Privacy and Data Security. The Company complies with, and has at all times during the past five (5) years complied with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to the Company, and (iii) all contractual commitments, including any terms of use, that the Company has entered into with respect to the Processing of Personal Information (collectively, the “Data Protection Requirements”). The Company has made available true, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer.

Appears in 2 contracts

Sources: Shares Purchase Agreement (One Stop Systems, Inc.), Shares Purchase Agreement (One Stop Systems, Inc.)

Privacy and Data Security. (a) The ~~Company complies with~~Company’s data, privacy and security practices comply, and ~~has~~ at all times ~~during~~ have complied, in all material respects, with applicable Data Protection and Security Requirements. The Company has provided all notices and obtained all consents required by Data Protection and Security Requirements and satisfied all other requirements under Data Protection and Security Requirements for its Processing of Personal Data and that are necessary for the ~~past five (5) years complied with: (i)~~ conduct of business as currently conducted, as proposed to be conducted, and in connection with the consummation of the transaction contemplated hereunder. The transactions to be consummated hereunder as of the Closing Date will comply with all ~~Privacy Laws, (ii) all Privacy Policies~~ Data Protection and Security Requirements applicable to the Company. (b) The Company has implemented and at all times has maintained reasonable and appropriate organizational, physical, administrative and technical measures consistent with the state of the art for the industry in which the Company operates to protect the operation, confidentiality, integrity and security of all of the Company’s confidential and other data and information, in any format, generated or used in the conduct of the business of the Company (“Business Data”) and the IT Assets, against unauthorized access, acquisition, interruption, alteration, modification or use (collectively, “Misuse”). Without limiting the generality of the foregoing, the Company has implemented a comprehensive written information security program that complies with 45 C.F.R. Part 164, Subpart C and (i) identifies internal and external risks to the security of the Business Data or IT Assets and (ii) implements, monitors and improves adequate and effective safeguards to control those risks. The Company has not experienced (nor have any Persons acting on the Company’s behalf experienced) any actual or alleged Security Incident, including, without limitation, any “breach” (as defined in 45 C.F.R. Part 164, Subpart D) of unsecured Protected Health Information or of EU Personal Data. The Company has not (nor have any Persons acting on the Company’s behalf) notified, and ~~(iii) all contractual commitments~~the Company has not experienced any event resulting in any requirement that the Company notify, any Person or Data Protection Authority of any Security Incident, including any loss or unauthorized access, use or disclosure, of EU Personal Data or of Protected Health Information that would constitute a breach for which notification to individuals, the media, or the United States Department of Health and Human Services (“HHS”) is required under 45 C.F.R. Part 164, Subpart D. In addition, the Company does not have any material data security, information security or other technological vulnerabilities that could adversely impact the operation of relevant IT Assets or cause a Security Incident. (c) The Company has obligated all third party service providers, outsourcers, and processors of confidential information on their behalf and all third parties managing IT Assets on their behalf to appropriate contractual terms relating to the Processing of ~~use~~Business Data (as applicable and as required by Data Protection and Security Requirements) and information security and have taken reasonable measures to ensure that such third parties have complied with their contractual obligations. Without limiting the generality of the foregoing, ~~that~~ the Company has entered into business associate agreements with ~~respect to~~ vendors and customers in all situations where required by 45 C.F.R. §§ 164.502(e) and 164.504(e) or Article 28 of the ~~Processing of Personal Information (collectively, the “Data Protection Requirements”)~~GDPR. The Company has made available true, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational taken reasonable measures to ensure that ~~only authorized employees or agents of the Company~~ all third parties acting on its behalf have ~~access to Personal Information, and that Personal Information is processed in compliance~~ complied with ~~Data Protection Laws. Except as set forth in Schedule 4.24, during the past five~~ their contractual obligations. (5d) ~~years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority.~~ The Company has not received any ~~material complaints~~notice of any claims, ~~notifications~~investigations (including investigations by any Governmental Authority, including the HHS Office for Civil Rights and any other Data Protection Authority), for alleged violations of Data Protection and Security Requirements with respect to Personal Data Processed by, or ~~allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required~~ under the control of, Company, and, to ~~operate~~ the Company’s ~~business taken as a whole. The Information Technology does not contain any worms~~Knowledge, ~~viruses, bugs~~ there are no facts or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits circumstances that are ~~reasonable~~ likely to ~~respond to~~ form the ~~risk of liability relating to~~ basis for any ~~unauthorized Processing of Personal Information~~such claims, ~~a security incident,~~ investigations or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyerallegations.

Appears in 1 contract

Sources: Agreement and Plan of Merger (Anika Therapeutics, Inc.)

Privacy and Data Security. ~~The Company complies with, and has at all times during the past five (5) years complied with:~~ (i) The Collection and Use and dissemination by each member of the Company Group of any Personal Data is in compliance in all respects with all Information Privacy and Security Laws, all applicable Personal Data Obligations and all Contracts that pertain to the Collection and Use of Personal Data to which such member of the Company Group is bound. Except as disclosed on Section 3.15(g) of the Disclosure Schedule, (x) no Personal Data is stored or otherwise maintained outside the United States by any member of the Company Group or any third party and (y) no member of the Company Group has engaged in cross-border processing of Personal Data; except to the extent permitted under and in compliance with Information Privacy and Security Laws. True and complete copies of all privacy policies that have been used by any member of the Company Group since the Reference Date have been provided or made available to Parent. Each member of the Company Group has since the Reference Date consistently posted a privacy policy in conformance with all Information Privacy and Security Laws on all websites and any mobile applications owned or operated by such member. (ii) Each member of the Company Group maintains policies and procedures regarding data security and privacy and maintains administrative, technical and physical safeguards that are commercially reasonable and, in any event, comply in material respects with all Information Privacy ~~Policies applicable~~ and Security Laws and all Contracts to which such member of the Company Group is bound. (iii) Since the Reference Date, (w) there have been no security breaches relating to, or violations of any security policy or Information Privacy and Security Law resulting in any unauthorized access, disclosure, or use of, any Personal Data maintained by or on behalf of the Company (any such incident, a “Security Breach”), (x) no notice has been provided to any member of the Company Group by a third party vendor or, to the Knowledge of the Company, any 58 other Person of a Security Breach, (y) the Company has not provided notice to any Governmental Authority or parties to any Contract under any applicable Law of a Security Breach since the Reference Date, and (~~iii~~z) ~~all contractual commitments,~~ no Person (including any Governmental Authority) has commenced any Action alleging in writing that the Company’s information privacy or data security practices are not compliant with Information Privacy and Security Laws, or to the Knowledge of the Company, threatened any such Action or made any complaint, investigation, or inquiry alleging non-compliance with Information Privacy and Security Laws. (iv) No member of the Company Group (x) has or solicits any customers in the European Economic Area, or (y) processes, transmits, or stores any Personal Data of any Persons that reside in the European Economic Area. (v) Each member of the Company Group takes commercially reasonable steps to limit access to Personal Data to: (x) those Company Group personnel and third-party vendors providing services to or on behalf of the Company Group who are authorized based on principles of least privilege and (y) such other Persons permitted to access such Personal Data in accordance with the privacy policies and terms of use, ~~that~~ all Information Privacy and Security Laws, and all Contracts to which such member of the Company ~~has entered into~~ Group is bound. (vi) The Company’s information security program is comprised of administrative, technical and physical safeguards compliant in all respects with ~~respect to the Processing of Personal~~ all Information Privacy and Security Laws (collectively, the “~~Data Protection Requirements~~Security Program”). The ~~Company has made available true, complete,~~ Security Program employs commercially reasonable measures designed to: (v) protect the integrity and ~~correct copies~~ confidentiality of ~~all Privacy Policies. The Company has at all relevant times presented a Privacy Policy~~ Personal Data; (w) protect against reasonably anticipated threats or hazards to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of Personal Data; (x) protect against the ~~Company’s Computer Systems~~ unauthorized access, disclosure or use of Personal Data; (y) address computer and ~~Company~~ network security; and (z) provide for the secure destruction and disposal of Personal Data. ~~Such measures include technical~~ The Security Program is regularly reviewed and, as needed, updated in accordance with all Information Privacy and ~~organizational measures~~ Security Laws. With respect to ~~ensure that only authorized employees~~ third party vendors or ~~agents~~ persons with access to Personal Data, an applicable member of the Company ~~have~~ Group has entered into contracts or written agreements with such parties requiring that such vendors or persons maintain an appropriate security program. (vii) Each member of the Company Group controls the access to ~~Personal Information,~~ its computer and information technology networks through the utilization of commercially reasonable measures that ~~Personal Information is processed in compliance with Data Protection Laws~~are designed to prevent unauthorized access to such networks. ~~Except as set forth in Schedule 4.24, during the past five (5) years,~~ All of the Company ~~has not suffered any material business disruptions, material loss of data, or material~~ Group’s security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology measures are designed to be consistent with or exceed industry standards and the requirements of applicable ~~regulatory standards. The~~ Laws and are designed to (x) prevent the unauthorized disclosure of confidential information (including Personal Data) of the applicable member of the Company ~~maintains insurance coverage containing industry standard policy terms~~ Group, (y) prevent access without express authorization (and ~~limits that are reasonable to respond~~ immediately terminate such unauthorized access) to the ~~risk~~ networks and information system of ~~liability relating~~ the applicable member of the Company Group and (z) facilitate the applicable member of the Company Group’s identification of the person making or attempting to ~~any~~ make such unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyeraccess.

