Data and Data Sets, Personal Information deficiency or other Sensitive Data non-compliance was identified in the possession most recent audit (if any) of the Company relating to its compliance with PCI DSS. For all periods when the Company received, processed, transmitted or control of stored any Group Company. No Group Cardholder Data, the Company has notified, or been required to notify, any Person or Governmental Authority implemented and complied with procedures for the regular audit of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackits Systems related with PCI DSS.
Appears in 1 contract
Privacy and Data Security. In connection with its collection, storage, use and/or disclosure of any information that constitutes “personal information,” “personal data” or “personally identifiable information” as defined in applicable laws (acollectively “Personal Information”) Each Group by or on behalf of the Company, the Company that maintains a web site is and has posted on been in compliance with (i) all laws applicable to the Company and its web site a business (including, without limitation, laws relating to privacy, data security, telephone and text message communications, and marketing by email or other channels, to the extent applicable to the Company and its business) in all relevant jurisdictions, (ii) the Company’s current privacy policy policies and public written statements regarding the collectionCompany’s privacy or data security practices, use and disclosure (iii) the requirements of any contract by which the Company is bound. The Company maintains and has maintained reasonable physical, technical, and administrative security measures and policies designed to protect all Personal Information that it collectsowned, stored, used, maintained or controlled by or on behalf of the Company from and against unlawful, accidental or unauthorized access, destruction, loss, use, modification and/or disclosure. To the extent the Company maintains or transmits protected health information, as defined under 45 C.F.R. § 160.103, the Company is in its possessioncompliance with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996, or as amended by the Health Information Technology for Economic and Clinical Health Act, including all rules and regulations promulgated thereunder. The Company is and has been in its custody or control. Each Group Company has complied compliance in all material respects with all Information Privacy laws applicable to the Company and Security Laws its business relating to data loss, theft and material agreements to which it is a party that containbreach of security notification obligations. There has been no occurrence of (x) unlawful, involve accidental or deal with receiptunauthorized destruction, collection, compilationloss, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, modification or transfer (including cross-border) Personal Information. No Group Company has been notified in writing disclosure of any Action or any other claim related access to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected owned, stored, used, maintained or controlled by or on behalf of the Group Companies in connection with their businessCompany such that Privacy Requirements require or required the Company to notify government authorities, including in each case, in accordance with all Information Privacy and Security Laws and Group affected individuals or other parties of such occurrence or (y) unauthorized access to or disclosure of the Company’s published policies. Each Group Company has taken commercially reasonable steps confidential information or trade secrets that reasonably would be expected to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of result in a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureMaterial Adverse Effect.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack.
Appears in 1 contract
Sources: Series a 1 Preferred Stock Purchase Agreement (Miso Robotics, Inc.)
Privacy and Data Security. (a) Each Group The Company that maintains a web site has posted on its web site Entities have a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, personal information in connection with the operation of the Business which is in its any Company Entity’s possession, or in its custody or control, or otherwise held or processed on its behalf and each Company Entity is and has been in compliance with such privacy policy. The Company Entities have posted a privacy policy in a clear and conspicuous location on all public websites owned or operated by the Company Entities.
(b) Each Group Company Entity has in the past two (2) years complied in all material respects with all Information Privacy applicable Laws regarding the collection, retention, use and Security Laws and protection of personal information.
(c) Each Company Entity is in material agreements compliance with the terms of all Material Contracts to which it such Company Entity is a party relating to data privacy, security or breach notification (including provisions that contain, involve impose conditions or deal with receipt, restrictions on the collection, compilation, use, storagedisclosure, processing, sharing, safeguarding, security (technical, physical and administrative), disposaltransmission, destruction, disclosuremaintenance, storage or transfer safeguarding of personal information), if any.
(d) No Person (including cross-borderany Governmental Authority) Personal Information. No Group has, in the past two (2) years, (i) commenced any Legal Proceeding relating to any Company has been notified in writing of any Action Entity’s information privacy or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, practices relating to the Knowledge personal information of consumers, including with respect to the Companyaccess, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected disclosure or use of personal information of consumers maintained by or on behalf of any Company Entity, or, (ii) to Shift’s Knowledge, threatened any such Legal Proceeding, or made any complaint or investigation relating to such practices.
(e) The execution, delivery and performance of this Agreement and the Group Companies in connection with their businessconsummation of the contemplated transactions, including in each caseany transfer of personal information resulting from such transactions, will not violate the privacy policy of any Company Entity as it currently exists.
(f) The Company Entities have established and implemented policies, programs and procedures that are commercially reasonable, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply compliance with applicable Information Privacy industry practices and Security Laws appropriate, including administrative, technical and taken reasonable steps physical safeguards to protect the confidentiality, integrity and secure Personal Information from losssecurity of personal information in its possession, theft, misuse custody or control against unauthorized access, use, modification modification, disclosure or disclosureother misuse.
(bg) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b)To Shift’s Knowledge, there is not and the Business has not been in the past two (2) years experienced any (i) Action loss, damage, or (ii) written allegation that a Group Company has received by unauthorized access, disclosure, use or breach of security of any private partypersonal information in the possession, any data protection authoritycustody or control, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, Company Entity or processing of Personal Information otherwise held or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackprocessed on its behalf.
Appears in 1 contract
Privacy and Data Security. The Company complies with, and has at all times during the past five (a5) Each Group years complied with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to the Company, and (iii) all contractual commitments, including any terms of use, that the Company that maintains a web site has posted on its web site a privacy policy regarding entered into with respect to the collection, use and disclosure Processing of Personal Information that it collects(collectively, is in its possession, or in its custody or controlthe “Data Protection Requirements”). Each Group The Company has complied in made available true, complete, and correct copies of all material respects with Privacy Policies. The Company has at all Information relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information, and Security Laws all Privacy Policies are, and material agreements to which it is a party that containhave at all times, involve been materially accurate, consistent and complete and not misleading or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer deceptive (including cross-borderby omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. No Group The Company has been notified valid and enforceable agreements in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writingplace with all Data Partners that comply with applicable Data Protection Requirements. Each Group The Company has taken commercially reasonable administrativeimplemented, physical and technical measures designed at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) security of the Company’s Computer Systems and all data contained therein (including Company Data Data. Such measures include technical and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps organizational measures to ensure that all material third party service providersonly authorized employees or agents of the Company have access to Personal Information, outsourcers, contractors, or other persons who access, process, store or otherwise handle and that Personal Information for or on behalf of a Group Company have agreed is processed in writing to materially comply compliance with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Data Protection Laws. Except as set forth on in Schedule 3.13.9(b4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, there is delivery, and performance of this Agreement and the transactions contemplated hereby do not and has not been any will not: (i) Action conflict with or result in a violation or breach of any Data Protection Requirements; (ii) written allegation that a Group Company has received by require the consent of or provision of notice to any private party, Person concerning such Person’s Personal Information; (iii) give rise to any data protection authority, right of termination or other right to impair or limit Buyer’s rights to own and Process any other Governmental Authority with respect to Personal Information used in or necessary for the Group Companies’ collection, use, storage, transfer, operation of all the Company’s businesses; or processing (iv) otherwise prohibit the transfer of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackBuyer.
Appears in 1 contract
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collectionExcept as is not and would not reasonably be expected to, use and disclosure of Personal Information that it collects, is in its possession, be individually or in its custody the aggregate, material to the Company Group, taken as a whole, the Company Group and to the Knowledge of the Company, any Person acting for or control. Each on the Company Group’s behalf have at all times since May 13, 2016 complied with (i) all applicable Privacy Laws (to the extent applicable to the Company Group with respect to Persons acting for or on behalf of the Company has complied in Group), (ii) all material respects of the Company Group’s written policies and notices regarding Personal Information, and (iii) all of the Company Group’s contractual obligations with all Information Privacy and Security Laws and material agreements respect to which it is a party that contain, involve or deal with the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) of Personal Information. No The Company Group Company has been notified not received in writing the past twelve (12) months prior to the date of this Agreement any written notice of any Action claims (including notice from third parties acting on its behalf) of, or been charged with, the violation of, any other claim related to data security or privacy or alleging a violation of any of its Privacy Laws, applicable privacy policies, or any Information Privacy and Security Lawcontractual commitments with respect to Personal Information. Since May 13, nor, to the Knowledge 2016 none of the Company, has Company Group’s privacy policies or notices have contained any such claim material omissions or been threatened misleading or deceptive in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and a manner that is not in compliance in all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), material respect with applicable Privacy Laws.
(b) The Company Group has (i) implemented and at all times since May 13, 2016 maintained reasonable safeguards to protect Personal Information in its possession or under its control against loss, theft, misuse or unauthorized access, use, modification or disclosure; and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third (ii) when engaging third-party service providers, outsourcers, contractors, processors or other persons third parties who access, process, store or otherwise handle Personal Information for or on behalf of a Group the Company Group, made commercially reasonable efforts to ensure that such third parties have (A) agreed in writing to materially comply with applicable Information Privacy and Security Laws and (B) have taken reasonable steps to protect and secure the Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosuredisclosure in connection with their performance of services for the benefit of the Company Group. Since May 13, 2016, to the Knowledge of the Company, any third party who has provided Personal Information to the Company has done so in compliance in all material respects with applicable Privacy Laws, including providing any notice and obtaining any consent required.
(bc) There are To the Knowledge of the Company, since May 13, 2016 there have been no unsatisfied written requests that breaches, security incidents, misuse of or unauthorized access to or disclosure of any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any the Company Group Company. No or collected, used or processed by or on behalf of the Company Group and the Company Group has notified, not provided or been required to notify, provide any notices to any Person in connection with a disclosure of Personal Information. The Company Group has implemented reasonable disaster recovery and business continuity plans, and taken actions consistent with such plans, to the extent required, to safeguard the data and Personal Information in its possession or Governmental Authority control. Since May 13, 2016 the Company Group has undertaken commercially reasonable privacy and data security testing or audits at reasonable and appropriate intervals. In the six (6) months prior to the date of this Agreement, the Company Group has conducted a reasonable external penetration test using a qualified independent consulting firm, which did not identify any uncontained privacy or data security breaches, material issues, vulnerabilities or threats. Neither the Company Group nor any third party acting at the direction or authorization of the Company Group has paid (i) any unlawful perpetrator of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to data breach incident or cyber-attack or (ii) any perpetrator as a result of any third party with actual or threatened alleged information about a data breach incident or cyber-attack, pursuant to a request for payment from or on behalf of such perpetrator or other third party with respect to such data breach incident or cyber-attack.
Appears in 1 contract
Privacy and Data Security. (ai) Each Group All non-public personally identifiable information relating to a natural or legal Person, the privacy of whom is protected under Legal Requirements (“Personal Data”), if any, that the Company that maintains or a web site Subsidiary has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possessionshared, or will share in its custody or control. Each Group connection with the Transactions, with Buyer, has been collected, maintained, and used at all times by the Company has complied and the Subsidiaries in compliance, in all material respects respects, with all Information Privacy applicable Legal Requirements, Contracts of the Company and Security Laws the Subsidiaries, and material agreements policies and practices relating to which it is a party Personal Data that containthe Company and the Subsidiaries have communicated to Persons about whom the Personal Data relates.
(ii) The Company and each of the Subsidiaries, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, norand, to the Knowledge of the CompanySellers, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrativeall vendors, physical and technical measures designed to protect and maintain the confidentialityprocessors, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and or other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by third parties acting for or on behalf of the Group Companies Company or the Subsidiaries in connection with their businessthe Processing of Personal Information or that otherwise have been authorized to have access to Personal Information in the possession or control of the Company or any of the Subsidiaries, comply and at all times have complied, in all material respects, with all of the following: (A) Privacy Laws; (B) rules of self-regulatory organizations, including the Payment Card Industry Data Security Standard; (C) the Company Privacy and Data Security Policies; and (D) any contractual requirements or terms of use concerning the Processing of Personal Information to which the Company or any of the Subsidiaries is a party or otherwise bound as of the date hereof (“Privacy Agreements”).
(iii) The execution, delivery, and performance of this Agreement and the consummation of the Transactions do not and will not: (A) conflict with or result in a material violation or material breach of any Privacy Laws, Company Privacy and Data Security Policies (as currently existing or as existing at any time during which any Personal Information was collected or Processed by or for the Company or any of the Subsidiaries, or Privacy Agreements); or (B) require the consent of or notice to any Person concerning such Person’s Personal Information.
