{"component": "clause", "props": {"groups": [{"snippet_links": [{"key": "the-company-and-its-subsidiaries", "type": "clause", "offset": [34, 66]}, {"key": "compliance-with-privacy-laws", "type": "clause", "offset": [80, 108]}, {"key": "in-all-material-respects", "type": "definition", "offset": [114, 138]}, {"key": "other-persons", "type": "definition", "offset": [224, 237]}, {"key": "relating-to", "type": "definition", "offset": [238, 249]}, {"key": "written-policies", "type": "definition", "offset": [284, 300]}, {"key": "public-statements", "type": "definition", "offset": [302, 319]}, {"key": "public-representations", "type": "clause", "offset": [330, 352]}, {"key": "the-processing-of-personal-data", "type": "clause", "offset": [365, 396]}, {"key": "inclusive-of", "type": "clause", "offset": [398, 410]}, {"key": "disclosures-required", "type": "clause", "offset": [415, 435]}, {"key": "applicable-privacy-laws", "type": "definition", "offset": [439, 462]}, {"key": "privacy-and-data-security-policies", "type": "definition", "offset": [465, 499]}, {"key": "privacy-commitments", "type": "definition", "offset": [554, 573]}, {"key": "the-execution", "type": "clause", "offset": [577, 590]}, {"key": "performance-by-the-company", "type": "clause", "offset": [605, 631]}, {"key": "agreement-to", "type": "clause", "offset": [640, 652]}, {"key": "a-party", "type": "clause", "offset": [685, 692]}, {"key": "contemplated-hereby-or-thereby", "type": "clause", "offset": [735, 765]}, {"key": "directly-or-indirectly", "type": "clause", "offset": [799, 821]}, {"key": "materially-adverse", "type": "definition", "offset": [886, 904]}, {"key": "to-the-company", "type": "definition", "offset": [905, 919]}, {"key": "taken-as-a-whole", "type": "clause", "offset": [942, 958]}, {"key": "at-all-times", "type": "definition", "offset": [1038, 1050]}, {"key": "to-individuals", "type": "clause", "offset": [1086, 1100]}, {"key": "in-accordance-with", "type": "clause", "offset": [1101, 1119]}, {"key": "industry-practices", "type": "definition", "offset": [1131, 1149]}, {"key": "as-required-by", "type": "clause", "offset": [1154, 1168]}, {"key": "accurate-and-complete", "type": "clause", "offset": [1187, 1208]}, {"key": "not-misleading", "type": "clause", "offset": [1217, 1231]}, {"key": "with-respect-to", "type": "clause", "offset": [1319, 1334]}, {"key": "proceeding-pending", "type": "definition", "offset": [1551, 1569]}, {"key": "any-person", "type": "clause", "offset": [1679, 1689]}, {"key": "federal-trade-commission", "type": "definition", "offset": [1709, 1733]}, {"key": "state-attorney-general", "type": "definition", "offset": [1739, 1761]}, {"key": "state-official", "type": "definition", "offset": [1773, 1787]}, {"key": "governmental-authority", "type": "definition", "offset": [1804, 1826]}, {"key": "regulatory-entity", "type": "definition", "offset": [1880, 1897]}, {"key": "behalf-of-the-company", "type": "clause", "offset": [1954, 1975]}, {"key": "in-violation", "type": "definition", "offset": [2006, 2018]}, {"key": "the-basis", "type": "clause", "offset": [2165, 2174]}, {"key": "potential-violation", "type": "definition", "offset": [2202, 2221]}, {"key": "access-to", "type": "definition", "offset": [2319, 2328]}, {"key": "unauthorized-use", "type": "clause", "offset": [2333, 2349]}, {"key": "control-of-the-company", "type": "clause", "offset": [2415, 2437]}, {"key": "with-regard-to", "type": "clause", "offset": [2484, 2498]}, {"key": "security-incident", "type": "clause", "offset": [2581, 2598]}, {"key": "breaches-of-security", "type": "clause", "offset": [2653, 2673]}, {"key": "company-it-systems", "type": "definition", "offset": [2683, 2701]}, {"key": "theft-or-damage", "type": "clause", "offset": [2828, 2843]}, {"key": "each-case", "type": "definition", "offset": [2966, 2975]}, {"key": "company-material-adverse-effect", "type": "clause", "offset": [3029, 3060]}, {"key": "commercially-reasonable", "type": "definition", "offset": [3119, 3142]}, {"key": "technical-safeguards", "type": "definition", "offset": [3172, 3192]}, {"key": "processing-personal-data", "type": "definition", "offset": [3227, 3251]}, {"key": "security-of-personal-data", "type": "clause", "offset": [3319, 3344]}, {"key": "reasonable-steps", "type": "definition", "offset": [3397, 3413]}, {"key": "right-to-use", "type": "definition", "offset": [3530, 3542]}, {"key": "to-operate", "type": "definition", "offset": [3579, 3589]}, {"key": "the-business", "type": "clause", "offset": [3590, 3602]}, {"key": "good-working-condition", "type": "definition", "offset": [3802, 