Appears in 1 contract

Sources: Merger Agreement (Invitae Corp)

Privacy and Data Security. (a) The Company ~~complies with,~~ and ~~has at~~ its Subsidiaries have implemented and complied in all ~~times during~~ material respects for the past five (5) years ~~complied with:~~ with their written privacy policies governing the Processing of Personal Information (“Privacy Policies”). The Privacy Policies accurately describe the Company’s and its Subsidiaries’ Processing of Personal Information. During the last five (5) years, the Company’s and its Subsidiaries’ Processing of Personal Information was and is in compliance in all material respects with (i) all ~~Privacy Laws, (ii) all Privacy Policies applicable to the Company, and (iii) all~~ contractual ~~commitments, including any terms of use, that~~ obligations legally binding on the Company ~~has entered into with respect~~ or its Subsidiaries and applicable to the Processing of Personal Information (~~collectively, the~~ “~~Data Protection Requirements~~Privacy Contracts”)~~. The Company has made available true~~, ~~complete~~(ii) applicable Privacy Laws, and ~~correct copies~~ (iii) all published notices of ~~all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior~~ the Company’s and its Subsidiaries’ relating to the ~~collection~~ Processing of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company ~~has valid~~ and ~~enforceable~~ each of its Subsidiaries have entered into agreements in ~~place with all Data Partners that comply with~~ substantially the form required by applicable ~~Data Protection Requirements.~~ Privacy Laws in relation to the Processing of Personal Information and agreements or agreements governing the international transfer of data where required. (b) The Company ~~has~~ and each of its Subsidiaries have implemented, maintains and at complies in all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including material respects with a written information security ~~program~~program consistent with reasonable and customary industry standards that complies in all material respects with applicable Privacy Laws and Privacy Contracts. The Company and each of its Subsidiaries have taken reasonable steps designed to ensure that any Personal Information or confidential information collected, Processed, or handled by or transferred or disclosed to ~~protect~~ authorized third parties acting on behalf of the Company or any Subsidiary of the Company provides reasonable safeguards, in each case, in compliance with applicable Privacy Laws and ~~maintain~~ consistent with general industry standards for an entity of the ~~security~~ same size and in the same industry as the Company. (c) To the Knowledge of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the ~~past~~ last five (5) years, none of the Company or any Subsidiary of the Company has experienced any breaches of security (including, but not ~~suffered any material business disruptions~~limited to ransomware) involving the unauthorized access, ~~material loss of data~~use, acquisition, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing disclosure of Personal Information, ~~a security incident~~or confidential information collected, owned, used, stored, received, Processed, or ~~any violation~~ controlled by or on behalf of ~~Data Protection Requirements,~~ the Company and ~~no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not:~~ its Subsidiaries (~~i) conflict with or result in~~ a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer.“

Appears in 1 contract

Sources: Merger Agreement (Shutterstock, Inc.)

Privacy and Data Security. ~~The Company complies with~~(a) Each of the Credit Parties and their Subsidiaries has at during the three (3) years immediately preceding the Closing Date complied in all material respects with all applicable Privacy and Data Security Requirements, except in such instances in which the failure to comply therewith, either individually or in the aggregate, would not reasonably be expected to have a Material Adverse Effect. (b) Each of the Credit Parties and their Subsidiaries has developed, implemented and maintains reasonable and appropriate administrative, organizational, technical and physical safeguards to protect Personal Information against loss, damage, and unauthorized access and Processing. Such safeguards include a comprehensive written information security program which is appropriate for the business, is consistently enforced and followed in the conduct of the business, and is the subject of routine training administered to the relevant personnel. (c) Each of the Credit Parties and their Subsidiaries has obtained written agreements from all material subcontractors to which it has provided or disclosed Personal Information that (1) meet the conditions of applicable Privacy and Data Security Requirements in all material respects, (2) bind the subcontractor to at least the same restrictions and conditions that apply to the Credit Parties or their Subsidiaries with respect to such Personal Information in all ~~times~~ material respects and (3) require such subcontractors to implement reasonable and appropriate means for protecting such Personal Information. (d) Each of the Credit Parties and their Subsidiaries owns or has a valid right to access and use all material computer systems, programs, networks, hardware, software, software engines, databases, operating systems, websites, website content and links and equipment used to process, store, and operate data, information, and functions owned, used or provided by the Credit Parties or their Subsidiaries in the business (the “Business IT Systems”). The Business IT Systems are reasonably sufficient in the good faith judgment of the Credit Parties and their Subsidiaries in all material respects for the Credit Parties’ and their Subsidiaries’ current needs in the operation of the business. The Credit Parties and their Subsidiaries have taken reasonable steps in accordance with industry standards and applicable Privacy and Data Security Requirements to secure the Business IT Systems from unauthorized access or use by any Person and to provide for the back-up and recovery of all data and information necessary to the conduct of the business without material disruption or interruption. (e) None of the Credit Parties or their Subsidiaries has experienced, during the ~~past five~~ three (53) years ~~complied with:~~ immediately preceding the Closing Date, any material (i) ~~all Privacy Laws~~data security breaches, ransomware attacks, denial-of service attacks or similar incidents; (ii) ~~all Privacy Policies applicable to~~ unauthorized access of the ~~Company~~Business IT Systems or unauthorized access to, ~~and~~ acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Personal Information that would require notification of individuals; or (iii) ~~all contractual commitments, including any terms of use, that the Company has entered into~~ unplanned downtime or service interruption with respect to the ~~Processing~~ Business IT Systems. (f) There are no pending or expected complaints, actions, fines, or other penalties facing the Credit Parties or their Subsidiaries in connection with any violations of ~~Personal Information~~ Privacy and Data Security Requirements which would reasonably be expected to result in a Material Adverse Effect. In the three (collectively, the “Data Protection Requirements”). The Company has made available true, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals 3) years immediately prior to the ~~collection~~ Closing Date, none of the Credit Parties or their Subsidiaries has been notified in writing, or been required to notify in writing, any Person of any ~~Personal Information~~material non-compliance arising out of any applicable Privacy and Data Security Requirements, ~~and all Privacy Policies are, and~~ nor have ~~at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other~~ any third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security acting on behalf of the ~~Company’s Computer Systems and Company Data~~Credit Parties or their Subsidiaries had to do so. ~~Such measures include technical and organizational measures to ensure that only authorized employees or agents~~ None of the ~~Company have access to Personal Information~~Credit Parties or their Subsidiaries has received any subpoenas, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of datawritten demands, or ~~material security breach that required~~ written notices of any legal proceedings for alleged violations of any applicable Privacy and Data Security Requirements and neither the Credit Parties nor their Subsidiaries are under investigation by any Governmental Authority for any actual or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any potential violation of ~~Data Protection Requirements~~applicable Privacy Law, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or in each case which would reasonably be expected to result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to BuyerMaterial Adverse Effect.

Appears in 1 contract

Sources: Credit and Guaranty Agreement (Moderna, Inc.)

Privacy and Data Security. (a) The Company ~~complies with,~~ is and has been at all times during the past ~~five~~ six (56) years ~~complied with:~~ (i) in compliance in all material respects with the provisions of the Privacy ~~Laws~~Laws applicable to Company, (ii) ~~all Privacy Policies applicable to the Company, and (iii)~~ in compliance with all contractual ~~commitments, including any terms of use, that~~ obligations to which the Company ~~has entered into with respect~~ is a party to or otherwise bound regarding the ~~Processing~~ Processing, privacy, security, confidentiality, or breach of Personal ~~Information~~ Information, or the rights of any individual who is a subject of Personal Information, including, without limitation, any “Business Associate Contract”, as described by 45 C.F.R. §§ 164.502(e) and 164.504(e), with any “Covered Entity”, “Business Associate”, or “Subcontractor”, as such terms are defined at 45 C.F.R. § 160.103 (collectively, the “~~Data Protection Requirements~~Privacy Obligations”). , (iii) in compliance with all policies, procedures, notices, and practices regarding the Processing, privacy, security, confidentiality, or breach of Personal Information or the rights of any individual who is a subject of Personal Information established and adopted by the Company or communicated by the Company to Persons to whom the Personal Information relates (collectively, the “Privacy Policies”). (b) The Company has ~~made available true~~entered into a Business Associate Contract with each Covered Entity which constitutes a Business Associate, ~~complete~~upstream Business Associate, or Subcontractor of the Company. To the Knowledge of the Company, no Covered Entity, upstream Business Associate, or Subcontractor of the Company has breached any Business Associate Contract to which the Company is a party. (c) The transactions contemplated hereby and ~~correct copies of all~~ related data transfers will not violate any Privacy ~~Policies.~~ Obligation. (d) The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implementedhas, and at all times during the past ~~five~~ six (56) years ~~maintained~~has, to the extent that Company has been subject to HIPAA, adopted written privacy and security compliance policies and procedures and conducted a comprehensive information security risk assessment as required by HIPAA and has made available to Buyer true, complete and correct copies of the most recent of such policies, procedures and risk assessments. The Company has obtained, or confirmed that other Persons have obtained, all ~~Data Partners~~ approvals, consents, licenses, or other legal permissions, or permitted waivers of the same, necessary under Privacy Laws and Privacy Obligations for the Company to ~~implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs~~Process Personal Information in the manner so Processed by the Company. No Protected Health Information collected by the Company is used or disclosed by the Company for secondary purposes, including ~~a written information security program~~research, ~~to protect and maintain~~ without first being de-identified in accordance with 45 C.F.R. § 164.514(b), in the ~~security~~ event de-identification of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal such Protected Health Information is ~~processed in compliance with Data Protection Laws.~~ permitted under any applicable Business Associate Contract. (e) Except as set forth ~~in Schedule 4.24, during~~ on Section 3.14(e) of the ~~past five (5) years~~Disclosure Schedule, the Company has not ~~suffered~~ experienced, or been required under Privacy Laws, other Privacy Obligations, or the Privacy Policies to report to a Governmental Body, affected individual, Covered Entity, credit reporting agency, media outlet, or other Person (i) a “Breach” of “Unsecured Protected Health Information,” as such terms are defined at 45 C.F.R. § 164.402; (ii) a use or disclosure of Protected Health Information in violation of HIPAA or Privacy Obligations; (iii) a breach, breach of security, breach of security of a system, or unauthorized acquisition, access, use, or disclosure of any Personal Information with respect to which notification of any Person is required under any Privacy Law; or (iv) any material ~~business disruptions~~“Security Incident”, ~~material loss of data~~as defined by 45 C.F.R. § 164.304. (f) The Company has implemented commercially reasonable measures, including, without limitation, implementing reasonable and appropriate administrative, physical, and technical safeguards and monitoring compliance with the same, designed to ensure that Personal Information is protected against loss, unauthorized access, use, modification, disclosure, or ~~material~~ other misuse. The Company has implemented commercially reasonable disaster recovery and security ~~breach~~ plans, procedures and facilities. (g) No investigation or Proceeding exists or is pending or, to the Knowledge of the Company, threatened, and, to the Knowledge of the Company, no facts or circumstances exist that ~~required or still requires notification~~ could reasonably be expected to give rise to any ~~supervisory authority~~such investigation or Proceeding, against Company by any Governmental Body or other Person (x) regarding the Company’s Processing of Personal Information or (y) alleging a violation of such Person’s, or any other Person’s, privacy, security, publicity, personal or confidentiality rights under Laws or noncompliance with or a violation of any Privacy Policies, Privacy Laws, or Privacy Obligations. The Company has not received any ~~material complaints~~written notice or complaint of violation of any Privacy Policies, ~~notifications~~Privacy Laws, or ~~allegations of breach of~~ Privacy ~~Laws~~ Obligations from any ~~supervisory authority The Information Technology operates~~ Governmental Body or other Person, including, without limitation, the Office for Civil Rights of HHS, the HHS Office of Inspector General, the U.S. Department of Justice or any state attorneys general. (h) With respect to all of the information technology and ~~performs~~ computer systems (including information technology and telecommunication hardware, communications networks and data centers) relating to the transmission, storage, maintenance, organization, presentation, generation, processing or analysis of data and information whether or not in electronic format, used by the Company: (i) there has been no material successful unauthorized intrusions or breaches of the security thereof, (ii) there has not been any material malfunction, unplanned downtime, or service interruption thereof that has not been remedied or replaced in all material ~~respects as currently required~~ respects, (iii) the Company has implemented commercially reasonable measures designed to ~~operate~~ protect the confidentiality, integrity and security of its servers, systems, sites, circuits, networks and other computer and telecommunications assets and equipment (and all information and transactions stored or contained therein or transmitted thereby) against any unauthorized use, access, interruption, modification or corruption, in conformance with applicable industry practices, including without limitation security patches or security upgrades that are generally available therefor, and (iv) to the Knowledge of the Company~~’s business taken as a whole. The Information Technology does not contain~~ , no third party providing technology services to Company has failed in any ~~worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology~~material respect to meet any service obligations. The Company has implemented ~~backup, security,~~ reasonable backup and ~~disaster~~ recovery technology ~~designed to be~~ processes consistent with ~~applicable regulatory standards. The Company maintains insurance coverage containing~~ industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyerpractices.