(iv) At all times, the Company and the Subsidiaries have (A) made all disclosures to users or customers about its activities involving Processing Personal Information as required by applicable Legal Requirements, and none of such disclosures made or contained in any Company Privacy and Data Security Policy has been inaccurate, misleading, deceptive, or in violation of any Privacy Laws (including by containing any material omission); and (B) obtained all necessary consents required under applicable Legal Requirements to Process Personal Information, except in each casecase where the failure to make such disclosures or obtain such consents would not have a Material Adverse Effect. To the Knowledge of Sellers, in accordance with all Information Privacy vendors, processors, and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material other third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle parties Processing Personal Information for or on behalf of a Group the Company or any of the Subsidiaries are, and have agreed been, in writing to materially comply compliance, in all material respects, with applicable Information the Company Privacy and Data Security Laws Policies. The Company has delivered or made available to Buyer true, complete, and taken reasonable steps to protect correct copies of all Company Privacy and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureData Security Policies.
(bv) There are (A) no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of the Company or any Group Company. No Group Company has notifiedof the Subsidiaries, or to the Knowledge of Sellers, held, Processed, or managed by any vendor, processor, or other third party for or on behalf of the Company or any of the Subsidiaries, has been required subject to any data breach or other security incident that has resulted in or presents a risk of unauthorized access, disclosure, use, denial of use, alteration, corruption, destruction, compromise, or loss of Personal Information or that has caused or would reasonably be expected to cause a disruption to the conduct of the Company’s and the Subsidiaries’ business (a “Security Incident”), and (B) the Company and the Subsidiaries have not notified and there have been no facts or circumstances that would require the Company or the Subsidiaries to notify, any Governmental Entity or other Person or Governmental Authority of any Security BreachIncident.
(vi) The Company and the Subsidiaries have not received any notice, nor request, claim, complaint, correspondence, or other communication in writing from any Governmental Entity or other Person, and there has the Group Company paid a ▇▇▇▇▇▇ not been any audit, investigation, enforcement action (including any fines or other sanctions), or other Action, (A) relating to any perpetrator as a result actual, alleged, or suspected Security Incident or violation of any actual Privacy Law, Privacy Agreement, Company Privacy and Data Security Policy, or threatened cyberany Person’s individual privacy rights involving Personal Information in the possession or control of the Company or any of the Subsidiaries, or held or Processed by any vendor, processor, or other third party for or on behalf of the Company or any of the Subsidiaries; (B) requiring or requesting the Company or any of the Subsidiaries to amend, rectify, cease processing, de-attackcombine, permanently anonymize, block, or delete any Personal Information, or to decommission or materially alter the exploitation or operation of the Company’s or any Subsidiaries’ operations, in whole or in part; (C) prohibiting or threatening to prohibit the transfer of Personal Information to any place; or (D) permitting or mandating any Governmental Entity to investigate, requisition information from, or enter the premises of, the Company or any of the Subsidiaries, and there are no facts or circumstances that would reasonably be expected to give rise to any of the foregoing.
(vii) The Company and each of the Subsidiaries have at all times implemented and maintained reasonable security measures, plans, procedures, controls, and programs, including written information security programs, to (A) identify and address internal and external risks to the privacy and security of Personal Information in their possession or control; (B) implement, monitor, and improve adequate and effective administrative, technical, and physical safeguards to protect such Personal Information and the operation, integrity, and security of its Software, systems, applications, and websites involved in the Processing of Personal Information; and (C) provide notification in compliance with applicable Privacy Laws in the case of any Security Incident.
Appears in 1 contract
Privacy and Data Security. (a) Each Group The Company that maintains a web site is and has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is been in its possession, or in its custody or control. Each Group Company has complied compliance in all material respects with all Information Data Security Requirements and, to the Knowledge of the Company, no facts or circumstances exist that could reasonably be expected to give rise to any material breach of any Data Security Requirements.
(b) The Company has at all times complied in all material respects with: (i) all applicable privacy policies of the Company, (ii) all applicable Data Privacy Laws, and Security Laws and material agreements (iii) all applicable contractual commitments of the Company that the Company has entered into with respect to which it is a party that contain, involve or deal with the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative)security, disposal, destruction, disclosure, disclosure or transfer (including cross-border) Personal Informationof Business Data by the Company. No Group The Company has been notified in writing of any Action or any other claim related at all times provided an accurate and complete disclosure with respect to the applicable privacy policies and privacy and data security practices of the Company.
(c) The Company has not made any use of Business Data collected by or privacy or alleging a on behalf of the Company in violation of any of its privacy policiesData Security Requirements, or any Information Privacy and Security Law, norand, to the Knowledge of the Company, has any such claim in the last five (5) years there have been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all no data contained therein breaches or other information security incident (including Company any unauthorized access and/or introduction of any virus, worm, malware, ▇▇▇▇▇▇ ▇▇▇▇, Trojan horse or other unauthorized disabling code or program) involving any Business Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected handled by or on behalf of the Group Companies in connection with their businessCompany.
(d) The Company contractually requires all third parties, including in each casevendors, in accordance Affiliates and other Persons providing services to the Company who have access to or receive Business Data from the Company, to comply with all Information Privacy applicable Data Security Requirements regarding the use of such Business Data, and to use commercially reasonable efforts consistent with applicable Data Security Laws Requirements to store and Group Company’s published policiessecure all Business Data to protect against unauthorized access to or use of the Business Data. Each Group The Company has taken commercially reasonable steps measures designed to ensure that all material third such third-party service providers, outsourcersoutsourcers and processors of such Business Data have complied with their obligations to the Company.
(e) The Company has not previously been and is not currently under investigation by any Governmental Authority regarding its protection, contractorsstorage, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized accesscollection, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group , processing and transfer of Personal Information. The Company has not received any oral, written or other claim, complaint, inquiry or notice from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, Governmental Authority or any other Governmental Authority with respect Person related to whether the Group Companies’ Company’s collection, processing, use, storage, transfersecurity and/or disclosure of Business Data (i) is in violation of any applicable Data Security Requirements or (ii) otherwise constitutes an unfair, deceptive or processing misleading trade practice.
(f) The execution, delivery and performance of Personal Information this Agreement and the consummation of the transactions contemplated hereby complies with all Data Security Requirements applicable to the Company.
(g) The Company owns or compliance with Information Privacy and Security Laws, nor has any such Action been threateneda valid right to access and/or use all Company IT Systems. There has been no (i) failure or systematic malfunction of any Company IT Systems which has caused any material Security Breach involving disruption to the business of the Company, (ii) material unplanned downtime or service interruption with respect to any Company IT Systems, (iii) security breach or intrusion into the Company Data and Data SetsIT Systems or unauthorized access or use of the Company IT Systems or Business Data, Personal Information (iv) actual or other Sensitive Data in reasonably suspected unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration or use of the possession Company IT Systems or control of any Group Company. No Group Company has notifiedBusiness Data, or been required (v) action or circumstance requiring the Company to notify, any Person or notify a Governmental Authority of a data security breach or violation of any Data Security BreachRequirements. The Company has not received written notice of any vulnerability in the Company IT Systems that could reasonably be expected to compromise any of the Company IT Systems or Business Data or result in the loss of availability and/or integrity of the Company IT Systems or Business Data. The Company has implemented firewall protections, nor implemented virus scans and has taken all steps in accordance with industry standards designed to protect the Group integrity and security of the Company paid a ▇▇▇▇▇▇ IT Systems and the information stored therein (including all Business Data and Intellectual Property owned, collected, protected or maintained by the Company) from misuse or unauthorized use, access, disclosure or modification by any Person and to ensure the continued, uninterrupted and error-free operation of the Company IT Systems. The Company has in effect industry standard disaster recovery plans and procedures in the event of any malfunction of or unauthorized access to any perpetrator Company IT Systems. The Company IT Systems (i) are adequate for the operation of the business of the Company as a currently conducted, and (ii) with respect to the Company IT Systems owned by the Company or under the Company’s control, perform in material conformance with their documentation and are free from any material defect. The consummation of the transactions contemplated hereby will not result in any material liabilities or obligations in connection with any Data Security Requirements or impair any right, title or interest of the Company in or to any actual Company IT Systems or threatened cyber-attackBusiness Data.
Appears in 1 contract
Privacy and Data Security. (a) Each Group The Company that maintains a web site complies, and at all times in the past three (3) years has posted on its web site a privacy policy regarding complied, in all material respects with all of the collectionfollowing: (A) Privacy Laws; (B) the Company Privacy and Data Security Policies; and (C) all obligations or restrictions concerning the privacy, use and disclosure security, or Processing of Personal Information under any Contract to which the Company is a party or otherwise bound as of the date hereof.
(b) The execution, delivery, and performance of this Agreement and the consummation of the transactions contemplated hereby, do not and will not: (A) conflict with or result in a violation or breach of any Privacy Laws or Company Privacy and Data Security Policies (as currently existing or as existing at any time during which any Personal Information was collected or Processed by or for the Company); or (B) require the consent of or notice to any Person concerning such Person’s Personal Information.
(c) The Company has delivered or made available to Buyer true, complete, and correct copies of all Company Privacy and Data Security Policies that it collectsare currently in effect, is in its possession, or in its custody or control. Each Group and the Company has complied in all material respects with all Information such Company Privacy and Data Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosurePolicies.
(bd) There are In the past three (3) years, (A) to, no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group the Company has notifiedbeen subject to any data or security breach or unauthorized access, disclosure, use, loss, denial or loss of use, alteration, destruction, compromise, or Processing (a “Security Incident”), and (B) the Company has not notified and, to Sellers’ Knowledge, there have been required no facts or circumstances that would require the Company to notify, any Person or Governmental Authority or other Person of any Security BreachIncident.
(e) In the past three (3) years, nor the Company has the Group Company paid a ▇▇▇▇▇▇ to not received any perpetrator as a result notice, request, claim, complaint, correspondence, or other communication in writing from any Governmental Authority or other Person, and there has not been any audit, investigation, enforcement action (including any fines or other sanctions), or other Action relating to, any actual, alleged, or suspected Security Incident or violation of any actual Privacy Law involving Personal Information in the possession or threatened cyber-attackcontrol of the Company, or held or Processed by any vendor, processor, or other third party for or on behalf of the Company.
Appears in 1 contract
Privacy and Data Security. Section 3.15(q) of the Seller Disclosure Schedule identifies and describes each distinct electronic or other database containing (in whole or in part) Private Information and Customer Data maintained by or for Seller at any time, the types of Private Information and Customer Data in each such database, the means by which the Private Information and Customer Data was collected, and the security policies that have been adopted and maintained with respect to each such database. Seller has established privacy policies which are in conformance with reputable industry practice and all applicable Legal Requirements. At all times since inception, Seller has provided accurate notice of its privacy practices on all of its websites (and through client-side and web interface products) and these notices have not contained any material omissions of Seller's privacy practices and have not been misleading, deceptive, or in violation of applicable Legal Requirements. Seller has complied with and is in compliance with all applicable Legal Requirements, all rules, policies, and requirements of self-regulatory organizations, and its internal and external privacy policies, and with any contractual obligations and consumer-facing statements on its Web site and in any marketing or promotional materials relating to its use, collection, retention, storage, disclosure, transfer, disposal, and other processing of any Private Information and Customer Data, and the execution, delivery and performance of this Agreement will not result in a breach or violation of any of the foregoing. Seller has obtained all consents necessary from providers of Customer Data and Personally Identifiable Information (a) Each Group Company that maintains a web site to collect and use such Customer Data and Personally Identifiable Information in the conduct of the Business as currently conducted and as proposed by Seller to be conducted and (b) to transfer such Customer Data and Personally Identifiable Information to Seller. Seller has posted on not received, and to the knowledge of Seller, there has been no, complaint to any regulatory or other governmental body or official, foreign or domestic, or any audit, proceeding, investigation (formal or informal), or claim against, Seller or any of its web site a privacy policy customers (in the case of customers, to the extent relating to the Seller Products) by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, useretention, storage, transfer, disposal, disclosure or other processing of Personal Private Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackCustomer Data.
Appears in 1 contract
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a The Company’s data, privacy policy regarding and security practices comply in all material respects, and during the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has past five (5) years have complied in all material respects respects, with applicable Data Protection and Security Requirements. The Company has provided all notices and obtained all consents required by Data Protection and Security Requirements and satisfied all other requirements of Data Protection and Security Requirements for their Processing of Personal Data and that are necessary for the conduct of business as currently conducted and in connection with the consummation of the transaction contemplated hereunder. Without limitation, the transactions to be consummated hereunder as of the Closing Date will comply with all Information Privacy applicable Data Protection and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security Requirements.
(technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-borderb) Personal Information. No Group The Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policiesimplemented and maintains reasonable and appropriate organizational, or any Information Privacy and Security Lawphysical, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical administrative and technical measures designed to protect and maintain the operation, confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and security of all data contained therein (including Company Data and Data Sets of the Company’s confidential and other data subject to confidentiality obligations)and information, (b) all Personal Information and other Sensitive Data collected by in any format, generated or on behalf used in the conduct of the Group Companies business (“Business Data”) and the IT Assets, against unauthorized access, acquisition, interruption, alteration, modification or use. Without limiting the generality of the foregoing, the Company has implemented policies and procedures (i) designed to identify internal and external risks to the security of the Business Data or IT Assets and (ii) has implemented, reasonable and appropriate safeguards designed to control those risks. The Company has not experienced (nor have any third parties acting on the Company’s behalf) any actual or alleged Security Incident, including, without limitation, any “breach” (as defined in connection with their business45 C.F.R. Part 164, Subpart D) of unsecured Protected Health Information or of EU Personal Data. The Company has not (nor have any third parties acting on the Company’s behalf) notified, and the Company has not experienced any event resulting in any requirement that the Company notify, any Person or Data Protection Authority of any Security Incident that has resulted in the loss or unauthorized access, use or disclosure of Personal Data, including in each caseany loss or unauthorized access, in accordance with all use or disclosure, of EU Personal Data for which notification is required under the GDPR or of Protected Health Information Privacy that would constitute a breach for which notification to individuals, the media, or the United States Department of Health and Security Laws and Group Human Services (“HHS”) is required under 45 C.F.R. Part 164, Subpart D.
(c) In addition, to the Company’s published policies. Each Group Knowledge, the Company does not have any data security, information security or other technological vulnerabilities that are materially more significant in number or potential for material impact on Company business operations than are typically present in information technology assets of businesses of similar size in Company’s industry.
(d) The Company has taken commercially reasonable steps to ensure that obligated all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or and processors of confidential information on their behalf and all third parties managing IT Assets on their behalf to appropriate contractual terms relating to the Processing of a Group Company have agreed in writing to materially comply with Business Data (as applicable Information Privacy and as required by Data Protection and Security Laws Requirements) and information security and have taken reasonable steps measures to protect ensure that such third parties have complied with their contractual obligations. Without limiting the generality of the foregoing, the Company has entered into business associate agreements with vendors and secure Personal Information from loss, theft, misuse customers in all situations where required by 45 C.F.R. §§ 164.502(e) and 164.504(e) or unauthorized access, use, modification or disclosureArticle 28 of the GDPR. The Company has taken reasonable measures to ensure that all third parties acting on its behalf have complied with their contractual obligations.
(be) There are no unsatisfied written requests that any Group The Company has not received from individuals seeking to exercise their data protection rights under Information Privacy any notice of any claims, investigations (including investigations by any Governmental Authorities, including the HHS Office for Civil Rights and any other Data Protection Authority), for alleged violations of Data Protection and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority Requirements with respect to the Group Companies’ collection, use, storage, transferPersonal Data Processed by, or processing of Personal Information under the control of, Company, and, to the Company’s Knowledge, there are no facts or compliance with Information Privacy and Security Laws, nor has circumstances that are likely to form the basis for any such Action been threatened. There has been no material Security Breach involving Systemsclaims, Company Data and Data Sets, Personal Information investigations or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackallegations.
Appears in 1 contract
Sources: Agreement and Plan of Merger (Anika Therapeutics, Inc.)
Privacy and Data Security. Except as set forth on Schedule 4.16 of the Company Disclosure Letter:
(a) Each of the Group Company that maintains a web site has posted on its web site a privacy policy regarding Companies and, to the collectionKnowledge of the Group Companies, use and disclosure of any Processor, to the extent such Processor was Processing Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing on behalf of any Action or Group Company, has at all times materially complied with: (i) all applicable Privacy Laws; (ii) all of the Group Companies’ obligations regarding Personal Information and information security under any other claim Contracts; and (iii) any mandatory industry standards and guidelines related to data privacy, information security or privacy or alleging a violation data security. None of the Group Companies has received any of its privacy policies, or any Information Privacy and Security Lawwritten notice of, nor, to the Knowledge of the CompanyGroup Companies, has there been any such threat of, any investigation, audit, complaint or claim been threatened in writing. Each relating to any (A) Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations)Company’s use of Personal Information, (bB) all violation of any Privacy Laws, (C) Personal Information Breaches, or (D) Group Company’s Contractual obligations relating to Personal Information or information security; and other Sensitive Data collected by or on behalf none of the Group Companies has reason to believe that any such notice is likely to be received.
(b) Each of the Group Companies has implemented and maintained, and required that its third party vendors and Processors implement and maintain, commercially reasonable policies and business continuity and technical and organizational security designed to protect the confidentiality, integrity and availability of the Company IT Systems and Personal Information, business proprietary or sensitive information, in connection with their businessits possession, custody, or control, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from against loss, theft, misuse or unauthorized Processing, access, use, modification or disclosure.
(bc) There are no unsatisfied written requests that any To the Knowledge of the Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b)Companies, there is not and has not been any (i) Action there have been no breaches, security incidents, misuse of, or unauthorized Processing of, access to, or disclosure of, any Personal Information (each a “Personal Information Breach”) in the possession, custody, or control of any of the Group Companies, (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to none of the Group Companies’ collection, use, storage, transfer, Companies have experienced any information security incident that has materially compromised the integrity or processing availability of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving the Company IT Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in data thereon, and (iii) none of the possession or control of any Group Company. No Group Company has notified, Companies have provided or been legally required to notify, provide any notices to any Person in connection with any Personal Information Breach or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackother information security incident.
Appears in 1 contract
Privacy and Data Security. The Acquired Companies’ Processing of any Sensitive Data is in compliance with all applicable privacy policies, terms of use, Legal Requirements, and Contracts applicable to any Acquired Company or to or by which any Acquired Company is bound. The Acquired Companies maintain policies and procedures regarding data security and privacy and maintain administrative, technical, and physical safeguards that are commercially reasonable and, in any event, in compliance with all applicable Legal Requirements and Contracts applicable to any Acquired Company or to or by which any Acquired Company is bound. To the Company’s Knowledge, there has been no (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations)Breaches, (b) all unauthorized access or unauthorized use of any of the Company Technology, or (c) any unauthorized access or acquisition of any Personal Information and other Sensitive Data collected or confidential business information used by the Acquired Companies or maintained by a third party service provider on behalf of the Group Acquired Companies; and no Person has given notice to any of the Acquired Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatenedbreach or violation. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data The Acquired Companies have not notified in the possession or control of any Group Company. No Group Company has notifiedwriting, or been required by applicable Legal Requirements, Governmental Authorities or other Privacy Obligation to notifynotify in writing, any Person or Governmental Authority of any Security Breach. The Acquired Companies have implemented and maintain an information security program that is comprised of reasonable and appropriate organizational, nor has physical, administrative, and technical safeguards designed to protect the Group security, confidentiality, integrity and availability of the Company paid a ▇▇▇▇▇▇ Technology and all Sensitive Data the Acquired Companies Process that are consistent with all Legal Requirements and Contracts applicable to any perpetrator as a result of any actual or threatened cyber-attackthe Acquired Companies.
Appears in 1 contract
Privacy and Data Security. (a) Each Group The Company that maintains a web site and, to the Company’s Knowledge, any Person acting for or on the Company’s behalf is, and for the past three years has posted been, in compliance with all Privacy Requirements. The Company has implemented and maintained adequate policies, procedures and systems for receiving and appropriately responding to requests from individuals concerning their Personal Information to the extent required under applicable Privacy Requirements. None of the Company’s privacy policies or notices have contained any material omissions or been materially misleading or deceptive. The Company has not received any written notice (including written from third parties acting on its web site a privacy policy regarding the collectionbehalf) of any claims, use and disclosure of Personal Information that it collectscharges, is in its possessioninvestigations, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim regulatory inquiries related to data security or privacy or alleging a the violation of any Privacy Requirements. To the Company’s Knowledge, there are no facts or circumstances that could reasonably form the basis of its privacy policiesany such claim, charge, investigation, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), regulatory inquiry.
(b) The Company has (i) implemented and maintained commercially reasonable and appropriate technical and organizational safeguards to reasonably protect all Personal Information and other Sensitive Data collected confidential data in its possession or under its control against loss, theft, misuse or unauthorized access, use, modification, alteration, destruction or disclosure and (ii) obtained contractual commitments to the extent required by applicable Privacy Laws or on behalf of the Group Companies in connection with their business, including in each case, in accordance with as otherwise appropriate from all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third third-party service providers, outsourcers, contractors, processors or other persons third parties who access, process, store or otherwise handle any Personal Information for or on behalf of a Group the Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to maintain the privacy and confidentiality of Personal Information and to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification modification, alteration, destruction or disclosure. To the Company’s Knowledge, any third party who has provided any Personal Information to any the Company has done so in compliance with applicable Privacy Laws, including providing any notice and obtaining any consent required.
(bc) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b)Section 5.15(c) of the Company Disclosure Letter, there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has have been no material Security Breach involving Systemsbreaches, Company Data and Data Setssecurity incidents, misuse of or unauthorized access to or disclosure of any Personal Information or other Sensitive Data in the possession or control of any Group the Company or collected, used or processed by or on behalf of the Company. No Group , and the Company has notified, not provided or been required to notify, provide any notices to any Person or Governmental Authority in connection with any disclosure of any Security BreachPersonal Information. The Company has implemented commercially reasonable disaster recovery and business continuity plans, and taken actions consistent with such plans, to the extent required, to safeguard all data and Personal Information in its possession or control. The Company has conducted commercially reasonable privacy and data security testing or audits at reasonable and appropriate intervals and has resolved or remediated any privacy or data security issues or vulnerabilities identified. Neither the Company nor any third party acting at the direction or authorization of the Company has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual data breach incident or threatened cyber-attack.
(d) The transfer of Personal Information in connection with the transactions contemplated by this Agreement will not violate any Privacy Requirements. The Company is not subject to any Privacy Requirements that, following the Closing, would prohibit the Company from receiving, accessing, storing or using any Personal Information in the manner in which the Company received, accessed, stored and used such Personal Information prior to the Closing. The execution, delivery and performance of this Agreement materially complies with all applicable Privacy Requirements.
Appears in 1 contract
Sources: Merger Agreement (Skillsoft Corp.)
Privacy and Data Security. (a) Each The Group Companies’ use, collection, disclosure, access, maintenance, transmission, protection, dissemination, processing and destruction (collectively, “Data Handling”) of any Sensitive Data is and has been in material compliance with all applicable Legal Requirements, except as provided in Schedule 3.12.8, and Contracts applicable to any Group Company that maintains a web site has posted on its web site a privacy policy regarding the collectionor to which any Group Company is bound, use and disclosure of Personal Information that it collectsis, is in its possessionany event, or in its custody or controlreasonable. Each Group Company has complied all necessary authority, consents and authorizations relating to its Data Handling of any Sensitive Data in all its possession or under its control in connection with the operation of such Group Company. The Group Companies maintain policies and procedures regarding data security, privacy and the use of data, and maintain administrative, technical, and physical safeguards to protect personally-identifiable information in material respects compliance with all Information Privacy applicable Legal Requirements and Security Laws and material agreements Contracts applicable to any Group Company or to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No any Group Company has been notified is bound. Except as provided in writing Schedule 3.12.8, all transmission, disclosure and dissemination of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies occurs in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policiesan encrypted manner. Each Group Company has taken commercially reasonable steps Sensitive Data are not transmitted or otherwise provided to ensure that all material a third party service providersby the Group Companies except by a secure, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of encrypted means and subject to a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosurerequirement that the recipient treat any such Sensitive Data securely as required by Legal Requirements.
(b) There Except as provided in Schedule 3.12.8(b), during the prior six (6) years, Data Handling of Sensitive Data by the Group Companies has not resulted in, and any Sensitive Data in the custody, possession or control of the Group Companies has not been, lost, inappropriately accessed, misappropriated, misused or compromised. Except as provided in Schedule 3.12.8(b), during the prior six (6) years, there have been no material breaches of or lapses in the security of any software, Systems or facilities of the Group Companies or of any communications means or interface with any products, services or information technology systems of the Group Companies, and those products, services and Systems have not experienced any material unpermitted intrusions or been adversely affected by any denial-of-services attacks. No Actions are pending, or to the Company’s Knowledge, threatened, against any of the Group Companies as of the date hereof with respect to data security or data privacy practices.