3824]}, {"key": "technology-operations", "type": "clause", "offset": [3864, 3885]}, {"key": "necessary-for", "type": "definition", "offset": [3886, 3899]}, {"key": "operation-of-businesses", "type": "clause", "offset": [3904, 3927]}, {"key": "ordinary-wear-and-tear", "type": "clause", "offset": [3976, 3998]}, {"key": "in-the-aggregate", "type": "definition", "offset": [4116, 4132]}, {"key": "substandard-performance", "type": "clause", "offset": [4291, 4314]}, {"key": "material-failure", "type": "definition", "offset": [4360, 4376]}, {"key": "in-the-ordinary-course-of-business", "type": "definition", "offset": [4486, 4520]}, {"key": "except-to-the-extent", "type": "clause", "offset": [4571, 4591]}], "samples": [{"hash": "cafNVc9YIHh", "uri": "/contracts/cafNVc9YIHh#privacy-and-data-security", "label": "Merger Agreement (Furneaux Carol)", "score": 34.4483222961, "published": true}, {"hash": "k2e33wQsjy3", "uri": "/contracts/k2e33wQsjy3#privacy-and-data-security", "label": "Merger Agreement (Lewis & Clark Ventures I, LP)", "score": 34.4318962097, "published": true}, {"hash": "iknWToae9MH", "uri": "/contracts/iknWToae9MH#privacy-and-data-security", "label": "Merger Agreement (Sagrera Ricardo A.)", "score": 34.4318962097, "published": true}], "size": 78, "snippet": "(a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (\u201cPrivacy and Data Security Policies,\u201d and together with Privacy Laws and such Contracts, \u201cPrivacy Commitments\u201d). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.\n(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.\n(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company\u2019s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company\u2019s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.\n(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (\u201cSecurity Incident\u201d), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.\n(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company\u2019s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.", "hash": "cb49ca61f45c3da66e9fead7c7603d3a", "id": 1}, {"snippet_links": [{"key": "all-applicable-laws", "type": "definition", "offset": [60, 79]}, {"key": "security-of-personal-information", "type": "clause", "offset": [217, 249]}, {"key": "conduct-of-the-company", "type": "clause", "offset": [257, 279]}, {"key": "each-case", "type": "definition", "offset": [319, 328]}, {"key": "in-the-aggregate", "type": "definition", "offset": [397, 413]}, {"key": "company-material-adverse-effect", "type": "clause", "offset": [417, 448]}, {"key": "the-company-and-its-subsidiaries", "type": "clause", "offset": [475, 507]}, {"key": "security-incident", "type": "clause", "offset": [589, 606]}, {"key": "possession-or-control", "type": "definition", "offset": [647, 668]}, {"key": "subject-to", "type": "clause", "offset": [683, 693]}, {"key": "notice-of-any", "type": "clause", "offset": [710, 723]}, {"key": "action-by", "type": "clause", "offset": [772, 781]}, {"key": "governmental-entity", "type": "clause", "offset": [786, 805]}, {"key": "other-person", "type": "definition", "offset": [809, 821]}, {"key": "concerning-the-company", "type": "clause", "offset": [822, 844]}, {"key": "protection-of-personal-information", "type": "clause", "offset": [926, 960]}, {"key": "data-security", "type": "definition", "offset": [1046, 1059]}, {"key": "data-breach-notification", "type": "clause", "offset": [1064, 1088]}, {"key": "to-the-company", "type": "definition", "offset": [1094, 1108]}, {"key": "could-reasonably-be-expected-to", "type": "definition", "offset": [1163, 1194]}], "samples": [{"hash": "5ZgFnuMM9Zi", "uri": "/contracts/5ZgFnuMM9Zi#privacy-and-data-security", "label": "Merger Agreement (Lifeloc Technologies, Inc)", "score": 36.7864494324, "published": true}, {"hash": "lilnVaWbae", "uri": "/contracts/lilnVaWbae#privacy-and-data-security", "label": "Merger Agreement (FaZe Holdings Inc.)", "score": 34.7987670898, "published": true}, {"hash": "jlDNpLzSqPD", "uri": "/contracts/jlDNpLzSqPD#privacy-and-data-security", "label": "Merger Agreement (GameSquare Holdings, Inc.)", "score": 34.7987670898, "published": true}], "size": 16, "snippet": "The Company and each of its Subsidiaries have complied with all applicable Laws and all internal or publicly posted policies, notices, and statements concerning the collection, use, processing, storage, transfer, and security of personal information in the conduct of the Company\u2019s and its Subsidiaries\u2019 businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. In the past three years, the Company