Appears in 1 contract

Sources: Agreement and Plan of Merger (Livongo Health, Inc.)

Privacy and Data Security. (a) The ~~Company complies with~~Acquired Companies are, and ~~has~~ at all times ~~during~~ in the past five (5) years ~~complied with: (i)~~ have been, in material compliance with all Privacy ~~Laws, (ii) all~~ Laws and Privacy ~~Policies applicable to the Company, and (iii) all contractual commitments, including any terms of use, that the Company has entered into with respect to the Processing of Personal Information~~ Commitments (collectively, ~~the~~ “~~Data Protection~~ Privacy Requirements”). ~~The Company has~~ Any and all privacy notices and marketing materials distributed or otherwise made available ~~true, complete, and correct copies of all Privacy Policies. The Company has~~ by the Acquired Companies have at all ~~relevant~~ times ~~presented a~~ complied in all material respects with Privacy ~~Policy to individuals prior to the collection of any Personal Information~~Requirements, been accurate and complete in all ~~Privacy Policies are~~material respects, and have ~~at all times~~not contained any material omission or inaccurate, ~~been materially accurate, consistent and complete and not~~ misleading or deceptive ~~(including by omission)~~information. The ~~Company routinely engages in due diligence of vendors~~Acquired Companies have all rights and permissions necessary to lawfully access, ~~processors or other third parties Processing~~ collect, obtain, use, retain, disclose and transfer Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in ~~place~~ accordance with ~~all Data Partners that comply with applicable Data Protection~~ Privacy Requirements. No Person has made any written claim or commenced any legal or regulatory action, lawsuit or investigation against the Acquired Companies with respect to any Information Security Incident or actual or alleged violation of a Privacy Requirement. (b) The ~~Company has implemented, and~~ Acquired Companies have at all times ~~during~~ in the past five (5) years ~~maintained~~implemented and maintained commercially reasonable and appropriate policies, procedures and technical controls to monitor for, detect and remediate security vulnerabilities and security control deficiencies associated with IT Assets in a timely manner and in accordance with industry standard practices, which has included, without limitation, (i) conducting penetration testing of all critical systems and applications maintained by or on behalf of the Acquired Companies at least annually and in accordance with an industry standard methodology, (ii) conducting vulnerability assessments or scanning of all critical systems and applications maintained by or on behalf of the Acquired Companies at least quarterly and in accordance with industry standard practices, and ~~required~~ (iii) implementing policies, procedures and technical measures to routinely identify and apply software security patches and/or security updates on all ~~Data Partners~~ IT Assets to ~~implement and maintain~~ensure the timely remediation of material, ~~at a minimum,~~ critical and/or high-risk security vulnerabilities in accordance with industry standard practices. The Acquired Companies have fully remediated any and all material, critical and/or high-risk security ~~measures~~vulnerabilities for which the Acquired Companies have become aware of in the past five (5) years. (c) The Acquired Companies have at all times in the past five (5) years maintained reasonable and appropriate administrative, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and ~~organizational measures~~ physical safeguards sufficient to ~~ensure that only authorized employees~~ (i) protect the security, confidentiality, integrity and availability of Company Information and IT Assets in a manner consistent with applicable industry standard practices; (ii) protect against any anticipated threats or ~~agents~~ hazards to the security, confidentiality, integrity or availability of ~~the~~ Company ~~have access to Personal Information,~~ Information and ~~that Personal~~ IT Assets; and (iii) detect and remediate Information ~~is processed in compliance with Data Protection Laws~~Security Incidents. ~~Except as set forth in Schedule 4.24, during~~ In the past five (5) years, there has been no Information Security Incident involving the Acquired Companies or third parties that process Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality on behalf of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to BuyerAcquired Companies.

Appears in 1 contract

Sources: Merger Agreement (Shenandoah Telecommunications Co/Va/)