(c) To the Company’s Knowledge, (i) no unsatisfied written requests that Group Company is engaging in or has engaged in unfair competition or trade practices or any false, deceptive, unfair or misleading advertising or promotional practices under the Legal Requirements of any jurisdiction in which such Group Company operates, and (ii) no Group Company has received any notification, or to the Company’s Knowledge, has been subject to any investigation by the United States Federal Trade Commission or any other government authority regarding such Group Company’s services, advertising or promotional practices.
(d) Except as set forth on Schedule 3.12.8(d), during the prior six (6) years, none of the Group Companies has been subject to a “Breach” of “Unsecured Protected Health Information” as such terms are defined at 45 C.F.R. § 164.402 or any state data breach notification laws. To the Company’s Knowledge, the Group Companies have not received any written or oral claim or notice from individuals seeking any Governmental Authority, alleging or referencing the investigation of any breach, violation of its Information Systems, as defined under HIPAA, or the improper use, disclosure or access to exercise their data protection rights under Information Privacy and Security Lawsany personally-identifiable information in its possession, custody or control. Except as set forth on Schedule 3.13.9(b3.12.8(d), there is not none of the Group Companies, to the Company’s Knowledge, are under investigation by any Governmental Authority for a violation of Legal Requirements relating to privacy and has not been data security or other applicable federal or state personal information privacy and security laws, including receiving any notices from the United States Department of Health and Human Services Office for Civil Rights, relating to any such violations.
(ie) Action or (ii) written allegation that a True and complete copies of all template “Business Associate Agreements” used by any Group Company has received by any private party, any data protection authority, or any other Governmental Authority Affiliated Practice have been made available to the Buyer Parties along with respect to a list of all of the Group Companies’ collectionBusiness Associates, useas defined under HIPAA. Except as provided on Schedule 3.12.8(e), storagethe Group Companies are not now and have not in any of the prior three (3) years been in material breach of any Business Associate Agreement, transferand to the Company’s Knowledge, no Business Associate is or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no in material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control breach of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has Business Associate Agreement during the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackprior three (3) years.
Appears in 1 contract
Sources: Merger Agreement (Fresenius Medical Care AG & Co. KGaA)
Privacy and Data Security. (a) Each Group Except as set forth in Section 3.16(a)(i) of the Company that maintains a web site has posted on its web site a privacy policy regarding Disclosure Schedule, the collection, use and disclosure Company Group’s Processing of Personal Information that it collects, is in its possessioncompliance in all material respects with (i) any agreement to which the Company Group is a party or by which any of their respective assets or properties are bound that governs the Processing of Personal Information, (ii) applicable Information Privacy and Security Laws, (iii) the Payment Card Industry Data Security Standard (“PCI DSS”), and (iv) Company Group Privacy Policies. Except as set forth in Section 3.16(a)(ii) of the Company Disclosure Schedule, the Company Group has all authority, consents, and authorizations to Process the Personal Information in the Company Group’s possession or under their control in its custody or controlconnection with the operation of the business as required by applicable Information Privacy and Security Laws. Each The Company Group Company has at all times since January 1, 2020 complied in all material respects with all of the Company Group’s then-current internal or public-facing written rules, statements, policies, notices, and procedures updated from time to time with respect to privacy, data protection, electronic communication or Processing of Personal Information gathered or accessed in the course of the business and the operations of the Company Group with respect to the business (collectively, the “Company Group Privacy Policies”). Since January 1, 2020, each member of the Company Group has posted to each of its websites, and otherwise has available to the public, a Company Group Privacy Policy. Except as would not be material to the Company Group, no disclosure or representation made or contained in any Company Group Privacy Policy has been inaccurate, misleading, deceptive, or in material violation of any Information Privacy and Security Laws (including by containing any material omission), and the practices of the Company Group with respect to the Processing of Personal Information conform, and at all times have conformed, to the Company Group Privacy Policies in all material respects.
(b) Since January 1, 2020, no claims have been asserted in writing or, to the Company Group’s Knowledge, threatened in writing against the Company Group or the Sellers by any Person alleging any actual, alleged, or suspected violation of such Person’s, or any other Person’s, privacy, personal or confidentiality rights under applicable Laws, or a breach or other violation of any of the Company Group Privacy Policies.
(c) Since January 1, 2020, the Company Group (i) has not received written notice of having been under investigation, audit, enforcement action by any Governmental Authority for any actual, alleged, or suspected violation of any Information Privacy and Security Laws; and (ii) have not received any written notices or audit requests from a Governmental Authority, or the Attorney General of any state or any comparable Governmental Authority in any foreign jurisdiction relating to any such violations.
(d) All IT Systems used by the Company Group in the conduct of its business are either (i) owned by, (ii) licensed or leased to, or (iii) provided to, the Company Group. The IT Systems constitute the material information technology systems reasonably necessary to carry on the operation of the business of the Company Group immediately after the Closing in substantially the same manner as conducted as of the date hereof. Company Group, since January 1, 2020, has not received any written notice from a third party alleging the Company Group is in default under licenses or leases relating to the IT Systems. No Company Group has received written notice of or, to the Knowledge of the Company Group, is aware of any material circumstances which would enable any third party to terminate any agreements or arrangements of a Company Group relating to the IT Systems (including maintenance and support), and such IT Systems are free from any Liens (other than Permitted Liens).
(e) The Company Group has taken commercially reasonable steps (including implementing and monitoring compliance with adequate measures with respect to technical and physical security) designed to ensure that the IT Systems of the Company Group that are used in connection with the business, including the relevant Software and hardware: (i) are adequate for the business as currently conducted; (ii) have not suffered any material failure or disruption since January 1, 2020; and (iii) are reasonably secure against unauthorized intrusion. Except as set forth in Section 3.16(e) of the Company Disclosure Schedule, since January 1, 2020, to the Knowledge of the Company Group, the Company Group has not suffered or experienced any security incident or breach resulting in the unauthorized access, use or intrusion, encryption of, or extortion attempts relating to any IT System or any data contained therein, any confidential information of the Company Group with respect to the business or any customer or supplier of the business or any Personal Information Processed by or on behalf of the business (“Security Incident”). No Company Group member has notified and, to the Company Group’s Knowledge, there are no facts or circumstances that would require any Company Group member to notify, any Governmental Authority or other Person of any Security Incident.
(f) The Company Group has taken reasonable steps designed to safeguard the internal and external integrity of the IT Systems and the data that the IT Systems contain, including, without limitation, procedures designed to prevent unauthorized access, the introduction of a virus and the taking and storing on-site and off-site of back-up copies of critical data.
(g) Except as set forth in Section 3.16(g) of the Company Group Disclosure Schedule, the Company Group has not completed a security risk assessment nor obtained an independent vulnerability assessment completed by a recognized third-party audit firm. The Company Group is in the process of conducting a security risk assessment by a recognized third-party audit firm and such firm has not notified the Company Group of any critical or high threats as of the date hereof.
(h) Except for disclosures of Personal Information permitted by applicable Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all applicable Contracts, the Company Group has not and does not sell, rent, or otherwise make available any Personal Information Privacy to third Persons for compensation of any form.
(i) The Company Group has at all times since January 1, 2020 implemented and Security Laws and Group Company’s published policies. Each Group Company has taken maintained, commercially reasonable steps and at a minimum industry standard security measures, plans, procedures, controls, and programs, including a written information security programs, to ensure that (i) identify and address internal and external risks to the privacy and security of Personal Information in their possession or control; (ii) implement, monitor, and improve adequate and effective administrative, technical, and physical safeguards to protect such Personal Information and the operation, integrity, and security of its software, systems, applications, and websites involved in the Processing of Personal Information; and (iii) provide notification in compliance in all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply respects with applicable Information Privacy and Security Laws and Company Group Privacy Policies in the case of any Security Incident.
(j) Since January 1, 2020, the Company Group has implemented reasonable business continuity, back-up and disaster recovery technology, plans, procedures and facilities for its business and IT Systems consistent with generally accepted industry practices with respect to the confidential information and to the IT Systems and has taken reasonable steps to protect safeguard the security and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing integrity of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data its IT Systems included in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackOwned Intellectual Property.
Appears in 1 contract
Sources: Securities Purchase Agreement (Skyline Champion Corp)
Privacy and Data Security. All information or data of any kind possessed by the Company, including but not limited to, personally identifiable information collected from any source, including consumers (a“PII”), aggregate or anonymous information collected from any source, including consumers (“Non-PII”) Each Group and Employee data, whether collected online or offline (collectively, “Data”), has been collected, by the Company that maintains a web site or any other Person, and is being maintained, stored, processed and used by the Company in compliance with all applicable laws. The Company has posted on its web site at all times presented a privacy policy regarding (“Privacy Policy”) to consumers prior to the collectioncollection of any PII or Non-PII online. The Privacy Policy, and any other representations, marketing materials and advertisements that address privacy issues and the treatment of Data, accurately and completely describe the Company’s information collection and use practices, and disclosure of Personal Information that it collectsno such notices or disclosures have been inaccurate, is in its possession, misleading or in its custody or controldeceptive. Each Group The Company has complied stored and maintained all Data in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that containsecure manner, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken using commercially reasonable administrative, physical and technical measures designed measures, to protect and maintain ensure the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company security of the Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from prevent loss, theftalteration, corruption, misuse or and unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking access to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatenedData. There has been no material unauthorized use, access to or disclosure of any Data. The Company has not received any claims, notices or complaints regarding its information practices or use of Data. The Company has not received any written notice from a Governmental Authority or consumer advocacy organization challenging, questioning or inquiring about the Company’s Data collection or usage practices. To the Knowledge of the Sellers, neither the Company nor any of its subcontractors has experienced any (a) breach of security, as defined by the Privacy Laws, (b) Breach of Unsecured Protected Health Information as “Breach,” “Unsecured Protected Health Information,” and “Protected Health Information” are defined by HIPAA, or (c) any Security Breach involving SystemsIncident as “Security Incident” is defined by HIPAA, Company Data and Data Setsexcept, Personal Information with respect to (c), for those Security Incidents which would not, individually or other Sensitive Data in the possession aggregate, reasonably be likely to have a Material Adverse Effect. The Company is in compliance with all guidelines and policies that relate to the Company’s business and which are set forth by applicable industry associations and self-regulatory guidelines. The Company has only used Data received from its customers in accordance with its contractual agreements with such customers. The consummation of the transactions contemplated herein will not result in any loss or control impairment of the rights to own or use any Data, nor will such consummation require the consent of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority third party in respect of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackData.
Appears in 1 contract
Sources: Membership Interest Purchase Agreement (Everyday Health, Inc.)
Privacy and Data Security. (a) Each Group The Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, personal information in connection with the operation of the Business which is in its any Company Entity’s possession, or in its custody or control, or otherwise held or processed on its behalf and each Company Entity is and has been in compliance with such privacy policy. Each Group The Company has posted a privacy policy in a clear and conspicuous location on all websites owned or operated by the Company Entities.
(b) Except as set forth in Section 5.11(b) of the Company Disclosure Schedules, each Company Entity has complied at all times in all material respects with all Information Privacy applicable Laws regarding the collection, retention, use and Security Laws protection of personal information and there is no claim pending or threatened in writing against any Company Entity regarding any violation of or noncompliance with such applicable Laws.
(c) Each Company Entity is in material agreements compliance with the terms of all Contracts to which it such Company Entity is a party party, if any, relating to data privacy, security or breach notification (including provisions that contain, involve impose conditions or deal with receipt, restrictions on the collection, compilation, use, storagedisclosure, processing, sharing, safeguarding, security (technical, physical and administrative), disposaltransmission, destruction, disclosuremaintenance, storage or safeguarding of personal information).
(d) Except as set forth in Section 5.11(d) of the Company Disclosure Schedules, no Person (including any Governmental Authority) has commenced any Legal Proceeding relating to any Company Entity’s information privacy or data security practices relating to personal information of consumers, including with respect to the access, disclosure or use of personal information maintained by or on behalf of any Company Entity, or, to the Company’s Knowledge, threatened any such Legal Proceeding, or made any complaint, investigation or inquiry relating to such practices.
(e) The execution, delivery and performance of this Agreement and the consummation of the contemplated transactions, including any transfer of personal information resulting from such transactions, will not violate the privacy policy of any Company Entity as it currently exists.