and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving personal information in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning the Company\u2019s or any of its Subsidiaries\u2019 collection, use, processing, storage, transfer, or protection of personal information or actual, alleged, or suspected violation of any applicable Law concerning privacy, data security, or data breach notification, and to the Company\u2019s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect.", "hash": "7de939d05a8743a2b92184edd8cf9fff", "id": 6}, {"snippet_links": [{"key": "the-parties-will", "type": "clause", "offset": [4, 20]}, {"key": "keep-confidential", "type": "definition", "offset": [21, 38]}, {"key": "information-regarding", "type": "clause", "offset": [43, 64]}, {"key": "the-trust", "type": "clause", "offset": [65, 74]}, {"key": "the-variable-accounts", "type": "clause", "offset": [101, 122]}, {"key": "contract-owners", "type": "definition", "offset": [127, 142]}, {"key": "in-connection-with", "type": "clause", "offset": [152, 170]}, {"key": "services-and", "type": "clause", "offset": [181, 193]}, {"key": "respective-obligations", "type": "clause", "offset": [208, 230]}, {"key": "the-services", "type": "clause", "offset": [278, 290]}, {"key": "obligations-under-this-agreement", "type": "clause", "offset": [326, 358]}, {"key": "applicable-law", "type": "definition", "offset": [392, 406]}, {"key": "publicly-available", "type": "definition", "offset": [488, 506]}, {"key": "confidentiality-of-the-data", "type": "clause", "offset": [595, 622]}, {"key": "another-party", "type": "definition", "offset": [638, 651]}, {"key": "in-accordance-with", "type": "clause", "offset": [679, 697]}, {"key": "regulation-s", "type": "definition", "offset": [716, 728]}, {"key": "reg-s", "type": "definition", "offset": [755, 760]}, {"key": "other-applicable", "type": "clause", "offset": [774, 790]}, {"key": "privacy-laws-and-regulations", "type": "definition", "offset": [808, 836]}, {"key": "including-without-limitation", "type": "clause", "offset": [838, 866]}, {"key": "breach-notification-regulations", "type": "definition", "offset": [913, 944]}, {"key": "contemplated-herein", "type": "clause", "offset": [1037, 1056]}, {"key": "of-the-parties", "type": "clause", "offset": [1067, 1081]}, {"key": "any-non", "type": "clause", "offset": [1142, 1149]}, {"key": "public-personal-information", "type": "clause", "offset": [1150, 1177]}, {"key": "any-person", "type": "clause", "offset": [1274, 1284]}, {"key": "not-an-affiliate", "type": "clause", "offset": [1293, 1309]}, {"key": "service-provider", "type": "definition", "offset": [1321, 1337]}, {"key": "the-receiving-party", "type": "definition", "offset": [1351, 1370]}, {"key": "and-provided-that", "type": "clause", "offset": [1371, 1388]}, {"key": "information-disclosed", "type": "clause", "offset": [1398, 1419]}, {"key": "substantially-similar", "type": "definition", "offset": [1500, 1521]}, {"key": "limitations-on-use", "type": "definition", "offset": [1534, 1552]}, {"key": "legal-requirements", "type": "clause", "offset": [1597, 1615]}, {"key": "the-company-and-the", "type": "clause", "offset": [1617, 1636]}, {"key": "not-use-information", "type": "clause", "offset": [1648, 1667]}, {"key": "directly-or-indirectly", "type": "clause", "offset": [1712, 1734]}, {"key": "for-the-purpose-of", "type": "definition", "offset": [1818, 1836]}, {"key": "to-contract", "type": "clause", "offset": [1847, 1858]}, {"key": "the-parties-hereto", "type": "clause", "offset": [1923, 1941]}, {"key": "in-all-respects", "type": "clause", "offset": [2049, 2064]}, {"key": "information-which", "type": "clause", "offset": [2162, 2179]}, {"key": "publicly-known", "type": "definition", "offset": [2188, 2202]}, {"key": "the-party", "type": "clause", "offset": [2235, 2244]}, {"key": "other-sources", "type": "clause", "offset": [2305, 2318]}, {"key": "prior-to-the", "type": "clause", "offset": [2319, 2331]}, {"key": "information-from", "type": "clause", "offset": [2374, 2390]}, {"key": "disclosing-confidential-information", "type": "clause", "offset": [2401, 2436]}, {"key": "disclosing-party", "type": "definition", "offset": [2439, 2455]}, {"key": "available-to", "type": "definition", "offset": [2609, 2621]}, {"key": "a-non", "type": "clause", "offset": [2645, 2650]}, {"key": "not-prohibited", "type": "clause", "offset": [2775, 2789]}, {"key": "obligation-to", "type": "clause", "offset": [2883, 2896]}, {"key": "payable-to", "type": "definition", "offset": [2953, 2963]}, {"key": "each-party-will", "type": "clause", "offset": [3016, 