Privacy and Data Security. ~~The~~ (a) Except as disclosed in Section 3.26(a) of the Disclosure Schedules, the Company ~~complies with, and~~ has at all times ~~during~~ in the ~~past five~~ last six (56) years ~~complied with:~~ collected, stored, maintained, used, shared and otherwise processed Personal Data and Government Data in accordance in all material respects with applicable Privacy Laws and the Company’s Privacy Policies and has only done so (i) with respect to Personal Data and Government Data of U.S. data subjects; and (ii) within the United States. Except as disclosed in Section 3.26(a) of the Disclosure Schedules, at all times in the last six (6) years, the Company’s privacy and security practices have conformed, in all material respects, to the Company’s contractual and legal obligations applicable to the privacy, data protection or processing of Personal Data and Government Data. The execution, delivery and performance of this Agreement, and the operation of the Company’s business consistent with its current operations, will not: (A) breach applicable Privacy Laws, any Privacy Policy or the Company’s contractual obligations applicable to the privacy, data protection or processing of Personal Data and Government Data (including, without limitation, under any HIPAA business associate agreement (“BAA”), Agreement for the Use of Centers for Medicare & Medicaid Services Data Containing Individual Identifiers (“DUA”) and U.S. Governmental Authority Authorizations to Operate); or (B) require the consent of any Person to whom Personal Data held by the Company relates. (b) Except as disclosed in Section 3.26(b) of the Disclosure Schedules, where any Privacy Policy is required to be posted or otherwise provided pursuant to applicable Privacy Laws, the Company at all times in the last six (6) years has posted applicable Privacy Policies on its websites, applications, and other online services, or otherwise, in a manner readily available to visitors and current and potential users and customers or otherwise provided them in compliance in all material respects with all Privacy Laws. No statement made in connection the Company’s collection of Personal Data, including, without limitation, on any Company website, application, or other online service, is or was, at the time made, misleading, deceptive or in violation of any Privacy Law. Information marked “[***]” has been omitted pursuant to Item 601(b)(10)(iv) of Regulation S-K because it (i) is not material and (ii) ~~all~~ is the type of information the registrant treats as private or confidential. (c) Except as disclosed in Section 3.26(c) of the Disclosure Schedules, the Company has implemented and maintains a comprehensive written data security program sufficient to comply with applicable Privacy ~~Policies applicable~~ Laws and the Company’s contractual obligations, and designed to help ensure the confidentiality, availability, and integrity of Personal Data and Government Data, the Company’s Source Code and other confidential information and to help protect Personal Data and Government Data, the Company’s Source Code, and its confidential information from unauthorized access, disclosure, acquisition, destruction, loss, alteration, misuse or use by any Person, including implementing and maintaining commercially reasonable disaster recovery and security plans and procedures for the business of the Company. Except as disclosed in Section 3.26(c) of the Disclosure Schedules, without limiting the generality of the foregoing, the Company (i) has implemented and maintains a comprehensive written data security program that is designed to: (A) identify internal and external risks to the security of the Company, ’s confidential information and any Personal Data and Government Data held or used by the Company and (~~iii~~B) ~~all contractual commitments~~implement, monitor and improve adequate and effective safeguards to control those risks; (ii) meet the National Institute of Standards and Technology Special Publication 800-171 (version 2) standards and requirements, including ~~any terms of use~~without limitation, to access controls, configuration management, maintenance, media protection, personnel security, physical security and system and communications protection, as to all Government Data that the Company ~~has entered into~~ processes and with respect to the ~~Processing~~ information technology it creates for any U.S. Governmental Authority or uses in connection with performing services for any U.S. Governmental Authority; (iii) fully complies with Company’s “playbook” posted at document 7. 2.1 in the VDR; (iv) meets the standards and requirements of the HIPAA privacy, security and breach notification Laws with respect to protected health information that the Company processes; (v) meets the standards and requirements of ISO/IEC 27001 with respect to the Company’s data processing and information technology; (vi) maintains policies, practices and safeguards to terminate its personnel’s use of and access to the Company’s and its customers’ data and information technology as soon as any such person is no longer authorized to do so; and (vii) contractually obligates its subcontractors that have access to the Company’s or its customers’ data or information technology to perform the services for the Company in a manner that protects the privacy and security of the Company’s and its customers’ data and information technology systems with substantially the same level of protection as the Company represents in this Section 3.26 that the Company itself maintains (including, without limitation, with regard to BAA and DUA obligations), as well as the Company’s contractual obligations. The Company has in the last six (6) years taken, and is currently taking, reasonable measures to detect breaches of Personal Data, or other data security incidents, and to train applicable personnel on policies and procedures to escalate any suspected or detected incidents to the attention of the Company’s applicable executives. (d) In the last six (6) years, to the Knowledge of the Company (i) there has been no data security breach or other unauthorized (A) access to, (B) use of, (C) disclosure of, (D) unavailability of, (E) modification to, or (F) other misuse of Personal Data and Government Data owned, accessed, controlled or processed by the Company; and (ii) the Company has not had or experienced any other breach of data security or cybersecurity, whether physical or electronic. (e) In the last six (6) years, Company has not received any data subject complaints or inquires related to Privacy Laws or data handling policies, practices, and/or procedures. Information marked “[***]” has been omitted pursuant to Item 601(b)(10)(iv) of Regulation S-K because it (~~collectively~~i) is not material and (ii) is the type of information the registrant treats as private or confidential. (f) There are no current or pending Legal Proceedings asserted by any Person or threatened in writing with respect to the collection, storage, hosting, use, disclosure, transmission, transfer, disposal, possession, interception, other processing or security of any Personal Data and Government Data by or for the “Company or otherwise related to Privacy Laws. To the Company’s Knowledge, there are no facts or circumstances that could constitute a reasonable basis for such a Legal Proceeding. There has been no (i) order, writ, judgment, injunction, ruling, edict, or other decree, whether temporary, preliminary or permanent, enacted, issued, promulgated, enforced or entered by any arbitrator or Governmental Authority, or (ii) government or third-party settlement, in each case adversely affecting the collection, storage, hosting, use, disclosure, transmission, transfer, disposal, possession, interception, other processing or security of any Personal Data ~~Protection Requirements”~~and Government Data by or for the Company. (g) Section 3.26(g) of the Disclosure Schedules contains a true and complete list of all Company Data Processing Contracts (excluding Government Contracts, DUAs and ▇▇▇▇). The Company has made available to the Purchaser a true, ~~complete~~correct and complete copy of each Company Data Processing Contract. (h) The Company has implemented and maintains access and security safeguards in respect of the Personal Data and Government Data maintained by or for the Company, including computer security, password protection and ~~correct copies of~~ physical security that are in compliance with all applicable Privacy ~~Policies~~Laws, the Company’s contractual obligations and the Company’s data retention and disposal programs. The Company has at all ~~relevant~~ times ~~presented a Privacy Policy to individuals prior to~~ within the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past last five (5) years ~~maintained~~made all disclosures to, and ~~required all Data Partners to implement and maintain~~obtained any necessary consents from, ~~at a minimum~~users, ~~industry standard security measures~~consumers, ~~plans~~customers, ~~procedures~~employees, ~~controls~~contractors, data subjects, and ~~programs, including a written information security program~~other applicable Persons, to ~~protect and maintain~~ the ~~security~~ extent such disclosure or consents are required to be obtained by the Company pursuant to applicable Privacy Laws. Without limiting the generality of the ~~Company’s Computer Systems and Company Data. Such measures include technical and organizational measures~~ foregoing, to ~~ensure that only authorized employees or agents of~~ the extent required to be provided by the Company ~~have access to Personal Information, and that Personal Information is processed in compliance with Data Protection~~ under applicable Privacy Laws~~. Except as set forth in Schedule 4.24, during the past five (5) years~~, the Company has ~~not suffered~~ provided appropriate notice to, and received affirmative express consent from, all natural persons prior to any ~~material business disruptions, material loss of data~~Company Product disclosing or making available to any other Person any content that the Company has characterized as, or ~~material security breach~~ that ~~required~~ such natural person reasonably would consider, confidential, private, or ~~still requires notification~~ unsuitable for disclosure to such Persons. Neither the Company, nor to the Company’s Knowledge, any ~~supervisory authority~~Person performing services for the Company has attempted to reverse engineer Personal Data in a manner intended to de-anonymize data in violation of Privacy Laws. The Company has not ~~received any material complaints, notifications,~~ used Personal Data of a customer to benefit other customers or ~~allegations of breach~~ the Company’s algorithms in violation of Privacy Laws ~~from~~ or the terms of any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information TechnologyContract. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond not made any statements to the ~~risk of liability relating~~ general public regarding any privacy or information security practices applicable to any ~~unauthorized Processing~~ Personal Data other than those made in the Privacy Policies made available by the Company. (i) With respect to any information that the Company considers “de-identified or anonymized” and therefore not Personal Data for purposes of any Privacy Laws, the Company has acted so as to qualify the data as de-identified or otherwise not Personal ~~Information~~Data under Privacy Laws, ~~a security incident,~~ including without limitation: (i) implemented technical safeguards that prohibit re-identification of the consumer to whom the information may pertain; Information marked “[***]” has been omitted pursuant to Item 601(b)(10)(iv) of Regulation S-K because it (i) is not material and (ii) is the type of information the registrant treats as private or ~~any violation~~ confidential. (ii) implemented business processes that specifically prohibit re-identification of ~~Data Protection Requirements, and~~ the information; (iii) implemented business processes to prevent inadvertent release of de-identified information; and (iv) made no ~~claims have been made under such insurance policy(ies). The execution, delivery, and~~ attempt to re-identify the information. (j) In the event the Company has or will use data derived from the performance of ~~this Agreement~~ services for one customer for purposes other than the performance of such services for such customer, including without limitation, to (i) improve the Company’s products or services, (ii) for analytics purposes and/or (iii) provide services or deliverables to any other client, the Company is and has been in compliance with all contractual obligations and all applicable Laws, including Privacy Laws. Further, the ~~transactions contemplated hereby do~~ Company’s use of data or derivatives thereof outside of the purposes for which such data was collected does not and will ~~not~~not incur any cost or liability to the Purchaser. (k) None of the Software included in any Company Product performs the following functions, without the knowledge and consent of the owner or authorized user of a computer system or device: (i) ~~conflict with~~ sends information of a user to any other Person without the user’s consent or ~~result in a violation~~ collects Personal Data stored on the computer system or ~~breach of any Data Protection Requirements~~device; (ii) ~~require~~ interferes with the ~~consent~~ owner’s or an authorized user’s control of the computer system or ~~provision of notice to any Person concerning such Person’s Personal Information~~device; (iii) ~~give rise~~ changes or interferes with settings, preferences or commands already installed or stored on the computer system or device without the knowledge of the owner or an authorized user of the computer system or device; (iv) changes or interferes with data that is stored, accessed or accessible on any computer system or device in a manner that obstructs, interrupts or interferes with lawful access to ~~any right~~ or use of ~~termination~~ that data by the owner or an authorized user of the computer system or device; (v) causes the computer system or device to communicate with another computer system or device; (vi) installs a computer program that may be activated by a Person other ~~right to impair~~ than the owner or ~~limit Buyer~~an authorized user of the computer system or device; (vii) records a user’s ~~rights to own and Process any Personal Information used in or necessary for~~ actions without the ~~operation of all the Company~~user’s ~~businesses~~knowledge; or (ivviii) ~~otherwise prohibit~~ employs a user’s internet connection without the ~~transfer~~ user’s knowledge to gather or transmit information regarding the user or the user’s behavior. Information marked “[***]” has been omitted pursuant to Item 601(b)(10)(iv) of ~~Personal Information to Buyer~~Regulation S-K because it (i) is not material and (ii) is the type of information the registrant treats as private or confidential.

Appears in 1 contract

Sources: Equity Purchase Agreement (ICF International, Inc.)