(including cross-borderf) Personal Information. No Group The Company has been notified established and implemented programs and procedures that are commercially reasonable, in writing compliance with applicable industry practices and appropriate, including administrative, technical and physical safeguards to protect the confidentiality, integrity and security of any Action personal information in its possession, custody or any control against unauthorized access, use, modification, disclosure or other claim related to data security or privacy or alleging a violation misuse.
(g) Except as set forth in Section 5.11(g) of any of its privacy policies, or any Information Privacy and Security Law, northe Company Disclosure Schedules, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf Business of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company Entities has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from not experienced any loss, theftdamage, misuse or unauthorized access, usedisclosure, modification use or disclosure.
(b) There are no unsatisfied written requests that breach of security of any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b)personal information in the possession, there is not and has not been any (i) Action custody or (ii) written allegation that a Group Company has received by any private party, any data protection authoritycontrol, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, Company Entity or processing of Personal Information otherwise held or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackprocessed on its behalf.
Appears in 1 contract
Sources: Merger Agreement (Fintech Acquisition Corp Iii Parent Corp)
Privacy and Data Security. (a) Each Group Except as set forth on Section 6.26(a) of the Disclosure Memorandum, the Company and its Subsidiaries, and to the Knowledge of the Company, its and their vendors, processors or third parties that maintains a web site has posted process Personal Information, (i) are taking and have, since the Compliance Date, taken commercially reasonable measures to protect the privacy and security of the Personal Information of each student or other natural person collected by the Company and its Subsidiaries or on its web site a privacy policy regarding the collectionor their behalf and to maintain in confidence such Personal Information, use and disclosure of Personal Information that it collects(ii) are, and since January 1, 2016, have been, in material compliance with its or their applicable Privacy Laws and Requirements.
(b) No Claim is in its possessionpending, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that containthe Knowledge of the Company, involve or deal with receipthas, collectionsince the Compliance Date, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified threatened in writing of any Action against the Company or any other claim related to data security or privacy or alleging a violation of any of its privacy policiesSubsidiaries by any individual, third party or any Governmental Entity with respect to Personal Information collected, used, processed or shared by the Company or any of its Subsidiaries, or held or processed by any Information vendor, processor, or other third party for or on behalf the Company or its Subsidiaries, alleging any violation of Privacy Laws and Security LawRequirements. Since the Compliance Date, northere has been no loss or other misuse by the Company or any of its Subsidiaries, or to the Knowledge of the Company, by any vendor, processor, or third party for or on behalf of the Company or any of its Subsidiaries of such Personal Information, and, to the Knowledge of the Company, no third party has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed had unauthorized access to protect and maintain or misused the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by the Company or any of its Subsidiaries, or collected by any vendor, processor, or third party for or on behalf of the Group Companies Company or any of its Subsidiaries.
(c) The execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby, do not and will not: (i) conflict with or result in connection with their businessa material violation or breach of any applicable Privacy Laws and Requirements, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s applicable published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, privacy policies or other persons who access, process, store internal privacy policies or otherwise handle guidelines (as currently existing or as existing at the time during which any Personal Information for was collected or processed by, for, or on behalf of a Group the Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(bof its Subsidiaries), there is not and has not been any (i) Action ; or (ii) written allegation that require the consent of or notice to any Person concerning such Person’s Personal Information.
(d) Since the Compliance Date, to the extent required by applicable Privacy Laws and Requirements, the Company and its Subsidiaries have posted to each of their websites and mobile applications and provided or otherwise made available in connection with any Company products or services a Group Company privacy policy. No disclosure or representation made or contained in any Company privacy policy has received by any private partybeen materially inaccurate, any data protection authoritymisleading, deceptive, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no in material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control violation of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackapplicable Privacy Laws and Requirements.
Appears in 1 contract
Sources: Stock Purchase Agreement (Universal Technical Institute Inc)
Privacy and Data Security. (a) Each Group Except as would not, individually or in the aggregate, reasonably be expected to have a Company that maintains a web site Material Adverse Effect, the Company complies and has posted on for the past three (3) years complied with applicable Privacy Laws, its web site a privacy policy regarding Privacy Policies, the collectionapplicable terms of any Company Contracts relating to privacy, security, collection or use and disclosure of Personal Information and all applicable requirements of industry standards or codes of conduct that it collectsconcern the privacy or security of Personal Information and that are binding upon the Company (all of the foregoing, is in its possessioncollectively, “Privacy Requirements”). The Company has, for the past three (3) years, used commercially reasonable methods and technology to secure Company IT Systems, all Personal Information and other material Company data and information from loss, theft, unauthorized access, use, acquisition of, disclosure of, processing of, or in its custody or control. Each Group Company has complied modification, which methods and technology comply in all material respects with applicable Privacy Requirements. To the extent required under applicable Privacy Laws, the Company has contractually obligated third parties that process Personal Information on behalf of the Company to comply in all Information material respects with applicable Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguardingprotect the privacy, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) confidentiality of all Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to To the Knowledge of the Company, has such third parties, in their provision of services to Company, have not failed to comply in any such claim material respect with relevant contracts. In the past three (3) years, no claims have been asserted or threatened against the Company by any Person alleging a violation of any Privacy Requirements, except as would not reasonably be expected to have, individually or in writingthe aggregate, a Company Material Adverse Effect. Each Group In the past three (3) years, there have been no data security incidents or data breaches affecting the Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) IT Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all or any Personal Information and other Sensitive Data collected that has been collected, maintained, processed or stored by or on behalf of the Group Companies in connection with their businessCompany that would require notification of individuals, including in each caselaw enforcement, in accordance with all Information or any Governmental Authority under any applicable Privacy and Security Laws and Group Law. Neither the execution of this Agreement nor the performance of the Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all obligations under this Agreement will violate any applicable Privacy Requirements in any material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosurerespect.
(b) There To the Knowledge of the Company, no Company IT System contains any “back door,” “drop dead device,” “time bomb,” “Trojan horse,” “virus,” “worm,” “spyware” or “adware” (as such terms are no unsatisfied written requests that commonly understood in the software industry) or any Group Company has received from individuals seeking other code designed or intended to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b)have or capable of performing or facilitating, there is not and has not been any of the following functions: (i) Action disrupting, disabling, harming or otherwise impeding in any manner the operation of, or providing unauthorized access to, a computer system or network or other device on which such code is stored or installed; or (ii) written allegation that compromising the privacy or data security of a Group user or damaging or destroying any data or file without the user’s consent (collectively, “Malicious Code”). The Company has received by any private partyimplemented, any data protection authorityand the Company maintains, or any other Governmental Authority with respect commercially reasonable measures to prevent the Group Companies’ collection, use, storage, transfer, or processing introduction of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Malicious Code into the Company IT Systems, including firewall protections and regular virus scans and for taking and storing on-site and off-site back-up copies of Company Data software and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackcritical data.
Appears in 1 contract
Privacy and Data Security. (a) Each Group Except as described in Schedule 5.26(a), Company, and, to Knowledge of the Company, all vendors, processors, or other third parties acting for or on behalf of the Company that maintains a web site has posted on its web site a privacy policy regarding in connection with the collection, use and disclosure Processing of Personal Information or that it collectsotherwise have been authorized to have access to Personal Information in the possession or control of the Company, is comply and at all times in its possessionthe past three (3) years have complied, or in its custody or control. Each Group Company has complied in all material respects with all Information of the following: (i) Privacy Laws; (ii) the Company Privacy and Data Security Laws Policies; and material agreements (iii) any Contract requirements or terms of use concerning the Processing of Personal Information to which it the Company is a party that containor otherwise bound as of the date hereof (“Privacy Agreements”). To the Knowledge of the Company, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group the operation of the business of the Company has been notified in writing not and does not violate any right to privacy or publicity of any Action third person under applicable Law.
(b) The Company has delivered or made available to the Purchaser true, complete, and correct copies of all Company Privacy and Data Security Policies.
(c) To the Knowledge of the Company, no Person has obtained unauthorized access to Personal Information in the possession of the Company, nor has there been any other claim related to data security material compromise of the security, confidentiality or privacy integrity of such information or alleging a violation of any of its privacy policiesdata, or any Information Privacy and Security Law, norno written or, to the Knowledge of the Company, has oral complaint relating to an improper use or disclosure of, or a breach in the security of, any such claim information or data has been threatened in writingreceived by the Company (a “Security Incident”). Each Group The Company has taken commercially reasonable administrativenot notified and, physical to Knowledge of the Company, there have been no facts or circumstances that would require the Company to notify, any Governmental Authority or other Person of any Security Incident.
(d) Except as described in Schedule 5.26(d), in the past three (3) years, the Company has not received any notice, request, claim, complaint, correspondence, or other communication in writing from any Governmental Authority or other Person, and technical measures designed to protect and maintain the confidentialitythere has not been any audit, securityinvestigation, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein enforcement action (including Company Data and Data Sets and any fines or other data subject to confidentiality obligationssanctions), or other Action, (bi) all relating to any actual, alleged, or suspected Security Incident or violation of any Privacy Agreements, or any Person’s individual privacy rights involving Personal Information and in the possession or control of the Company, or held or Processed by any vendor, processor, or other Sensitive Data collected by third party for or on behalf of the Group Companies in connection with their businessCompany; (ii) prohibiting or threatening to prohibit the transfer of Personal Information to any place; or (iii) permitting or mandating any Governmental Authority to investigate, including in each caserequisition information from, in accordance with all Information Privacy and Security Laws and Group or enter the premises of, the Company’s published policies. Each Group , and, to the Knowledge of the Company, there are no facts or circumstances that would reasonably be expected to give rise to any of the foregoing.
(e) The Company has taken commercially reasonable steps to ensure that at all material third party service providerstimes in the past three (3) years implemented and maintained, outsourcersand required all vendors, contractorsprocessors, or other persons who access, process, store or otherwise handle third parties that Process any Personal Information for or on behalf of a Group the Company have agreed in writing to materially comply implement and maintain, commercially reasonable security measures, plans, procedures, controls, and programs consistent with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureAgreements.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack.
Appears in 1 contract
Sources: Business Combination Agreement (Colombier Acquisition Corp. Ii)
Privacy and Data Security. (a) Each The Company Group complies and during the past two (2) years has complied with all contractual commitments that each Company that maintains a web site Entity has posted on its web site a privacy policy regarding entered into with respect to the collection, use and disclosure processing of Personal Information (collectively, the “Privacy Commitments”).
(b) Where required by Data Protection Laws, the Company Group has contractually obligated all Data Partners that it collectsprocess Personal Information on behalf of the Company Group to contractual terms relating to the protection and use of Personal Information.
(c) The Company Group’s Employees who at the direction of the Company Group have access to Personal Information in the performance of their job duties for the Company Group have received training regarding information security that is relevant to each Employee’s, is in its possessioncontractor’s or personnel’s responsibility within, or in its custody or control. Each Group services provided to the Company has complied in all material respects with all Information Privacy Group, and Security Laws and material agreements to which it is a party that containsuch Employees, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosurecontractors, or transfer (including cross-border) personnel’s access to Personal Information. No Group Company has been notified .
(d) To the Selling Parties’ Knowledge or Company’s Knowledge, the execution, delivery, and performance of this Agreement, each other Transaction Document and the Transactions do not and will not: (i) conflict with or result in writing a violation or breach of any Action Privacy Commitments; or any other claim related (ii) otherwise prohibit the transfer of Personal Information to data security Buyer or privacy or alleging a violation of any of its privacy policiesAffiliates.
(e) Each Company Entity has implemented and at all times during the past five (5) years maintained reasonable and appropriate security measures, or any Information Privacy plans, procedures, controls, and Security Lawprograms, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all security of any Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle protect such Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from lossagainst any accidental, theft, misuse unlawful or unauthorized access, use, modification loss, alteration, destruction, compromise, or disclosure.
other unauthorized disclosure of, or access to Personal Information (ba “Security Incident”). None of the Company Entities has experienced any Security Incidents in the past three (3) There are no unsatisfied written requests years that has resulted in any Group Company has received from individuals seeking Entity being required pursuant to exercise their data protection rights under Information any Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b)Commitment to notify customers, there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private partyconsumers, any data protection authorityEmployees, Governmental Authority, or any other Person of any Security Incident. In the past two (2) years, no Company Entity has been the subject of any inquiry, investigation, enforcement action or other Litigation of or by any Governmental Authority or other Person with respect to the Group Companies’ collectioncompliance with any Data Protection Law; or received any notice, userequest, storageclaim, transfercomplaint, correspondence or other communication from any Governmental Authority or other Person relating to any Security Incident or violation of any Privacy Commitments.