3031]}, {"key": "safety-and", "type": "definition", "offset": [3053, 3063]}, {"key": "physical-security-procedures", "type": "clause", "offset": [3064, 3092]}, {"key": "with-respect-to", "type": "clause", "offset": [3093, 3108]}, {"key": "maintenance-of", "type": "clause", "offset": [3124, 3138]}, {"key": "at-least-equal-to", "type": "definition", "offset": [3184, 3201]}, {"key": "industry-standards", "type": "definition", "offset": [3202, 3220]}, {"key": "types-of", "type": "clause", "offset": [3230, 3238]}, {"key": "technical-and-organizational-safeguards", "type": "clause", "offset": [3354, 3393]}, {"key": "unauthorized-disclosure", "type": "definition", "offset": [3459, 3482]}, {"key": "without-limiting-the-generality-of-the-foregoing", "type": "clause", "offset": [3550, 3598]}, {"key": "to-secure", "type": "clause", "offset": [3645, 3654]}, {"key": "location-and-equipment", "type": "clause", "offset": [3670, 3692]}, {"key": "without-authorization", "type": "definition", "offset": [3780, 3801]}, {"key": "the-information", "type": "clause", "offset": [3838, 3853]}, {"key": "report-to", "type": "clause", "offset": [3985, 3994]}, {"key": "breaches-of-security", "type": "clause", "offset": [4024, 4044]}, {"key": "access-to", "type": "definition", "offset": [4061, 4070]}, {"key": "notification-to", "type": "clause", "offset": [4138, 4153]}, {"key": "required-by", "type": "definition", "offset": [4193, 4204]}, {"key": "state-laws", "type": "definition", "offset": [4231, 4241]}, {"key": "reasonable-and-diligent-efforts", "type": "clause", "offset": [4263, 4294]}, {"key": "breach-of-security", "type": "definition", "offset": [4310, 4328]}, {"key": "in-a-timely-manner", "type": "definition", "offset": [4352, 4370]}, {"key": "right-to", "type": "clause", "offset": [4397, 4405]}, {"key": "its-data", "type": "definition", "offset": [4423, 4431]}, {"key": "prior-written-notice", "type": "definition", "offset": [4510, 4530]}, {"key": "auditing-party", "type": "definition", "offset": [4543, 4557]}, {"key": "sole-expense", "type": "definition", "offset": [4560, 4572]}, {"key": "secure-environment", "type": "definition", "offset": [4668, 4686]}], "samples": [{"hash": "fG01uvWOiKb", "uri": "/contracts/fG01uvWOiKb#privacy-and-data-security", "label": "Fund Participation Agreement (Nationwide Multi Flex Variable Account)", "score": 35.7542762756, "published": true}, {"hash": "dtW56N62ROc", "uri": "/contracts/dtW56N62ROc#privacy-and-data-security", "label": "Fund Participation Agreement (Jefferson National Life Annuity Account G)", "score": 35.7542762756, "published": true}, {"hash": "bSoSSGX5vXy", "uri": "/contracts/bSoSSGX5vXy#privacy-and-data-security", "label": "Fund Participation Agreement (Jefferson National Life of New York Annuity Account 1)", "score": 35.7542762756, "published": true}], "size": 25, "snippet": "(a) The parties will keep confidential any information regarding the Trust, the Company, Nationwide, the Variable Accounts and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Trust or Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1\u2013248.30) (\u201cReg S-P\u201d), and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively \u201cPrivacy Laws\u201d). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (\u201cNon-public Personal Information\u201d) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company and the Trust will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (\u201cReceiving Party\u201d) from other sources prior to the Receiving Party\u2019s receipt of confidential information from the party disclosing confidential information (\u201cDisclosing Party\u201d), or (ii) is or becomes publicly available other than as a result of a disclosure by the Receiving Party or its representatives, or (iii) is or becomes available to the Receiving Party on a non-confidential basis from a source (other than the Disclosing Party) which, to the best of the Receiving Party\u2019s knowledge is not prohibited from disclosing such information to the Receiving Party by a legal, contractual or fiduciary obligation to the Disclosing Party, or (iv) describes the annual fees payable to Nationwide Broker-Dealers under this Agreement.