Privacy and Data Security. ~~The~~ (a) Except as set forth on Schedule 3.15.7, the use and dissemination by the Company ~~complies with, and has at~~ of any Personal Data (as defined below) is in compliance in all ~~times during the past five (5) years complied with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to~~ material respects with the Company, ’s privacy policies and ~~(iii) all contractual commitments, including any~~ terms of use, industry standards, all applicable Information Privacy and Security Laws, Personal Data Obligations, and all Contracts to which the Company is bound. No Personal Data is stored or otherwise maintained outside the United States by the Company or any third party. To the extent that the Company has ~~entered into~~ engaged in cross-border processing of Personal Data, it has taken all required steps to ensure an adequate level of protection for the Personal Data, including registration with ~~respect~~ the relevant data protection authorities to the ~~Processing~~ extent registration is required by applicable Law. True and complete copies of ~~Personal Information (collectively,~~ all privacy policies that have been used by the ~~“Data Protection Requirements”)~~Company in the past three years have been provided to Parent. The Company has ~~made available true~~consistently posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by the Company. (b) The Company does not Collect or Use Personal Data from any Person in any manner other than as described in the Contracts and privacy policies delivered to Parent. (c) The Company maintains policies and procedures regarding data security and privacy and maintains administrative, ~~complete~~technical and physical safeguards that are commercially reasonable and, in any event, in compliance with industry standards, all applicable Information and ~~correct~~ Privacy and Security Laws and all Contracts to which the Company is bound. True and complete copies of all ~~Privacy Policies~~such policies and procedures have been provided to Parent. The Company has complied at all ~~relevant~~ times ~~presented~~ in all material respects with the terms of all Contracts to which the Company is a party relating to data privacy, security or breach notification (including provisions that impose conditions or restrictions on the collection, use, disclosure, transmission, destruction, maintenance, storage, or safeguarding of Personal Data). (d) Except as set forth on Schedule 3.15.7(d), at any time during the three-year period preceding the date hereof, there have been no security breaches relating to, or violations of any security policy or Information Privacy ~~Policy to individuals prior~~ and Security Law regarding, or any unauthorized access disclosure, or use of, any data or information used by the Company, including Personal Data. No notice has been provided to the ~~collection~~ Company by a third party vendor or any other person of any security breach relating to Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal InformationData. The Company has ~~valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented~~not experienced a loss or unauthorized disclosure, ~~and at all times during the past five (5) years maintained~~use, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the or breach of privacy or security of any Personal Data in the ~~Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees~~ custody or ~~agents~~ control of the Company that would have ~~access~~ required notice to ~~Personal Information, and that Personal Information is processed in compliance with Data Protection Laws~~any third Person (including any Governmental Entity or parties to any Contract) under any applicable Law. Except as set forth in on Schedule ~~4.24~~3.15.7(d), ~~during~~ no Person (including any Governmental Authority) has commenced any Action relating to the ~~past five~~ Company’s information privacy or data security practices, or to the Knowledge of the Company, threatened any such Action or made any complaint, investigation, or inquiry relating to such practices. (5e) ~~years, the Company~~ There has ~~not suffered any material business disruptions, material~~ been no loss of ~~data~~or unauthorized access, disclosure, use, or ~~material~~ breach of privacy or security ~~breach that required~~ involving any Cardholder Data Collected or ~~still requires notification to~~ Used by or on behalf of the Company. (f) The Company does not (i) have or solicit any ~~supervisory authority.~~ customers in the European Economic Area, or (ii) knowingly process, transmit, or store any Personal Data of any Persons located in the European Economic Area. (g) The Company has ~~not received any material complaints~~taken all required steps to limit access to Personal Data to: (i) those Company personnel and third-party vendors providing services to or on behalf of the Company who have a need to know such Personal Data in the execution of their duties to the Company; and (ii) such other Persons permitted to access such Personal Data in accordance with the privacy policies and terms of use, ~~notifications~~industry standards, ~~or allegations of breach of~~ all applicable Information Privacy and Security Laws ~~from any supervisory authority~~ and all Contracts to which the Company is bound. (h) The ~~Information Technology operates~~ Company maintains a written technical information security program that contains administrative, technical and ~~performs~~ physical safeguards (including encryption) compliant in all material respects ~~as currently required~~ with industry standards and applicable Information Privacy and Security Laws, including but not limited to ~~operate~~ the ~~Company’s business taken as a whole. The~~ Massachusetts Standards for Protection of Personal Information ~~Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality~~ of Residents of the ~~Information Technology. The Company has implemented backup~~Commonwealth (201 C.F.R. 17.00, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to et seq.) (the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies“Security Program”). The ~~execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not~~Company’s Security Program is designed to: (i) ~~conflict with or result in a violation or breach~~ protect the integrity and confidentiality of ~~any Data Protection Requirements~~Personal Data; (ii) ~~require~~ protect against reasonably anticipated threats or hazards to the ~~consent~~ security of ~~or provision of notice to any Person concerning such Person’s~~ Personal ~~Information~~Data; (iii) ~~give rise to any right~~ protect against the unauthorized access, disclosure or use of ~~termination or other right to impair or limit Buyer’s rights to own~~ Personal Data; (iv) address computer and ~~Process any Personal Information used in or necessary~~ network security; and (v) provide for the ~~operation~~ secure destruction and disposal of Personal Data. The Security Program has been updated as required by all applicable Information Privacy and Security Laws. All third-party vendors or persons with access to Personal Data have entered into contracts or written agreements with the Company requiring that such vendors or persons maintain a substantially similar security program. (i) The Company is in material compliance with all applicable Information Privacy and Security Laws regarding the Collection and Use of the Personal Data of any individual. (j) The Company controls the access to its computer and information technology networks through the utilization of industry-standard or better security measures that are designed to prevent unauthorized access to such networks. All of the Company’s ~~businesses;~~ security measures are designed to be materially consistent with or exceed industry standards and the requirements of applicable Laws and are designed to (ivA) ~~otherwise prohibit~~ prevent the ~~transfer~~ unauthorized disclosure of confidential information (including Personal ~~Information~~ Data) of the Company’s customers, (B) prevent access without express authorization (and immediately terminate such unauthorized access) to ~~Buyer~~the networks and information system of the Company’s customers through the networks of the Company and (C) facilitate the Company’s identification of the person making or attempting to make such unauthorized access.

Appears in 1 contract

Sources: Merger Agreement (Invitae Corp)

Privacy and Data Security. (a) The ~~Company complies with,~~ Group Companies are and ~~has~~ have at all times ~~during~~ since the ~~past five~~ Look Back Date been in compliance in all material respects with all applicable Data Security Requirements. To the extent required by Data Security Requirements, each of the Group Companies display a privacy policy on each website and mobile application owned, controlled or operated by the Group Companies and such privacy policy complies in all material respects with the Data Security Requirements. (5b) ~~years complied with~~Since the Look-Back Date, none of the Group Companies has received any written notices from any Governmental Entity and, to the Company’s knowledge, no audit or investigation has been conducted by any Governmental Entity against any Group Company, in each case, alleging any violation of any Data Security Requirements by any Group Company. (c) The Group Companies have implemented and at all times since the Look Back Date maintained commercially reasonable security, monitoring and detection measures and capabilities that comply with all applicable Data Security Requirements and that are consistent with standards prudent in the industry in which the Group Companies operate to protect the Personal Data and Company Systems against data security incidents, personal data breaches, ransomware incidents, or any other instance of unauthorized access, unauthorized disclosure and unauthorized use of Company Systems or data (collectively, “Security Incidents”). Since the Look Back Date, there have been no Security Incidents related to any Company Systems, Personal Data, or data in the custody or control of the Group Companies or, to the knowledge of the Company, any service provider acting on behalf of any of the Group Companies, nor have any such Security Incidents occurred or been threatened in writing. Since the Look Back Date, there have not been any Actions related to Security Incidents, and there are no facts or circumstances which could reasonably serve as the basis for any such Actions. Each Group Company provides its employees with regular training on privacy and data security matters. (d) Since the Look Back Date, each Group Company has: (i) ~~all Privacy Laws~~regularly conducted and regularly conducts vulnerability testing, risk assessments, and external audits of, and tracks Security Incidents related to, the Company Systems (collectively, “Information Security Reviews”); (ii) ~~all Privacy Policies applicable to the Company,~~ timely corrected any material exceptions or vulnerabilities identified in such Information Security Reviews; and (iii) ~~all contractual commitments, including any terms of use, that the Company has entered into with respect~~ timely installed software security patches and other fixes to ~~the Processing of Personal Information~~ identified technical information security vulnerabilities. (~~collectively, the “Data Protection Requirements”).~~ e) The Company ~~has made available true, complete~~Systems are adequate for, and ~~correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information,~~ operate and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs perform in all material respects in accordance with their documentation and functional specifications and otherwise as required in connection with the operation of the business of the Group Companies as previously conducted and as currently ~~required~~ conducted. The Company Systems have not malfunctioned or failed at any time since the Look Back Date in a manner that resulted in significant or chronic disruptions to ~~operate~~ the ~~Company’s~~ operation of the business of the Group Companies. The Company Systems do not contain any computer code designed to disrupt, disable or harm in any manner the operation of any software or hardware. Except as would not be material to the Group Companies, taken as a whole, none of the Company Systems contains any unauthorized feature (including any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine) that causes the software or any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time, or upon command by any Person. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has Group Companies’ have implemented commercially reasonable backup, ~~security,~~ security and disaster recovery technology ~~designed to be~~ consistent with ~~applicable regulatory standards. The Company maintains insurance coverage containing~~ industry ~~standard policy terms and limits that are reasonable to respond~~ practices. (f) Except as would not be material to the ~~risk of liability relating to any unauthorized Processing of Personal Information~~Group Companies, taken as a ~~security incident~~whole, in connection with each third-party servicing, outsourcing, processing, or ~~any violation~~ otherwise using Personal Data collected, held, or processed by or on behalf of each Group Company, each such Group Company has in accordance with applicable Data ~~Protection Requirements~~Security Requirements entered into valid, binding, and ~~no claims have been made under~~ enforceable written data processing agreements with any such ~~insurance policy(ies).~~ third party in accordance with the Data Security Requirements. (g) The ~~execution, delivery, and performance~~ consummation of ~~this Agreement and~~ any of the transactions contemplated hereby do or thereby, will not ~~and will not:~~ violate in any material respect any applicable Data Security Requirements. (ih) ~~conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require~~ Since the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit Look-Back Date, no Group Company has transferred, directed and/or authorized the transfer of any Personal ~~Information to Buyer~~Data across any national borders except in compliance with all applicable Data Security Requirements.

Appears in 1 contract

Sources: Stock Purchase Agreement (Rocket Lab Corp)

Privacy and Data Security. (a) For the past four (4) years, Seller, to the extent Related to the Business, has been in and is in now compliance in all material respects with all Privacy and Security Requirements and does not engage in any undisclosed collection of Personal Information on its website. The ~~Company complies with~~execution of this Agreement and the consummation of the transactions hereunder will not violate any Privacy and Data Security Requirements in any material respects. (b) For the past four (4) years, Seller, to the extent Related to the Business, has not experienced any Security Breaches, and ~~has at all times during~~ the Seller is not aware of any notices or complaints from any Person regarding a Security Breach. For the past ~~five~~ four (54) ~~years complied with: (i) all Privacy Laws~~years, ~~(ii) all Privacy Policies applicable~~ Seller, to the ~~Company~~extent Related to the Business, ~~and~~ has not received any notices or complaints from any Person (~~iii) all contractual commitments,~~ including any ~~terms~~ Governmental Authority) regarding the unauthorized Processing of ~~use~~Protected Data or non-compliance with applicable Privacy and Security Requirements. For the past four (4) years, ~~that~~ Seller, to the ~~Company~~ extent Related to the Business, has ~~entered into~~ complied with ~~respect~~ all individual rights requests relating to the Processing of Personal Information ~~(collectively, the “Data Protection Requirements”)~~under applicable Law. The ~~Company~~ Seller has ~~made available true~~the rights in all material respects to Personal Information to grant the rights and transfers thereof pursuant to this Agreement and the consummation of the transaction hereunder. (c) Seller, ~~complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior~~ to the ~~collection of any Personal Information~~extent Related to the Business, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and ~~at all times during the past five (5) years maintained, and~~ has required all ~~Data Partners~~ third parties that receive Personal Information from or on behalf of Business to ~~implement~~ implement, reasonable physical, technical and ~~maintain, at a minimum,~~ administrative safeguards consistent with industry ~~standard security measures, plans, procedures, controls, and programs, including a written information security program,~~ standards that are designed to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have Protected Data from unauthorized access ~~to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws~~by any Person. Except as ~~set forth~~ described in ~~Schedule 4.24~~Seller’s privacy policy, ~~during~~ Seller, to the ~~past five (5) years~~extent Related to the Business, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not ~~contain any worms~~engage in the sale, ~~viruses~~as defined by applicable Law, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer.