(f) Each Company Entity maintains insurance coverage concerning liability relating to any unauthorized processing of Personal Information Information, any Security Incident or compliance with Information any violation of the Privacy Commitments, and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or past three (3) years no claims have been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackmade under such insurance policy.
Appears in 1 contract
Sources: Sale and Purchase Agreement (Federated Hermes, Inc.)
Privacy and Data Security. (ai) Each Group The Collection and Use and dissemination by the Company of any Personal Data is in compliance in all respects with the Company’s privacy policies and terms of use, industry standards, all applicable Information Privacy and Security Laws, all Personal Data Obligations, and all Contracts to which the Company is bound. No Personal Data is stored or otherwise maintained outside the United States by the Company or any third party. The Company has not engaged in cross-border processing of Personal Data. True and complete copies of all privacy policies that maintains a web site have been used by the Company since the Reference Date have been provided to Buyer. The Company has consistently posted on its web site a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by the Company.
(ii) The Company does not Collect or Use Personal Data from any Person in any manner other than as described in the Contracts and privacy policies delivered to Buyer.
(iii) The Company maintains policies and procedures regarding the collectiondata security and privacy and maintains administrative, use technical and disclosure of Personal physical safeguards that are commercially reasonable and, in any event, in compliance with industry standards, all applicable Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information and Privacy and Security Laws and material agreements all Contracts to which it the Company is bound. True and complete copies of all such policies and procedures have been provided to Buyer. The Company has complied at all times in all respects with the terms of all Contracts to which the Company is a party relating to data privacy, security or breach notification (including provisions that contain, involve impose conditions or deal with receipt, restrictions on the collection, compilation, use, disclosure, transmission, destruction, maintenance, storage, processingor safeguarding of Personal Data).
(iv) At any time since the Reference Date, sharingthere have been no security breaches relating to, safeguardingor violations of any security policy or Information Privacy and Security Law regarding, security (technical, physical and administrative), disposal, destructionor any unauthorized access, disclosure, or transfer (use of, any data or information used by the Company, including cross-border) Personal InformationData. No Group Company notice has been notified in writing of any Action provided to the Company by a third party vendor or any other claim related person of any security breach relating to Personal Data. The Company has not experienced a loss or unauthorized disclosure, use, or breach of privacy or security of any Personal Data in the custody or control of the Company that would have required notice to any third Person (including any Governmental Entity or parties to any Contract) under any applicable Law. No Person (including any Governmental Authority) has commenced any Action relating to the Company’s information privacy or data security or privacy or alleging a violation of any of its privacy policiespractices, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has threatened any such claim been threatened Action or made any complaint, investigation, or inquiry relating to such practices.
(v) The Company does not (x) have or solicit any customers in writing. Each Group the European Economic Area, or (y) except as set forth in Section 4.15(g)(v) of the Disclosure Schedule, process, transmit, or store any Personal Data of any Persons located in the European Economic Area.
(vi) The Company has taken commercially reasonable administrative, physical and technical measures designed all required steps to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) oflimit access to Personal Data to: (ax) Systems those Company personnel and all data contained therein (including Company Data and Data Sets and other data subject third-party vendors providing services to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies Company who have a need to know such Personal Data in connection with the execution of their business, including in each case, duties to the Company; and (y) such other Persons permitted to access such Personal Data in accordance with the privacy policies and terms of use, industry standards, all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps all Contracts to which the Company is bound.
(vii) The Company maintains a written technical information security program that contains administrative, technical and physical safeguards (including encryption) compliant in all respects with industry standards and applicable Information Privacy and Security Laws (the “Security Program”). The Security Program is designed to: (v) protect the integrity and secure confidentiality of Personal Information from loss, theft, misuse Data; (w) protect against reasonably anticipated threats or hazards to the security of Personal Data; (x) protect against the unauthorized access, use, modification disclosure or disclosure.
use of Personal Data; (by) There are no unsatisfied written requests that any Group Company address computer and network security; and (z) provide for the secure destruction and disposal of Personal Data. The Security Program has received from individuals seeking to exercise their data protection rights under been updated as required by all applicable Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b)All third-party vendors or persons with access to Personal Data have entered into contracts or written agreements with the Company requiring that such vendors or persons maintain a substantially similar security program.
(viii) The Company controls the access to its computer and information technology networks through the utilization of industry-standard or better security measures that are designed to prevent unauthorized access to such networks. All of the Company’s security measures are designed to be consistent with or exceed industry standards and the requirements of applicable Laws and are designed to (x) prevent the unauthorized disclosure of confidential information (including Personal Data) of the Company, there is not (y) prevent access without express authorization (and has not been any (iimmediately terminate such unauthorized access) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, networks and information system of the Company and (z) facilitate the Company’s identification of the person making or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any attempting to make such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackunauthorized access.
Appears in 1 contract
Privacy and Data Security. (a) Each Group Since January 1, 2021, the Company that maintains a web site has posted on and its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has Subsidiaries have complied in all material respects with all Information applicable Privacy and Security Laws and material agreements the applicable terms of any Contracts relating to which it is a party that containprivacy, involve security, collection or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer use of Personal Information of any individuals (including cross-borderclinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists) that interact with the Company and/or any of its Subsidiaries in connection with the operation of Company’s and its Subsidiaries’ business. The Company and its Subsidiaries have implemented and maintain reasonable written policies and procedures, satisfying the requirements of applicable Privacy Laws and Contracts, concerning the privacy, security, collection and use of Personal InformationInformation (the “Company Privacy Policies”) and have materially complied with the same. No Group As of the date hereof, since January 1, 2021, no claims have been asserted or, to the knowledge of the Company, threatened against the Company has been notified in writing of by any Action or any other claim related to data security or privacy or Person alleging a violation of Privacy Laws, Company Privacy Policies and/or the applicable terms of any Contracts relating to privacy, security, collection or use of Personal Information of any individuals and the Company has not received written notice of any of its privacy policiesthe same. There have been no data security incidents, personal data breaches or any other adverse events or incidents related to Personal Information Privacy and Security Law, nor, to or data in the Knowledge custody or control of the Company, has its Subsidiaries and/or any service provider acting on behalf of the Company such claim been threatened in writing. Each Group that Privacy Laws require or required the Company has taken commercially reasonable administrativeto notify Governmental Entities, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and affected individuals or other data subject to confidentiality obligations), parties of such occurrence.
(b) The information technology assets and equipment of Company and its Subsidiaries (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of Company and its Subsidiaries as currently conducted, free and clear, to the knowledge of the Company, of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its Subsidiaries have implemented and maintain commercially reasonable physical, technical and administrative safeguards to protect Personal Information and other Sensitive Data collected processed by or on behalf of the Group Companies Company and its Subsidiaries, any other material confidential information and the integrity and security of the IT Systems used in connection with their businessbusinesses, including in each caseand during the past three years, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providersthere have been no breaches, outsourcersviolations, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse outages or unauthorized access, use, modification uses of or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect accesses to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, same that would reasonably be expected to result in a Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackMaterial Adverse Effect.
Appears in 1 contract
Privacy and Data Security. (ai) Each The Collection and Use and dissemination by each member of the Company Group of any Personal Data within such member of Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, Group’s custody or control is in its possession, or in its custody or control. Each Group Company has complied compliance in all material respects with all applicable Information Privacy and Security Laws and material agreements all Personal Data Obligations. Each member of the Company Group has consistently posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by such member of the Company Group.
(ii) Each member of the Company Group maintains policies and procedures regarding data security and privacy and maintains administrative, technical and physical safeguards that are commercially reasonable and, in any event, in compliance with all applicable Information and Privacy and Security Laws and all Contracts to which it such member of the Company Group is a party bound. Each member of the Company Group has complied at all times since the Reference Date in all material respects with the terms of all Contracts to which such member of the Company Group is bound relating to data privacy, security or breach notification (including provisions that contain, involve impose conditions or deal with receipt, restrictions on the collection, compilation, use, storagedisclosure, processing, sharing, safeguarding, security (technical, physical and administrative), disposaltransmission, destruction, disclosuremaintenance, storage, or transfer safeguarding of Personal Data).
(including cross-borderiii) Personal Information. No Group Company has been notified in writing of At any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nortime since the Reference Date, to the Knowledge of the Company, there have been no security breaches relating to, or violations of any Information Privacy and Security Law regarding, or any unauthorized access, disclosure, or use of, any Personal Data within a member of Company Group’s custody or control. No notice has been provided to any member of the Company Group by a third party vendor or any other person of any security breach relating to Personal Data that such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by Person maintains for or on behalf of the Company Group. To the Knowledge of the Company, no member of the Company Group Companies has experienced a loss or unauthorized disclosure, use, or breach of privacy or security of any Personal Data in connection with their business, the custody or control of such member of the Company Group that would have required notice to any third Person (including in each case, in accordance with all any Governmental Entity or parties to any Contract) under any applicable Information Privacy and Security Laws and Law. No Person (including any Governmental Authority) has commenced any Action relating to any member of the Company Group’s information privacy or data security practices, or to the Knowledge of the Company, threatened any such Action or made any complaint, investigation, or inquiry relating to such practices.
(iv) Each member of the Company Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third limit access to Personal Data within such member of Company Group’s custody or control to: (x) those Company Group personnel and third-party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for vendors providing services to or on behalf of the Company Group who have a Group need to know such Personal Data in the execution of their duties to the applicable member of the Company have agreed Group; and (y) such other Persons permitted to access such Personal Data in writing to materially comply accordance with the privacy policies and terms of use, all applicable Information Privacy and Security Laws and taken reasonable steps all Contracts to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosurewhich such member of the Company Group is bound.
(bv) There Each member of the Company Group has implemented security measures that are no unsatisfied written requests that any Group designed to prevent unauthorized access to its computer and information technology networks. All of the Company has received from individuals seeking Group’s security measures are designed to exercise their data protection rights under Information Privacy be consistent with the requirements of applicable Laws and Security Laws. Except as set forth on Schedule 3.13.9(b)are designed to (x) prevent the unauthorized disclosure of confidential information (including Personal Data) of the applicable member of the Company Group, there is not (y) prevent unauthorized access (and has not been any (iimmediately terminate such unauthorized access) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the networks and information system of the applicable member of the Company Group Companies’ collection, use, storage, transfer, and (z) facilitate the applicable member of the Company Group’s identification of the person accessing or processing attempting to access the networks and information system of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, the applicable member of the Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackGroup.
Appears in 1 contract
Sources: Merger Agreement (Invitae Corp)
Privacy and Data Security. (a) Each Group of Intermediate Parent and Company that maintains a web site complies, and at all times has posted on its web site a privacy policy regarding the collectioncomplied, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, Requirements applicable to the Knowledge of the CompanyBusiness. Intermediate Parent and Company have implemented, has any such claim been threatened in writing. Each Group Company has taken commercially documented and maintained reasonable administrative, physical and technical appropriate measures consistent with good industry practice designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that the Business complies with all material third party service providers, outsourcers, contractorsPrivacy Requirements. No disclosure made or contained in any Business Privacy Policy is, or other persons who accessat any time has been, processmaterially inaccurate, store misleading or otherwise handle Personal Information for or on behalf of deceptive in a Group Company have agreed in writing to materially comply with applicable Information manner that has violated Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureRequirements (including by containing any material omission).
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking sufficient rights and authority under Privacy Requirements to exercise their data protection rights under Information Privacy permit the use and Security Laws. Except as set forth on Schedule 3.13.9(b)other Processing of Business Data by or for Company, there is not and has not been any (i) Action or (ii) written allegation including that a Group Company has received by obtained all applicable consents from any private partyPersons (including natural persons to whom Personal Data relates).
(c) Neither Intermediate Parent nor Company, nor, to Company’s Knowledge, any data protection authorityof its service providers in connection with their Processing of Business Data or provision of services, has been subject to, or received any notice of or audit request relating to, any Legal Proceeding relating to the Processing of Business Data, the security of Systems, any actual or alleged non-compliance with any Privacy Requirement, or any other Governmental Authority Security Incident. No Person has alleged in writing that either Intermediate Parent or Company has failed to comply with respect any Privacy Requirement in connection with the operation of the Business.
(d) None of the execution, delivery or performance of this Agreement or any of the Transaction Documents, the consummation of any of the transactions contemplated by this Agreement or Company’s provision to the Group Companies’ collection, use, storage, transferPurchaser (or any of its designated Affiliates), or processing Purchaser’s (or any of Personal Information its designated Affiliates’) possession, transfer to or compliance with Information from any jurisdiction in the world or Processing of, Business Data will or would reasonably be expected to result in any material violation of any Privacy and Security Laws, nor has any such Action been threatenedRequirement. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information Purchaser’s (or other Sensitive its designated Affiliate’s) Processing of Business Data in the possession or control operation of the Business will not, and would not reasonably be expected to, result in any violation of any Group Company. No Group Company has notifiedPrivacy Requirement, so long as Purchaser (or been required to notify, such designated Affiliate(s)) Processes such Business Data in a manner substantially consistent with any Person or Governmental Authority Processing carried out by the Business as of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackClosing Date.