\n(b) Each party will maintain and enforce safety and physical security procedures with respect to its access and maintenance of Non-public Personal Information that (a) are at least equal to industry standards for such types of locations, (b) are in accordance with reasonable policies in these regards, and (c) provide reasonably appropriate technical and organizational safeguards against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access of Non-public Personal Information under this Agreement. Without limiting the generality of the foregoing, each party will take all reasonable measures to secure and defend its location and equipment against cyber-attacks, \u201chackers\u201d and others, both internal and external, who may seek, without authorization, to modify or access its systems or the information found therein. Each party will periodically test its systems for potential areas where security could be breached. Each party will report to the other party promptly any breaches of security or unauthorized access to its systems that it detects or becomes aware of that would require notification to consumers and/or regulators, as may be required by applicable federal and/or state laws. Each party will use reasonable and diligent efforts to remedy such breach of security or unauthorized access in a timely manner. Each party maintains the right to reasonably audit its data in the other party\u2019s systems environment no more than annually, upon 60 days\u2019 prior written notice, and at the auditing party\u2019s sole expense and cost.\n(c) All Non-public Personal Information must be stored in a physically and logically secure environment that reasonably attempts to protect it from unauthorized access, modification, theft, misuse, and destruction.", "hash": "8a5694a607725d4f66d2f3b8b153f4ae", "id": 3}, {"snippet_links": [{"key": "at-all-times", "type": "definition", "offset": [23, 35]}, {"key": "in-compliance-with", "type": "definition", "offset": [41, 59]}, {"key": "applicable-privacy-laws", "type": "definition", "offset": [64, 87]}, {"key": "terms-of", "type": "clause", "offset": [107, 115]}, {"key": "company-contracts", "type": "clause", "offset": [120, 137]}, {"key": "data-protection", "type": "definition", "offset": [157, 172]}, {"key": "data-flow", "type": "clause", "offset": [202, 211]}, {"key": "data-loss", "type": "definition", "offset": [213, 222]}, {"key": "data-theft", "type": "definition", "offset": [224, 234]}, {"key": "breach-notification", "type": "clause", "offset": [239, 258]}, {"key": "data-localization", "type": "clause", "offset": [260, 277]}, {"key": "electronic-mail", "type": "definition", "offset": [312, 327]}, {"key": "text-messages", "type": "definition", "offset": [331, 344]}, {"key": "with-respect-to", "type": "clause", "offset": [384, 399]}, {"key": "information-of", "type": "clause", "offset": [544, 558]}, {"key": "trial-participants", "type": "definition", "offset": [581, 599]}, {"key": "family-members", "type": "definition", "offset": [619, 633]}, {"key": "other-health-care-professionals", "type": "definition", "offset": [675, 706]}, {"key": "in-connection-with", "type": "clause", "offset": [794, 812]}, {"key": "operation-of-the-company", "type": "clause", "offset": [817, 841]}, {"key": "each-case", "type": "definition", "offset": [866, 875]}, {"key": "in-the-aggregate", "type": "definition", "offset": [978, 994]}, {"key": "company-material-adverse-effect", "type": "clause", "offset": [998, 1029]}, {"key": "knowledge-of-the-company", "type": "clause", "offset": [1038, 1062]}, {"key": "written-policies-and-procedures", "type": "clause", "offset": [1121, 1152]}, {"key": "comply-with-applicable", "type": "clause", "offset": [1169, 1191]}, {"key": "security-of-personal-information", "type": "clause", "offset": [1249, 1281]}, {"key": "privacy-policies", "type": "definition", "offset": [1288, 1304]}, {"key": "no-legal-proceeding", "type": "clause", "offset": [1551, 1570]}, {"key": "any-person", "type": "clause", "offset": [1626, 1636]}, {"key": "data-security-incidents", "type": "clause", "offset": [2181, 2204]}, {"key": "data-breaches", "type": "clause", "offset": [2208, 2221]}, {"key": "other-adverse-events", "type": "clause", "offset": [2225, 2245]}, {"key": "access-to", "type": "definition", "offset": [2298, 2307]}, {"key": "other-data", "type": "clause", "offset": [2397, 2407]}, {"key": "control-of-the-company", "type": "clause", "offset": [2429, 2451]}, {"key": "service-provider", "type": "definition", "offset": [2459, 2475]}, {"key": "behalf-of-the-company", "type": "clause", "offset": [2486, 2507]}, {"key": "obligation-to", "type": "clause", "offset": [2587, 2600]}, {"key": "applicable-law", "type": "definition", "offset": [2618, 2632]}, {"key": "pursuant-to-the-terms", "type": "clause", "offset": [2636, 2657]}], "samples": [{"hash": "2joUoLRkqfn", "uri": "/contracts/2joUoLRkqfn#privacy-and-data-security", "label": "Agreement and Plan of Merger and Reorganization (Pulmatrix, Inc.)", "score": 36.2717323303, "published": true}, {"hash": "7F8qOMIkx3y", "uri": "/contracts/7F8qOMIkx3y#privacy-and-data-security", "label": "Acquisition Agreement (MingZhu Logistics Holdings LTD)", "score": 35.4284744263, "published": true}, {"hash": "6xTU0YsjXYp", "uri": "/contracts/6xTU0YsjXYp#privacy-and-data-security", "label": "Merger Agreement (ARCA Biopharma, Inc.)", "score": 35.2532501221, "published": true}], "size": 31, "snippet": "The Company is and has at all times been in compliance with all applicable Privacy Laws and the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, maintenance, storage, disclosure, transfer, or other processing of, Personal Information (including any such information of individuals, clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists that interact with the Company in connection with the operation of the Company\u2019s business), except, in each case, for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. To the Knowledge of the Company, the Company (i) has implemented and maintains reasonable written policies and procedures that materially comply with applicable Privacy Laws and are designed to protect the privacy and security of Personal Information (the \u201cPrivacy Policies\u201d) and (ii) has complied with such Privacy Policies, except for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. To the Knowledge of the Company, no Legal Proceeding has been asserted or threatened against the Company by any Person alleging a violation of Privacy Laws, Privacy Policies, or the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, maintenance, storage, disclosure, transfer, or other processing of, Personal Information. To the Knowledge of the Company, there have been no data security incidents or data breaches or other adverse events or incidents that have resulted in any unauthorized access to, or collection, use, disclosure, modification or destruction of, Personal Information or other data in the possession or control of the Company or any service provider acting on behalf of the Company, in each case, where such incident, breach or event resulted in a notification obligation to any Person under applicable Law or pursuant to the terms of any Company Contract.", "hash": "52aaa8fc975721779e1d9075d0dda2a8", "id": 2}, {"snippet_links": [{"key": "disclosure-memorandum", "type": "definition", "offset": [50, 71]}, {"key": "the-company-and-its-subsidiaries", "type": "clause", "offset": [73, 105]}, {"key": "knowledge-of-the-company", "type": "clause", "offset": [118, 142]}, {"key": "third-parties", "type": "definition", "offset": [181, 194]}, {"key": "compliance-date", "type": "clause", "offset": [265, 280]}, {"key": "measures-to", "type": "clause", "offset": [312, 323]}, {"key": "the-personal", "type": "clause", "offset": [360, 372]}, {"key": "information-of", "type": "clause", "offset": [373, 387]}, {"key": "natural-person", "type": "clause", "offset": [410, 424]}, {"key": "by-the-company", "type": "clause", "offset": [435, 449]}, {"key": "maintain-in-confidence", "type": "clause", "offset": [504, 526]}, {"key": "compliance-with", "type": "clause", "offset": [618, 633]}, {"key": "privacy-laws-and-requirements", "type": "definition", "offset": [658, 687]}, {"key": "no-claim", "type": "clause", "offset": [693, 701]}, {"key": "in-writing", "type": "clause", "offset": [798, 808]}, {"key": "governmental-entity", "type": "clause", "offset": [894, 913]}, {"key": "with-respect-to", "type": "clause", "offset": [914, 929]}, {"key": "personal-information-collected", "type": "clause", "offset": [930, 960]}, {"key": "other-third-party", "type": "definition", "offset": [1081, 1098]}, {"key": "no-loss", "type": "clause", "offset": [1248, 1255]}, {"key": "behalf-of-the-company", "type": "clause", "offset": [1402, 1423]}, {"key": "no-third-party", "type": "clause", "offset": [1519, 1533]}, {"key": "access-to", "type": "definition", "offset": [1555, 1564]}, {"key": "the-execution", "type": "clause", "offset": [1772, 1785]}, {"key": "performance-of-this-agreement", "type": "clause", "offset": [1800, 1829]}, {"key": "contemplated-hereby", "type": "clause", "offset": [1871, 1890]}, {"key": "breach-of-any", "type": "clause", "offset": [1968, 1981]}, {"key": "privacy-policies", "type": "definition", "offset": [2055, 2071]}, {"key": "at-the-time", "type": "definition", "offset": [2153, 2164]}, {"key": "require-the", "type": "clause", "offset": [2304, 2315]}, {"key": "consent-of", "type": "clause", "offset": [2316, 2326]}, {"key": "notice-to", "type": "clause", "offset": [2330, 