Appears in 1 contract

Sources: Asset Purchase and Sale Agreement (Pathward Financial, Inc.)

Privacy and Data Security. ~~The~~ (a) Except as set forth in Schedule 3.31(a), Company ~~complies with~~has a privacy policy regarding the collection, use, disclosure, interception, storage, receipt, purchase, sale, transfer, processing and protection of personal information in its possession, custody or control, or otherwise held or processed on its behalf, and is and has at been in all times during the past five (5) years complied with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to the Company, and (iii) all contractual commitments, including any terms of use, that the Company has entered into material respects compliance with ~~respect to the Processing of Personal Information (collectively, the “Data Protection Requirements”)~~such privacy policy. ~~The~~ Company has made available ~~true, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy~~ to ~~individuals prior to the collection of~~ Buyer any ~~Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including~~ privacy policies maintained by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule ~~4.24~~3.21(a), ~~during~~ Company has in the past ~~five~~ three (53) years posted a privacy policy in a clear and conspicuous location on all websites and any mobile applications owned or operated by Company in the United States of America. (b) In the past three (3) years, ~~the~~ Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs complied at all times in all material respects with all Legal Requirements regarding the collection, use, disclosure, interception, storage, receipt, purchase, sale, transfer, processing and protection of personal information. Except as ~~currently required~~ set forth in Schedule 3.31(a),Company has taken commercially reasonable efforts to ~~operate~~ implement safeguards designed to protect the confidentiality and security of any systems, software, databases, networks and websites utilized by on or behalf of the Company in connection with the conduct of its operations and any information stored or contained therein or transmitted thereby from unauthorized or improper access, and to the Knowledge of the Seller Parties, there has been no unauthorized or improper access to any of the foregoing. Company is in compliance and has in the past three (3) years complied in all material respects with all requirements contained in the Payment Card Industry Data Security standards relating to “cardholder data” (as such term is defined therein) with respect to all such cardholder data that has come into its possession. (c) Company has in all material respects complied at all times with the terms of all contracts to which Company is a party relating to data privacy, security or breach notification (including provisions that impose conditions or restrictions on the collection, use, disclosure, transmission, destruction, maintenance, storage or safeguarding of personal information). (d) No Person (including any Governmental Authority) has commenced any Proceeding relating to Company’s ~~business taken as a whole. The Information Technology does not contain any worms~~information privacy or data security practices, ~~viruses~~including with respect to the access, ~~bugs~~ disclosure or ~~other embedded faults~~ use of personal information maintained by or ~~other malicious devices that could adversely impact~~ on behalf of Company, or, to the ~~functionality~~ Knowledge of the ~~Information Technology. The Company has implemented backup~~Seller Parties, ~~security~~threatened any such Proceeding or made any complaint, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability investigation or inquiry relating to ~~any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under~~ such ~~insurance policy(ies).~~ practices. (e) The execution, ~~delivery,~~ delivery and performance of this Agreement and the ~~transactions contemplated hereby do~~ consummation of the Transactions will not ~~and will not: (i) conflict with~~ violate any Legal Requirement relating to the privacy of information or ~~result in a violation or breach~~ the privacy policy of ~~any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination~~ Company as it currently exists or other ~~right to impair~~ privacy and data security requirements imposed on Company or ~~limit Buyer’s rights to own and Process~~ any ~~Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer~~party acting on its behalf under any Company Contracts.

Appears in 1 contract

Sources: Asset Purchase Agreement (RiceBran Technologies)

Privacy and Data Security. (a) The Company ~~complies with,~~ is in material compliance with and has at all times ~~during~~ materially complied with all Privacy Laws and the ~~past five~~ Company’s internal privacy policies. (5b) ~~years complied with:~~ With respect to all Personal Information and user data gathered or accessed in the course of the operation of the Business, the Company has at all times taken all reasonable measures to ensure that such data is protected against loss and unauthorized access, use, modification, disclosure or other misuse, including by implementing, maintaining and executing, as necessary, a security plan that is designed to (i) ~~all Privacy Laws~~identify, mitigate and resolve internal and external risks to the security of any proprietary or confidential information in its possession, including Personal Information, (ii) ~~all Privacy Policies applicable~~ implement and monitor adequate and effective administrative, technical and physical safeguards to ~~the Company,~~ control those risks and (iii) ~~all contractual commitments~~maintain notification procedures in compliance with applicable Laws in the case of any breach of security compromising unencrypted data containing Personal Information. Except as set forth on Section 2.21(b) of the Disclosure Schedule, ~~including any terms of use, that the Company~~ no Person has ~~entered into with respect~~ gained unauthorized access to ~~the~~ or engaged in unauthorized Processing of Personal Information in the custody or control of the Company or any databases, computers, servers, storage media (~~collectively~~e.g., backup tapes), network devices, or other devices or systems of the ~~“Data Protection Requirements”).~~ Company or the Business that Processes Personal Information. (c) The Company has ~~made available true~~in place reasonable security measures, ~~complete~~controls, technologies, polices and ~~correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy~~ safeguards designed to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process protect Personal Information. The Company has ~~valid~~ all necessary authority, consents and ~~enforceable agreements~~ authorizations to Process the Personal Information in ~~place~~ its possession or under their control in connection with ~~all Data Partners that comply~~ the operation of its business. To the Knowledge of any of the Sellers, none of the Personal Information in the possession, custody or control of the Company, or otherwise used or disclosed by the Company, has been provided to the Company by a third party in violation of applicable Law, including Privacy Laws or in a manner inconsistent with ~~applicable Data Protection Requirements~~such third party’s own privacy policies. The Company has ~~implemented~~taken all commercially reasonable steps necessary to confirm that each third party that provides it with Personal Information has and will provide such Personal Information in accordance with applicable Laws (including Privacy Laws), contracts or other terms to which the Company bound and at that those third parties have all ~~times during~~ necessary authority, consents and other rights to provide such Personal Information to the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain Company. Without limiting the ~~security~~ generality of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) yearsforegoing, the Company has ~~not suffered~~ conducted diligence on all third parties that provide Personal Information to the Company regarding such third parties’ data collection methods and data sharing practices as necessary to ensure such collection and sharing complies with all applicable Laws (including Privacy Laws), contracts or other terms to which the Company is bound. (d) There is no, and never has been, any ~~material business disruptions~~Action pending or, ~~material loss~~ to the any of ~~data~~the Seller’s Knowledge, threatened against the Company with respect to the Company’s privacy or ~~material~~ data protection practices, including alleging a violation of any Person’s data privacy, data protection or data security ~~breach~~ rights, nor has there been any court order affecting the Company’s use, disclosure or other Processing of any Personal Information. To the Knowledge of any of the Sellers, there are no facts or circumstances that ~~required~~ constitute a reasonable basis for such proceeding relating to privacy or ~~still requires notification to any supervisory authority~~data protection. The Company has not received any ~~material complaints, notifications~~communications from, or ~~allegations~~ to the Knowledge of ~~breach of Privacy Laws from~~ any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the ~~Information Technology.~~ Sellers, has been the subject of any investigation by, the Federal Trade Commission, a data protection authority or any other Governmental Entity regarding its Processing of any Personal Information. (e) The ~~Company has implemented backup, security~~conduct and operation of the Business currently materially complies, and ~~disaster recovery technology designed to be consistent~~ at all times has materially complied, with all applicable ~~regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond~~ laws relating to the ~~risk~~ transmission of ~~liability relating to any unauthorized Processing of Personal Information~~unsolicited commercial emails, ~~a security incident~~phone calls, faxes and mail and marketing campaigns. No solicitation, statement, disclosure, or marketing, promotional or advertising material included in any email marketing campaigns or mail marketing campaigns initiated by the Company have been materially inaccurate, misleading, or deceptive, or in violation of ~~Data Protection Requirements, and no claims have been made under such insurance policy(ies)~~any Privacy Law. The execution, delivery, performance and ~~performance~~ consummation of ~~this Agreement~~ the Transactions (including the Processing of Personally Identifiable Information in connection therewith complies with all Privacy Laws and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s ~~businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer~~applicable privacy notices and policies.