Appears in 1 contract
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a A privacy policy regarding the Company’s collection, storage, use and distribution of the Personal Information of visitors to the Company’s websites and users of the Customer Offerings, is and has been posted and accessible to individuals at all relevant times on each Company website and/or through the Customer Offerings and all such posted policies are accurate and have not contained any material omissions of the Company’s privacy practices or practices concerning the collection, use, storage, registration and disclosure of Personal Information that it collects, Information. The Company is in its possession, or in its custody or control. Each Group Company has complied compliance in all material respects with its stated privacy policies, and has in all past time periods over the last five years been in compliance in all material respects with its respective stated privacy policies applicable to such past time periods. Neither this Agreement nor the Ancillary Agreements, nor the Transactions will violate any of the Company’s applicable privacy policies. Except as set forth on Section 2.15(a) of the Disclosure Schedule, there has been no unauthorized access to or other misuse of any Personal Information Privacy and Security Laws and material agreements collected or otherwise obtained by the Company. There has been no unlawful disclosure by the Company, or, to which it is a party that containthe Company’s Knowledge, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) by any other Person to whom the Company has provided any Personal Information. No Group , of electronic communications or Personal Information collected or otherwise obtained by the Company has been notified to any third party, including any Governmental Entity.
(b) None of the Company Products contains any “back door,” “drop dead device,” “time bomb,” “Trojan horse,” “virus” or “worm” (as such terms are commonly understood in writing of any Action the software industry) or any other claim related code designed or intended to data security have, or privacy capable of performing or alleging a violation of without user intent will cause, any of its privacy policiesthe following functions: (i) disrupting, disabling, harming or otherwise impeding in any manner the operation of, or providing unauthorized access to, a computer system or network or other device on which such code is stored or installed; (ii) damaging or destroying any Information Privacy and Security Law, nor, data or file without the user’s consent or (iii) sending information to the Knowledge Company or any third party. None of the Customer Offerings have been discovered to contain any such malicious code in the past five (5) years.
(c) The Company has implemented and maintains reasonable and appropriate disaster recovery and security plans, procedures and facilities, consistent with industry practices of companies offering similar services to preserve the availability, security, and integrity of the Company’s Internal Systems, has any such claim been threatened and the data and information stored thereon, including data maintained on behalf of customers or users in writingconnection with the Company’s password and data management services. Each Group Company has taken commercially reasonable administrativeExcept as set forth in Section 2.15(c) of the Disclosure Schedule, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject than the Network Intrusion Matters, there has been no breach of security or unauthorized access by third parties to confidentiality obligations)(i) the Company’s Internal Systems, (bii) all the Company’s trade secrets, (iii) the Company’s user data, or (iv) any Personal Information and other Sensitive Data collected or login credentials collected, held, or otherwise managed by or on behalf of the Group Companies in connection with their Company. To the Company’s Knowledge, and except as would not have a material impact on the Company’s business, including the Company’s Internal Systems operate and perform in each case, all material respects in accordance with all Information Privacy their documentation and Security Laws functional specifications and Group otherwise as required by the Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosurebusiness.
(bd) There are Except as set forth in Section 2.15(d) of the Disclosure Schedule, there is no unsatisfied written requests that claim or Legal Proceeding of any Group nature pending or, to the Company’s Knowledge, threatened by the Company has received from individuals seeking or against the Company or any of its properties or assets (including Company Intellectual Property), in each case relating to exercise their data protection (i) any actual or alleged violation of the Company’s current or former privacy policies or any Person’s privacy, personal, or confidentiality rights under thereunder, or (ii) any actual or alleged violation of any Laws relating to the Company’s collection, storage, use and distribution of the Personal Information Privacy of visitors to the Company’s websites and Security Lawsusers of the Customer Offerings. Except as set forth on Schedule 3.13.9(b)in Section 2.15(d) of the Disclosure Schedule, there is not and the Company has not been received notice from any (i) Action or (ii) written allegation that a Group Company has received by Governmental Entity asserting any private party, any data protection authorityviolation of, or indicating an intention to commence any other Governmental Authority Legal Proceeding (including any investigation) with respect to any Laws (or any actual or alleged violation thereof) relating to the Group Companies’ Company’s collection, use, storage, transfer, or processing use and distribution of the Personal Information or compliance with Information Privacy of visitors to the Company’s websites and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in users of the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackCustomer Offerings.
Appears in 1 contract
Privacy and Data Security. (a) Each The Group Companies are, and have been, in compliance with, not in violation of, and have not received any notices of violation with respect to all Data Protection Laws, regarding the collection, storage, processing, use and transfer of Personal Information and in material compliance with all Contracts, the Group Companies’ privacy policies, and contractual obligations or representations with respect to Personal Information (collectively, “Company that maintains a web site has posted on Privacy Obligations”). The Group Companies have made and completed any and all necessary filings, disclosures and registrations under all applicable Data Protection Laws with any relevant Governmental Entity, to the extent applicable, and all such filings, disclosures and registrations are current and up-to-date.
(b) The Group Companies have established and implemented commercially reasonable administrative, technical and physical safeguards to protect the confidentiality, integrity and security of Personal Information in its web site possession, custody or control against unauthorized access, use, disclosure or other misuse. Except as otherwise would not be material to the Group Companies or its operations, the Group Companies have not experienced any loss, damage, or unauthorized access, disclosure, use or breach of security of any Personal Information in their possession, custody or control.
(c) The Group Companies have a privacy policy regarding the collection, storage, use and disclosure of Personal Information that it collectsin connection with their operations, is and the Group Companies have been in its possession, compliance with such privacy policy in all material respects. The Group Companies have posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by the Group Companies. The Group Companies are and have been in its custody or control. Each Group Company has complied compliance in all material respects with the terms of all Information Privacy and Security Laws and material agreements Contracts to which it any Group Company is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguardingrelating to privacy, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) breach notification of Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy .
(d) All sales and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected marketing activities by or on behalf of the Group Companies are and have been in connection compliance with their businessall applicable Laws in all material respects, including in each case, those requiring the Group Companies to obtain Consent from potential customers to receive such sales and marketing materials. The Group Companies have complied with all applicable requirements to register databases with the appropriate Governmental Entity in accordance with all Information applicable Data Protection Laws. The consummation of the transactions contemplated by this Agreement will not violate any Company Privacy and Security Laws and Obligation, nor require the Group Company’s published policies. Each Group Company has taken commercially reasonable steps Companies to ensure that all material third party service providers, outsourcers, contractorsprovide any notice to, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that seek any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private partyConsent from, any data protection authorityemployee, or any other Governmental Authority with respect to the Group Companies’ collectioncustomer, usesupplier, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information service provider or other Sensitive Data in the possession or control of third-party under any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackprivacy policy.
Appears in 1 contract
Privacy and Data Security. Each member of the Company Group has, since January 1, 2016, (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with such Company Group member’s privacy policies and with all Information Privacy and Security Laws and material agreements applicable Legal Requirements governing privacy or data protection with respect to which it is a party that contain, involve or deal with receipt, such Company Group member’s collection, compilation, use, storage, processing, sharing, safeguardingsecurity, security (technical, physical and administrative), disposal, destruction, disclosure, disclosure or transfer (including cross-border) of Personal Information. No Group Company has been notified in writing of any Action Information that is possessed by or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, otherwise subject to the Knowledge control of such member of the CompanyCompany Group, has any such claim been threatened in writing. Each Group Company has taken and (b) used commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure such Personal Information from security breaches resulting in loss, theftdamage, misuse or unauthorized access, use, modification disclosure, modification, or disclosure.
(b) There are no unsatisfied written requests that any other misuse of such Personal Information. Each member of the Company Group Company has received from individuals seeking undertaken surveys, audits, inventories, reviews, analyses and/or assessments to exercise their the extent required by applicable privacy and data protection rights under Information Privacy Legal Requirements and Security Laws. Except as set forth on Schedule 3.13.9(b)remediated any deficiencies identified thereby, there is not to the extent required by applicable privacy and data protection Legal Requirements, has provided training to its employees with respect to compliance with such Legal Requirements, and has not been any adopted commercially reasonable information security policies and practices designed to safeguard Personal Information in such Company Group member’s possession or control. Since January 1, 2016, (i) Action to the Knowledge of Seller, there has been no security breach resulting in any loss, damage, or unauthorized access, use, disclosure, modification, or other misuse of any Personal Information while in the possession of, or subject to the control of, any member of the Company Group, and (ii) the Company Group has not received written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result notice of any actual or threatened cyber-attackproceedings against any member of the Company Group with respect to such Company Group member’s privacy or data security practices with regard to any such Personal Information. The execution of this Agreement and the other Transaction Documents, in each case on the part of the members of the Company Group, and the consummation of the transactions contemplated hereby and thereby do not cause any member of the Company Group to violate, any privacy policy of the applicable member of the Company Group or any applicable Legal Requirements relating to privacy or data security with respect to any Personal Information.
Appears in 1 contract
Sources: Agreement and Plan of Acquisition (Brooklyn ImmunoTherapeutics, Inc.)
Privacy and Data Security. (a) Each Group Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company that maintains a web site has posted on its web site a privacy policy regarding Material Adverse Effect, (i) the Company and the Company Subsidiaries and their respective independent contractors and service providers are and have been in compliance with all applicable Laws (including the Fair Credit Reporting Act and other Laws relating to the collection, use use, processing, and disclosure of Personal Information that it collectscredit reports and similar data files, is and Laws relating to email, text messaging, telemarketing, and other communications to and from consumers), all applicable contractual obligations, the Company’s and the Company Subsidiaries’ policies, notices, and public statements, and the Payment Card Industry Data Security Standard (collectively “Privacy Obligations”), in its possession, or each case in its custody or control. Each Group Company has complied in all material respects connection with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, the collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or protection, transfer (including cross-borderborder data transfer) and use of any personally identifiable information regarding any individuals, including any customers, prospective customers, employees and other third parties (collectively, “Personal Information. No Group ”), (ii) the Company has and the Company Subsidiaries have, and at all times have maintained, physical, technical, organizational and administrative security measures and policies reasonably designed to protect all Personal Information collected, processed, or maintained by or for any of them from and against loss, theft and unauthorized access, use and disclosure and (iii) the Company and the Company Subsidiaries are and have been notified in writing of any Action or any other claim related compliance with all applicable Laws relating to data loss, theft and breach of security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to notification obligations. To the Knowledge of the Company, there has been no actual or alleged loss or theft or unauthorized collection, storage, acquisition, transfer, disclosure or use by any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Person of Personal Information collected, processed or used by the Company and other Sensitive Data collected by the Company Subsidiaries or on behalf their behalf. The execution and delivery of this Agreement by the Company, the performance by the Company of its covenants and obligations hereunder and the consummation of the Group Companies transactions contemplated hereby do not and will not violate or conflict with any Privacy Obligation in connection with their businessany material respect. Neither the Company nor any of the Company Subsidiaries has received any claim or notice (whether written or oral) (i) from any Governmental Entity of any actual, including in each casealleged, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractorspossible or potential violation of, or other persons who accessfailure to comply with, processany Privacy Obligation, store or otherwise handle Personal Information for (ii) that the Company or on behalf any of a Group the Company have agreed Subsidiaries are or were not in writing to materially comply compliance with applicable Information any Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureObligation.
(b) There The representations and warranties in this Section 4.20 and Section 4.21 are no unsatisfied written requests that any Group the sole and exclusive representations and warranties of the Company has received from individuals seeking to exercise their data protection rights under Information and the Company Subsidiaries concerning Privacy and Data Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group IT Systems matters of the Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to and the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackSubsidiaries.
Appears in 1 contract
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collectionCompany, use and disclosure including such Group Company’s Processing of Personal Information that it collectsInformation, is including in its possessionconnection with the Transactions, or in its custody or control. Each Group Company complies, and since January 1, 2015, has complied complied, in all material respects with (i) Applicable Privacy and Security Laws; and (ii) privacy and information security obligations to which it is subject under Contract or privacy policies, applicable terms of use, or any other disclosures or statements posted to websites, applications, facilities, or other media maintained or published by the Company (collectively, “Privacy Policies”). Upon Closing, each Group Company will own and/or continue to have the right to disclose and use all Personal Information that it (A) owned immediately prior to Closing and/or (B) used prior to Closing and had access to as of Closing, in each case on substantially identical terms and conditions as such Group Company enjoyed prior to Closing.