2339]}, {"key": "any-person", "type": "clause", "offset": [2340, 2350]}, {"key": "to-the-extent", "type": "clause", "offset": [2429, 2442]}, {"key": "required-by", "type": "definition", "offset": [2443, 2454]}, {"key": "mobile-applications", "type": "clause", "offset": [2572, 2591]}, {"key": "made-available", "type": "clause", "offset": [2618, 2632]}, {"key": "in-connection-with", "type": "clause", "offset": [2633, 2651]}, {"key": "company-products-or-services", "type": "definition", "offset": [2656, 2684]}, {"key": "company-privacy-policy", "type": "clause", "offset": [2687, 2709]}, {"key": "no-disclosure", "type": "clause", "offset": [2711, 2724]}, {"key": "contained-in", "type": "definition", "offset": [2751, 2763]}], "samples": [{"hash": "c6btupsnGJg", "uri": "/contracts/c6btupsnGJg#privacy-and-data-security", "label": "Stock Purchase Agreement (Universal Technical Institute Inc)", "score": 33.3367538452, "published": true}], "size": 18, "snippet": "(a) Except as set forth on Section 6.26(a) of the Disclosure Memorandum, the Company and its Subsidiaries, and to the Knowledge of the Company, its and their vendors, processors or third parties that process Personal Information, (i) are taking and have, since the Compliance Date, taken commercially reasonable measures to protect the privacy and security of the Personal Information of each student or other natural person collected by the Company and its Subsidiaries or on its or their behalf and to maintain in confidence such Personal Information, and (ii) are, and since January 1, 2016, have been, in material compliance with its or their applicable Privacy Laws and Requirements.\n(b) No Claim is pending, or to the Knowledge of the Company, has, since the Compliance Date, been threatened in writing against the Company or any of its Subsidiaries by any individual, third party or any Governmental Entity with respect to Personal Information collected, used, processed or shared by the Company or any of its Subsidiaries, or held or processed by any vendor, processor, or other third party for or on behalf the Company or its Subsidiaries, alleging any violation of Privacy Laws and Requirements. Since the Compliance Date, there has been no loss or other misuse by the Company or any of its Subsidiaries, or to the Knowledge of the Company, by any vendor, processor, or third party for or on behalf of the Company or any of its Subsidiaries of such Personal Information, and, to the Knowledge of the Company, no third party has had unauthorized access to or misused the Personal Information collected by the Company or any of its Subsidiaries, or collected by any vendor, processor, or third party for or on behalf of the Company or any of its Subsidiaries.\n(c) The execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby, do not and will not: (i) conflict with or result in a material violation or breach of any applicable Privacy Laws and Requirements, including applicable published privacy policies or internal privacy policies or guidelines (as currently existing or as existing at the time during which any Personal Information was collected or processed by, for, or on behalf of the Company or any of its Subsidiaries); or (ii) require the consent of or notice to any Person concerning such Person\u2019s Personal Information.\n(d) Since the Compliance Date, to the extent required by applicable Privacy Laws and Requirements, the Company and its Subsidiaries have posted to each of their websites and mobile applications and provided or otherwise made available in connection with any Company products or services a Company privacy policy. No disclosure or representation made or contained in any Company privacy policy has been materially inaccurate, misleading, deceptive, or in material violation of any applicable Privacy Laws and Requirements.", "hash": "5e9d077197891cc07904a9211f91c183", "id": 4}, {"snippet_links": [{"key": "at-all-times", "type": "definition", "offset": [35, 47]}, {"key": "privacy-laws", "type": "definition", "offset": [102, 114]}, {"key": "privacy-policies", "type": "definition", "offset": [125, 141]}, {"key": "to-the-company", "type": "definition", "offset": [153, 167]}, {"key": "contractual-commitments", "type": "clause", "offset": [183, 206]}, {"key": "terms-of-use", "type": "clause", "offset": [222, 234]}, {"key": "the-company-has", "type": "definition", "offset": [241, 256]}, {"key": "entered-into", "type": "clause", "offset": [257, 269]}, {"key": "with-respect-to", "type": "clause", "offset": [270, 285]}, {"key": "processing-of-personal-information", "type": "clause", "offset": [290, 