Appears in 1 contract

Sources: Membership Interest Purchase Agreement (Alj Regional Holdings Inc)

Privacy and Data Security. (a) The Company ~~complies with~~is and has been in compliance in all material respects with all Data Security Requirements and, ~~and~~ to the Knowledge of the Company, no facts or circumstances exist that could reasonably be expected to give rise to any material breach of any Data Security Requirements. (b) The Company has at all times ~~during the past five (5) years~~ complied in all material respects with: (i) all ~~Privacy Laws~~applicable privacy policies of the Company, (ii) all applicable Data Privacy ~~Policies applicable to the Company~~Laws, and (iii) all applicable contractual ~~commitments, including any terms~~ commitments of ~~use,~~ the Company that the Company has entered into with respect to the ~~Processing~~ receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure or transfer of ~~Personal Information (collectively,~~ Business Data by the ~~“Data Protection Requirements”). The Company has made available true, complete, and correct copies of all Privacy Policies~~Company. The Company has at all ~~relevant~~ times ~~presented a Privacy Policy to individuals prior~~ provided an accurate and complete disclosure with respect to the ~~collection~~ applicable privacy policies and privacy and data security practices of ~~any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive~~ the Company. (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”c) ~~before allowing them to access, receive or Process Personal Information.~~ The Company has ~~valid and enforceable agreements~~ not made any use of Business Data collected by or on behalf of the Company in ~~place with all~~ violation of Data ~~Partners that comply with applicable Data Protection~~ Security Requirements~~. The Company has implemented~~, ~~and at all times during~~ and, to the ~~past~~ Knowledge of the Company, in the last five (5) years ~~maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written~~ there have been no data breaches or other information security incident (including any unauthorized access and/or introduction of any virus, worm, malware, ▇▇▇▇▇▇ ▇▇▇▇, Trojan horse or other unauthorized disabling code or program~~, to protect and maintain the security~~ ) involving any Business Data handled by or on behalf of the Company~~’s Computer Systems~~ . (d) The Company contractually requires all third parties, including vendors, Affiliates and other Persons providing services to the Company who have access to or receive Business Data from the Company, to comply with all applicable Data Security Requirements regarding the use of such Business Data, and to use commercially reasonable efforts consistent with applicable Data Security Requirements to store and secure all Business Data to protect against unauthorized access to or use of the Business Data. ~~Such~~ The Company has taken reasonable measures ~~include technical and organizational measures~~ designed to ensure that ~~only authorized employees or agents~~ all such third-party service providers, outsourcers and processors of such Business Data have complied with their obligations to the ~~Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five~~ Company. (5e) ~~years, the~~ The Company has not ~~suffered~~ previously been and is not currently under investigation by any ~~material business disruptions~~Governmental Authority regarding its protection, ~~material loss~~ storage, collection, use, disclosure, processing and transfer of ~~data, or material security breach that required or still requires notification to any supervisory authority~~Personal Information. The Company has not received any ~~material complaints~~oral, ~~notifications~~written or other claim, complaint, inquiry or ~~allegations of breach of Privacy Laws~~ notice from any ~~supervisory authority The Information Technology operates and performs in all material respects as currently required~~ Governmental Authority or any other Person related to ~~operate~~ whether the Company’s ~~business taken as a whole. The Information Technology does not contain any worms~~collection, ~~viruses~~processing, ~~bugs or other embedded faults or other malicious devices that could adversely impact the functionality~~ use, storage, security and/or disclosure of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any Business Data (i) is in violation of any applicable Data ~~Protection Requirements~~Security Requirements or (ii) otherwise constitutes an unfair, ~~and no claims have been made under such insurance policy(ies).~~ deceptive or misleading trade practice. (f) The execution, ~~delivery,~~ delivery and performance of this Agreement and the consummation of the transactions contemplated hereby ~~do not and will not:~~ complies with all Data Security Requirements applicable to the Company. (g) The Company owns or has a valid right to access and/or use all Company IT Systems. There has been no (i) ~~conflict~~ failure or systematic malfunction of any Company IT Systems which has caused any material disruption to the business of the Company, (ii) material unplanned downtime or service interruption with respect to any Company IT Systems, (iii) security breach or intrusion into the Company IT Systems or unauthorized access or use of the Company IT Systems or Business Data, (iv) actual or reasonably suspected unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration or use of the Company IT Systems or any Business Data, or (v) action or circumstance requiring the Company to notify a Governmental Authority of a data security breach or violation of any Data Security Requirements. The Company has not received written notice of any vulnerability in the Company IT Systems that could reasonably be expected to compromise any of the Company IT Systems or Business Data or result in ~~a violation~~ the loss of availability and/or integrity of the Company IT Systems or ~~breach~~ Business Data. The Company has implemented firewall protections, implemented virus scans and has taken all steps in accordance with industry standards designed to protect the integrity and security of the Company IT Systems and the information stored therein (including all Business Data and Intellectual Property owned, collected, protected or maintained by the Company) from misuse or unauthorized use, access, disclosure or modification by any Person and to ensure the continued, uninterrupted and error-free operation of the Company IT Systems. The Company has in effect industry standard disaster recovery plans and procedures in the event of any ~~Data Protection Requirements; (ii) require the consent~~ malfunction of or ~~provision of notice~~ unauthorized access to any ~~Person concerning such Person’s Personal Information;~~ Company IT Systems. The Company IT Systems (~~iii~~i) ~~give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary~~ are adequate for the operation of ~~all~~ the business of the Company as currently conducted, and (ii) with respect to the Company IT Systems owned by the Company or under the Company’s ~~businesses;~~ control, perform in material conformance with their documentation and are free from any material defect. The consummation of the transactions contemplated hereby will not result in any material liabilities or ~~(iv) otherwise prohibit~~ obligations in connection with any Data Security Requirements or impair any right, title or interest of the ~~transfer of Personal Information~~ Company in or to ~~Buyer~~any Company IT Systems or Business Data.

Appears in 1 contract

Sources: Equity Purchase Agreement (Freedom Holdings, Inc.)

Privacy and Data Security. (a) The Company Group complies ~~with,~~ and ~~has at all times~~ during the past ~~five~~ two (52) years has complied ~~with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to the Company, and (iii)~~ with all contractual ~~commitments, including any terms of use,~~ commitments that ~~the~~ each Company Entity has entered into with respect to the ~~Processing~~ processing of Personal Information (collectively, the “Privacy Commitments”). (b) Where required by Data Protection ~~Requirements”). The Company has made available true~~Laws, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company ~~(collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company~~ Group has ~~valid and enforceable agreements in place with~~ contractually obligated all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents process Personal Information on behalf of the Company Group to contractual terms relating to the protection and use of Personal Information. (c) The Company Group’s Employees who at the direction of the Company Group have access to Personal ~~Information~~Information in the performance of their job duties for the Company Group have received training regarding information security that is relevant to each Employee’s, contractor’s or personnel’s responsibility within, or services provided to the Company Group, and ~~that~~ such Employees, contractors, or personnel’s access to Personal ~~Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during~~ Information. (d) To the ~~past five (5) years~~Selling Parties’ Knowledge or Company’s Knowledge, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this ~~Agreement~~ Agreement, each other Transaction Document and the ~~transactions contemplated hereby~~ Transactions do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businessesPrivacy Commitments; or (ivii) otherwise prohibit the transfer of Personal Information to ~~Buyer~~Buyer or any of its Affiliates. (e) Each Company Entity has implemented and at all times during the past five (5) years maintained reasonable and appropriate security measures, plans, procedures, controls, and programs, designed to protect and maintain the security of any Personal Information and to protect such Personal Information against any accidental, unlawful or unauthorized access, use, loss, alteration, destruction, compromise, or other unauthorized disclosure of, or access to Personal Information (a “Security Incident”). None of the Company Entities has experienced any Security Incidents in the past three (3) years that has resulted in any Company Entity being required pursuant to any Privacy Commitment to notify customers, consumers, Employees, Governmental Authority, or any other Person of any Security Incident. In the past two (2) years, no Company Entity has been the subject of any inquiry, investigation, enforcement action or other Litigation of or by any Governmental Authority or other Person with respect to compliance with any Data Protection Law; or received any notice, request, claim, complaint, correspondence or other communication from any Governmental Authority or other Person relating to any Security Incident or violation of any Privacy Commitments. (f) Each Company Entity maintains insurance coverage concerning liability relating to any unauthorized processing of Personal Information, any Security Incident or any violation of the Privacy Commitments, and in the past three (3) years no claims have been made under such insurance policy.

Appears in 1 contract

Sources: Sale and Purchase Agreement (Federated Hermes, Inc.)