(b) No Group Company has received any written notice or any other communication from any Governmental Authority or other party (i) alleging any non-compliance with Applicable Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-borderii) Personal Information. No notifying such Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging that a Group Company is under investigation for a violation of any of its privacy policies, or any Information the Applicable Privacy and Security LawLaws or otherwise relating to any Group Company’s use of Personal Information. There are no circumstances as of the date hereof that may reasonably give rise to any such notices or communications.
(c) All material information technology or computer systems that are used in or necessary for the conduct of the business of any of the Group Companies, norincluding Software, firmware, hardware, equipment, databases, networks, interfaces, process automation, telecommunications systems and infrastructure, and related systems (collectively, the “Business Systems”) perform sufficiently for the needs of the Group Companies’ businesses as currently conducted. There have been no material parts of the Business Systems prone to material malfunction or error for which the Group Companies have not addressed and remediated any such malfunction or error according to standard industry practices. The Group Companies have safeguarded their Business Systems and Company Data with commercially reasonable information security controls, including at a minimum any controls required by Contracts, Privacy Policies, or Applicable Privacy and Security Laws. The Group Companies maintain and comply with commercially reasonable security, disaster recovery, and business continuity plans and procedures and have taken commercially reasonable measures to protect the security and integrity of the Business Systems, Company Software, Company Data, other data stored or contained therein or transmitted thereby, and, to the extent required by any applicable Contract or Applicable Privacy and Security Laws, Customer Data.
(d) Except as set forth on Section 3.22(d) of the Company Disclosure Schedule, to the Knowledge of the Company, has any such claim been threatened in writing. Each since August 1, 2016, no Group Company has taken commercially reasonable administrative, physical and technical measures designed suffered any Information Security Incident that (i) involved the unauthorized access to protect and maintain the confidentiality, security, integrity and accessibility Business Systems or Company Data; or (as applicableii) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information would require under Applicable Privacy and Security Laws and Group Company’s published policies. Each that such Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, notify any Governmental Authority or other persons who access, process, store individuals or otherwise handle Personal whose information was compromised in such Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosureIncident.
(be) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any In the shorter of (i) Action each of the past five (5) years or (ii) written allegation that a since the Company’s acquisition of the applicable Group Company, each Group Company has received by any private partyhas, any data protection authority, or any other Governmental Authority with respect to the Knowledge of the Company, performed a security risk assessment and has either addressed and remediated all material threats and deficiencies or has a plan for remediation of all material threats and deficiencies identified in those security risk assessments. The Group Companies’ collectionCompanies have documented, useinvestigated, storagecontained, transfer, or processing of Personal and remediated each identified Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ Incident related to any perpetrator as a result of any actual Business Systems or threatened cyber-attackCompany Data.
Appears in 1 contract
Sources: Merger Agreement (Kbr, Inc.)
Privacy and Data Security. (ai) The Collection and Use and dissemination by each member of the Company Group of any Personal Data is in compliance in all respects with all Information Privacy and Security Laws, all applicable Personal Data Obligations and all Contracts that pertain to the Collection and Use of Personal Data to which such member of the Company Group is bound. Except as disclosed on Section 3.15(g) of the Disclosure Schedule, (x) no Personal Data is stored or otherwise maintained outside the United States by any member of the Company Group or any third party and (y) no member of the Company Group has engaged in cross-border processing of Personal Data; except to the extent permitted under and in compliance with Information Privacy and Security Laws. True and complete copies of all privacy policies that have been used by any member of the Company Group since the Reference Date have been provided or made available to Parent. Each member of the Company Group Company that maintains a web site has since the Reference Date consistently posted on its web site a privacy policy in conformance with all Information Privacy and Security Laws on all websites and any mobile applications owned or operated by such member.
(ii) Each member of the Company Group maintains policies and procedures regarding the collectiondata security and privacy and maintains administrative, use technical and disclosure of Personal Information physical safeguards that it collectsare commercially reasonable and, is in its possessionany event, or comply in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements all Contracts to which it such member of the Company Group is a party that containbound.
(iii) Since the Reference Date, involve (w) there have been no security breaches relating to, or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, violations of any security (technical, physical policy or Information Privacy and administrative), disposal, destructionSecurity Law resulting in any unauthorized access, disclosure, or transfer use of, any Personal Data maintained by or on behalf of the Company (including cross-borderany such incident, a “Security Breach”), (x) Personal Information. No Group Company no notice has been notified in writing provided to any member of any Action or any other claim related to data security or privacy or alleging the Company Group by a violation of any of its privacy policies, or any Information Privacy and Security Law, northird party vendor or, to the Knowledge of the Company, any 58 other Person of a Security Breach, (y) the Company has not provided notice to any Governmental Authority or parties to any Contract under any applicable Law of a Security Breach since the Reference Date, and (z) no Person (including any Governmental Authority) has commenced any Action alleging in writing that the Company’s information privacy or data security practices are not compliant with Information Privacy and Security Laws, or to the Knowledge of the Company, threatened any such claim been threatened Action or made any complaint, investigation, or inquiry alleging non-compliance with Information Privacy and Security Laws.
(iv) No member of the Company Group (x) has or solicits any customers in writing. the European Economic Area, or (y) processes, transmits, or stores any Personal Data of any Persons that reside in the European Economic Area.
(v) Each member of the Company Group Company has taken takes commercially reasonable administrative, physical and technical measures designed steps to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) oflimit access to Personal Data to: (ax) Systems those Company Group personnel and all data contained therein (including Company Data and Data Sets and other data subject third-party vendors providing services to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Company Group Companies who are authorized based on principles of least privilege and (y) such other Persons permitted to access such Personal Data in connection accordance with their businessthe privacy policies and terms of use, including all Information Privacy and Security Laws, and all Contracts to which such member of the Company Group is bound.
(vi) The Company’s information security program is comprised of administrative, technical and physical safeguards compliant in each caseall respects with all Information Privacy and Security Laws (collectively, the “Security Program”). The Security Program employs commercially reasonable measures designed to: (v) protect the integrity and confidentiality of Personal Data; (w) protect against reasonably anticipated threats or hazards to the security of Personal Data; (x) protect against the unauthorized access, disclosure or use of Personal Data; (y) address computer and network security; and (z) provide for the secure destruction and disposal of Personal Data. The Security Program is regularly reviewed and, as needed, updated in accordance with all Information Privacy and Security Laws and Group Company’s published policiesLaws. Each Group Company has taken commercially reasonable steps With respect to ensure that all material third party service providersvendors or persons with access to Personal Data, outsourcers, contractors, an applicable member of the Company Group has entered into contracts or other written agreements with such parties requiring that such vendors or persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosuremaintain an appropriate security program.
(bvii) There Each member of the Company Group controls the access to its computer and information technology networks through the utilization of commercially reasonable measures that are no unsatisfied written requests that any Group designed to prevent unauthorized access to such networks. All of the Company has received from individuals seeking Group’s security measures are designed to exercise their data protection rights under Information Privacy be consistent with or exceed industry standards and Security Laws. Except as set forth on Schedule 3.13.9(b)the requirements of applicable Laws and are designed to (x) prevent the unauthorized disclosure of confidential information (including Personal Data) of the applicable member of the Company Group, there is not (y) prevent access without express authorization (and has not been any (iimmediately terminate such unauthorized access) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to the networks and information system of the applicable member of the Company Group Companies’ collection, use, storage, transfer, and (z) facilitate the applicable member of the Company Group’s identification of the person making or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any attempting to make such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attackunauthorized access.
Appears in 1 contract
Sources: Merger Agreement (Invitae Corp)
Privacy and Data Security. (ai) Each Group The Collection and Use and dissemination by the Company that maintains a web site of any Personal Data is in compliance in all respects with the Company’s privacy policies and terms of use, all applicable Information Privacy and Security Laws, all Personal Data Obligations, and all Contracts to which the Company is bound. Except as disclosed on Section 3.15(g) of the Disclosure Schedule, (i) no Personal Data is stored or otherwise maintained outside the United States by the Company or any third party and (ii) the Company has not engaged in cross-border processing of Personal Data. True and complete copies of all current privacy policies used by the Company have been provided or made available to Parent. The Company has consistently posted on its web site a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by the Company.
(ii) The Company does not Collect or Use Personal Data from any Person in any manner other than as described in the Contracts or, to the extent applicable, any privacy policies delivered or made available to Parent.
(iii) The Company maintains policies and procedures regarding data security and privacy and maintains administrative, technical and physical safeguards that are commercially reasonable and, in any event, to the collectionCompany’s Knowledge, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects compliance with all applicable Information and Privacy and Security Laws and material agreements all Contracts to which it the Company is bound. True and complete copies of all such policies and procedures have been provided or made available to Parent. The Company has complied at all times in all respects with the terms of all Contracts to which the Company is a party relating to data privacy, security or breach notification (including provisions that contain, involve impose conditions or deal with receipt, restrictions on the collection, compilation, use, disclosure, transmission, destruction, maintenance, storage, processingor safeguarding of Personal Data).
(iv) At any time since the Reference Date, sharingthere have been no security breaches relating to, safeguardingor violations of any security policy or Information Privacy and Security Law regarding, security (technical, physical and administrative), disposal, destructionor any unauthorized access, disclosure, or transfer (use of, any data or information used by the Company, including cross-border) Personal InformationData. No Group Company written notice has been notified in writing of any Action provided to the Company by a third party vendor or any other claim related person of any security breach relating to data security Personal Data. The Company has not experienced a loss or unauthorized disclosure, use, or breach of privacy or alleging a violation security of any Personal Data in the custody or control of its privacy policies, the Company that would have required notice to any third Person (including any Governmental Entity or parties to any Information Privacy and Security Contract) under any applicable Law, nor. No Person (including any Governmental Authority) has commenced or, to the Knowledge of Company’s Knowledge, threatened, any Action relating to the Company’s information privacy or data security practices.
(v) The Company does not knowingly (x) have or actively solicit any customers in the European Economic Area, has or (y) process, transmit, or store any such claim been threatened Personal Data of any Persons located in writing. Each Group the European Economic Area.
(vi) The Company has taken commercially reasonable administrative, physical and technical measures designed all required steps to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) oflimit access to Personal Data to: (ax) Systems those Company personnel and all data contained therein (including Company Data and Data Sets and other data subject third-party vendors providing services to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies Company who have a need to know such Personal Data in connection with the execution of their business, including in each case, duties to the Company; and (y) such other Persons permitted to access such Personal Data in accordance with the privacy policies and terms of use, all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps all Contracts to which the Company is bound.
(vii) The Company maintains a written technical information security program that contains administrative, technical and physical safeguards (including encryption) compliant in all respects with industry standards and applicable Information Privacy and Security Laws (the “Security Program”). The Company’s Security Program is designed to: (v) protect the integrity and secure confidentiality of Personal Information from loss, theft, misuse Data; (w) protect against reasonably anticipated threats or hazards to the security of Personal Data; (x) protect against the unauthorized access, use, modification disclosure or disclosure.
use of Personal Data; (by) There are no unsatisfied written requests that any Group Company address computer and network security; and (z) provide for the secure destruction and disposal of Personal Data. The Security Program has received from individuals seeking to exercise their data protection rights under been updated as required by all applicable Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not All third party vendors or persons with access to Personal Data have entered into contracts or written agreements with the Company requiring that such vendors or persons maintain a substantially similar security program.
(viii) The Company controls the access to its computer and has not been any information technology networks through the utilization of standard security measures that are designed to prevent unauthorized access to such networks. All of the Company’s security measures are designed to be consistent with or exceed the requirements of applicable Laws and are designed to (ix) Action or prevent the unauthorized disclosure of confidential information (iiincluding Personal Data) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Authority with respect to of the Group Companies’ collection, use, storage, transfer, or processing of Personal Information or compliance with Information Privacy and Security Laws, nor has any such Action been threatened. There has been no material Security Breach involving Systems, Company Data and Data Sets, Personal Information or other Sensitive Data in the possession or control of any Group Company. No Group Company has notified, or been required to notify, any Person or Governmental Authority of any Security Breach, nor has the Group Company paid a ▇▇▇▇▇▇ to any perpetrator as a result of any actual or threatened cyber-attack.,
Appears in 1 contract
Sources: Merger Agreement (Invitae Corp)