Privacy and Data Security. (a) The use and dissemination by the Company ~~complies with, and has at~~ of any Personal Data is in compliance in all ~~times during the past five (5) years complied with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to~~ material respects with the Company, ’s privacy policies and ~~(iii) all contractual commitments, including any~~ terms of use, ~~that the Company has entered into with respect to the Processing of~~ industry standards, all applicable Information Privacy and Security Laws, Personal ~~Information (collectively, the “~~Data Protection Requirements”). The Company has made available true, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal InformationObligations, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for Contracts to which the Company ~~(collectively, “~~is bound. No Personal Data ~~Partners”) before allowing them to access, receive~~ is stored or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during otherwise maintained outside the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of United States by the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered or any ~~material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority~~third party. The Company has not ~~received~~ engaged in cross-border processing of Personal Data. True and complete copies of all privacy policies that have been used by the Company in the past three (3) years have been provided to Parent. The Company has consistently posted a privacy policy in a clear and conspicuous location on all websites and any ~~material complaints, notifications,~~ mobile applications owned or ~~allegations of breach of Privacy Laws~~ operated by the Company. (b) The Company does not Collect or Use Personal Data from any ~~supervisory authority~~ Person in any manner other than as described in the Contracts or, to the extent applicable, any privacy policies delivered to Parent. (c) The Company maintains policies and procedures regarding data security and privacy and maintains administrative, technical and physical safeguards that are commercially reasonable and, in any event, in compliance with industry standards, all applicable Information ~~Technology operates~~ and ~~performs~~ Privacy and Security Laws and all Contracts to which the Company is bound. True and complete copies of all such policies and procedures have been provided to Parent. The Company has complied at all times in all material respects with the terms of all Contracts to which the Company is a party relating to data privacy, security or breach notification (including provisions that impose conditions or restrictions on the collection, use, disclosure, transmission, destruction, maintenance, storage, or safeguarding of Personal Data). (d) Except as ~~currently required to operate~~ set forth on Schedule 3.15.7(d), at any time during the three (3)-year period preceding the Agreement Date, there have been no security breaches relating to, or violations of any security policy or Information Privacy and Security Law regarding, or any unauthorized access, disclosure, or use of, any data or information used by the Company~~’s business taken as~~ , including Personal Data. No notice has been provided to the Company by a ~~whole. The Information Technology does not contain~~ third party vendor or any ~~worms, viruses, bugs or~~ other ~~embedded faults or other malicious devices that could adversely impact the functionality~~ person of ~~the Information Technology~~any security breach relating to Personal Data. The Company has ~~implemented backup~~not experienced a loss or unauthorized disclosure, ~~security~~use, ~~and disaster recovery technology designed~~ or breach of privacy or security of any Personal Data in the custody or control of the Company that would have required notice to ~~be consistent with~~ any third Person (including any Governmental Entity or parties to any Contract) under any applicable ~~regulatory standards~~Law. No Person (including any Governmental Authority) has commenced any Action relating to the Company’s information privacy or data security practices, or to the Knowledge of the Company, threatened any such Action or made any complaint, investigation, or inquiry relating to such practices. (e) The Company ~~maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to~~ does not (i) have or solicit any customers in the ~~risk of liability relating to any unauthorized Processing of Personal Information, a security incident~~European Economic Area, or (ii) knowingly process, transmit, or store any ~~violation~~ Personal Data of any Persons located in the European Economic Area. (f) The Company has taken all required steps to limit access to Personal Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will notto: (i) ~~conflict~~ those Company personnel and third-party vendors providing services to or on behalf of the Company who have a need to know such Personal Data in the execution of their duties to the Company; and (ii) such other Persons permitted to access such Personal Data in accordance with ~~or result~~ the privacy policies and terms of use, industry standards, all applicable Information Privacy and Security Laws and all Contracts to which the Company is bound. (g) The Company maintains a commercially reasonable written technical information security program that contains administrative, technical and physical safeguards (including encryption) compliant in ~~a violation or breach~~ all material respects with industry standards and applicable Information Privacy and Security Laws (the “Security Program”). The Company’s Security Program is designed to: (i) protect the integrity and confidentiality of ~~any Data Protection Requirements~~Personal Data; (ii) ~~require~~ protect against reasonably anticipated threats or hazards to the ~~consent~~ security of ~~or provision of notice to any Person concerning such Person’s~~ Personal ~~Information~~Data; (iii) ~~give rise to any right~~ protect against the unauthorized access, disclosure or use of ~~termination or other right to impair or limit Buyer’s rights to own~~ Personal Data; (iv) address computer and ~~Process any Personal Information used in or necessary~~ network security; and (v) provide for the ~~operation~~ secure destruction and disposal of Personal Data. The Security Program has been updated as required by all applicable Information Privacy and Security Laws. All third-party vendors or persons with access to Personal Data have entered into contracts or written agreements with the Company requiring that such vendors or persons maintain a substantially similar security program. (h) The Company is in material compliance with all applicable Information Privacy and Security Laws regarding the Collection and Use of the Personal Data of any individual. (i) The Company controls the access to its computer and information technology networks through the utilization of industry-standard or better security measures that are designed to prevent unauthorized access to such networks. All of the Company’s ~~businesses;~~ security measures are designed to be materially consistent with or exceed industry standards and the requirements of applicable Laws and are designed to (ivi) ~~otherwise prohibit~~ prevent the ~~transfer~~ unauthorized disclosure of confidential information (including Personal ~~Information~~ Data) of the Company’s customers, (ii) prevent access without express authorization (and immediately terminate such unauthorized access) to ~~Buyer~~the networks and information system of the Company’s customers through the networks of the Company and (iii) facilitate the Company’s identification of the person making or attempting to make such unauthorized access.

Appears in 1 contract

Sources: Merger Agreement (Invitae Corp)

Privacy and Data Security. ~~The Company complies with~~(a) Each Group Company, including such Group Company’s Processing of Personal Information, including in connection with the Transactions, complies, and since January 1, 2015, has complied, in all material respects with (i) Applicable Privacy and Security Laws; and (ii) privacy and information security obligations to which it is subject under Contract or privacy policies, applicable terms of use, or any other disclosures or statements posted to websites, applications, facilities, or other media maintained or published by the Company (collectively, “Privacy Policies”). Upon Closing, each Group Company will own and/or continue to have the right to disclose and use all Personal Information that it (A) owned immediately prior to Closing and/or (B) used prior to Closing and had access to as of Closing, in each case on substantially identical terms and conditions as such Group Company enjoyed prior to Closing. (b) No Group Company has received any written notice or any other communication from any Governmental Authority or other party (i) alleging any non-compliance with Applicable Privacy and Security Laws or (ii) notifying such Group Company that a Group Company is under investigation for a violation of any of the Applicable Privacy and Security Laws or otherwise relating to any Group Company’s use of Personal Information. There are no circumstances as of the date hereof that may reasonably give rise to any such notices or communications. (c) All material information technology or computer systems that are used in or necessary for the conduct of the business of any of the Group Companies, including Software, firmware, hardware, equipment, databases, networks, interfaces, process automation, telecommunications systems and infrastructure, and related systems (collectively, the “Business Systems”) perform sufficiently for the needs of the Group Companies’ businesses as currently conducted. There have been no material parts of the Business Systems prone to material malfunction or error for which the Group Companies have not addressed and remediated any such malfunction or error according to standard industry practices. The Group Companies have safeguarded their Business Systems and Company Data with commercially reasonable information security controls, including at ~~all times during~~ a minimum any controls required by Contracts, Privacy Policies, or Applicable Privacy and Security Laws. The Group Companies maintain and comply with commercially reasonable security, disaster recovery, and business continuity plans and procedures and have taken commercially reasonable measures to protect the security and integrity of the Business Systems, Company Software, Company Data, other data stored or contained therein or transmitted thereby, and, to the extent required by any applicable Contract or Applicable Privacy and Security Laws, Customer Data. (d) Except as set forth on Section 3.22(d) of the Company Disclosure Schedule, to the Knowledge of the Company, since August 1, 2016, no Group Company has suffered any Information Security Incident that (i) involved the unauthorized access to Business Systems or Company Data; or (ii) would require under Applicable Privacy and Security Laws that such Group Company notify any Governmental Authority or individuals or whose information was compromised in such Information Security Incident. (e) In the shorter of (i) each of the past five (5) years ~~complied with: (i) all Privacy Laws,~~ or (ii) ~~all Privacy Policies~~ since the Company’s acquisition of the applicable Group Company, each Group Company has, to the Knowledge of the Company, performed a security risk assessment and ~~(iii)~~ has either addressed and remediated all ~~contractual commitments, including any terms~~ material threats and deficiencies or has a plan for remediation of ~~use, that the Company has entered into with respect to the Processing of Personal Information (collectively, the “Data Protection Requirements”)~~all material threats and deficiencies identified in those security risk assessments. The ~~Company has made available true~~Group Companies have documented, ~~complete~~investigated, contained, and ~~correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy~~ remediated each identified Information Security Incident related to ~~individuals prior to the collection of~~ any ~~Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading~~ Business Systems or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person’s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer’s rights to own and Process any Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer.

Appears in 1 contract

Sources: Merger Agreement (Kbr, Inc.)

Privacy and Data Security. (a) The ~~Company complies with~~Seller Parties and their Affiliates (with respect to the Business) are, and ~~has at all times~~ have been during the past ~~five~~ three (53) ~~years complied with:~~ years, in compliance in all material respects with (i) applicable Law relating to the rights of any Person with respect to Personal Information, including the Processing of Personal Information and all applicable industry standards related to the same (collectively, “Privacy ~~Laws~~Law”), (ii) ~~all Privacy Policies~~ any consents and privacy choices, including opt-in or opt-out preferences (such as with respect to direct marketing activities and the initiation, transmission, monitoring, Purchase Agreement interception, recording or receipt of communications) and rights requests, of natural Persons relating to Personal Information, and any obligations contained in any applicable external data privacy and security policies to which a Seller Party (with respect to the ~~Company, and (iii~~Business) ~~all contractual commitments, including any terms of use, that the~~ or Acquired Company ~~has entered into~~ is bound with respect to the Processing of Personal Information (together, “Company Privacy Commitments”), and (iii) any contractual commitment made by any Seller Party or its Affiliates (with respect to the Business) that is applicable to such Personal Information (each, a “Company Data Agreement”) ((i)-(iii), collectively, ~~the~~ “Data Protection ~~Requirements~~Obligations”). The ~~Company has made available true, complete,~~ Seller Parties and ~~correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior~~ their Affiliates (with respect to the ~~collection of any Personal Information,~~ Business) have provided appropriate notice and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or obtained consents necessary for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal ~~Information, a security incident, or any violation of~~ Information to the extent required under Data Protection ~~Requirements, and no claims have been made under such insurance policy(ies)~~Obligations. ~~The~~ Neither the execution, delivery, and performance of ~~this Agreement and~~ any Transaction Document or the consummation of the transactions contemplated ~~hereby do not and~~ thereby will ~~not: (i) conflict with~~ cause, constitute, or result in a breach or violation ~~or breach~~ of any Data Protection ~~Requirements;~~ Obligation. Copies of all current public facing privacy policies used by the Business relating to the Processing of Personal Information by the Business have been made available to Buyers and such copies are accurate and complete. (iib) Except as set forth on Schedule 2.10(b), in the last three (3) years, no claims have been asserted or threatened in writing with respect to the Processing of Personal Information in connection with the Business or otherwise by any Acquired Company. (c) In the last three (3) years, no breach or security incident of a nature that would require ~~the consent of or provision of~~ notice to any Person ~~concerning such Person’s Personal Information; (iii) give rise~~ or Governmental Body under Data Protection Obligations in relation to any ~~right~~ information or data Processed by or on behalf of ~~termination~~ any Seller Party or any of its Affiliates (in connection with the Business) has occurred or, to the Seller Parties’ Knowledge, is threatened. (d) In the last three (3) years, neither any Seller Party nor any of its Affiliates (in connection with the Business) has received in writing any claim, notice or allegation from a Governmental Body or any other ~~right to impair~~ Person alleging or ~~limit Buyer’s rights to own and Process~~ confirming non-compliance with a relevant requirement of any ~~Personal Information used in or necessary for the operation of all the Company’s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer~~Data Protection Obligation.

Appears in 1 contract

Sources: Purchase Agreement (Wolverine World Wide Inc /De/)

Common use of Privacy and Data Security Clause in Contracts