324]}, {"key": "made-available", "type": "clause", "offset": [393, 407]}, {"key": "copies-of-all", "type": "clause", "offset": [436, 449]}, {"key": "relevant-times", "type": "definition", "offset": [491, 505]}, {"key": "privacy-policy", "type": "clause", "offset": [518, 532]}, {"key": "to-individuals", "type": "clause", "offset": [533, 547]}, {"key": "prior-to-the", "type": "clause", "offset": [548, 560]}, {"key": "materially-accurate", "type": "clause", "offset": [659, 678]}, {"key": "not-misleading", "type": "clause", "offset": [708, 722]}, {"key": "due-diligence", "type": "definition", "offset": [794, 807]}, {"key": "other-third-parties", "type": "definition", "offset": [834, 853]}, {"key": "personal-information-collected", "type": "clause", "offset": [865, 895]}, {"key": "for-the-company", "type": "definition", "offset": [922, 937]}, {"key": "data-partners", "type": "definition", "offset": [954, 967]}, {"key": "enforceable-agreements", "type": "clause", "offset": [1069, 1091]}, {"key": "in-place", "type": "definition", "offset": [1092, 1100]}, {"key": "applicable-data-protection-requirements", "type": "definition", "offset": [1141, 1180]}, {"key": "security-measures", "type": "definition", "offset": [1361, 1378]}, {"key": "written-information-security-program", "type": "clause", "offset": [1435, 1471]}, {"key": "of-the-company", "type": "clause", "offset": [1510, 1524]}, {"key": "computer-systems", "type": "definition", "offset": [1527, 1543]}, {"key": "company-data", "type": "clause", "offset": [1548, 1560]}, {"key": "to-ensure", "type": "clause", "offset": [1622, 1631]}, {"key": "authorized-employees", "type": "definition", "offset": [1642, 1662]}, {"key": "access-to-personal-information", "type": "clause", "offset": [1693, 1723]}, {"key": "compliance-with-data-protection-laws", "type": "clause", "offset": [1771, 1807]}, {"key": "material-business", "type": "definition", "offset": [1912, 1929]}, {"key": "loss-of-data", "type": "clause", "offset": [1952, 1964]}, {"key": "material-security-breach", "type": "definition", "offset": [1969, 1993]}, {"key": "notification-to", "type": "clause", "offset": [2026, 2041]}, {"key": "supervisory-authority", "type": "definition", "offset": [2046, 2067]}, {"key": "breach-of-privacy", "type": "definition", "offset": [2156, 2173]}, {"key": "information-technology", "type": "definition", "offset": [2214, 2236]}, {"key": "in-all-material-respects", "type": "definition", "offset": [2259, 2283]}, {"key": "as-currently-required", "type": "definition", "offset": [2284, 2305]}, {"key": "to-operate", "type": "definition", "offset": [2306, 2316]}, {"key": "taken-as-a-whole", "type": "clause", "offset": [2340, 2356]}, {"key": "disaster-recovery", "type": "clause", "offset": [2606, 2623]}, {"key": "consistent-with", "type": "clause", "offset": [2650, 2665]}, {"key": "regulatory-standards", "type": "clause", "offset": [2677, 2697]}, {"key": "insurance-coverage", "type": "definition", "offset": [2721, 2739]}, {"key": "terms-and", "type": "clause", "offset": [2776, 2785]}, {"key": "respond-to", "type": "definition", "offset": [2816, 2826]}, {"key": "risk-of-liability", "type": "clause", "offset": [2831, 2848]}, {"key": "relating-to", "type": "definition", "offset": [2849, 2860]}, {"key": "security-incident", "type": "clause", "offset": [2916, 2933]}, {"key": "no-claims", "type": "clause", "offset": [2989, 2998]}, {"key": "the-execution", "type": "clause", "offset": [3048, 3061]}, {"key": "performance-of-this-agreement", "type": "clause", "offset": [3077, 3106]}, {"key": "contemplated-hereby", "type": "clause", "offset": [3128, 3147]}, {"key": "breach-of-any", "type": "clause", "offset": [3215, 3228]}, {"key": "require-the", "type": "clause", "offset": [3264, 3275]}, {"key": "consent-of", "type": "clause", "offset": [3276, 3286]}, {"key": "notice-to", "type": "clause", "offset": [3303, 3312]}, {"key": "any-person", "type": "clause", "offset": [3313, 3323]}, {"key": "right-of-termination", "type": "clause", "offset": [3394, 3414]}, {"key": "right-to", "type": "clause", "offset": [3424, 3432]}, {"key": "necessary-for", "type": "definition", "offset": [3519, 3532]}, {"key": "operation-of", "type": "definition", "offset": [3537, 3549]}, {"key": "transfer-of-personal-information", "type": "clause", "offset": [3611, 3643]}, {"key": "to-buyer", "type": "definition", "offset": [3644, 3652]}], "samples": [{"hash": "f4lgq8ayvEH", "uri": "/contracts/f4lgq8ayvEH#privacy-and-data-security", "label": "Shares Purchase Agreement (One Stop Systems, Inc.)", "score": 37.2080764771, "published": true}, {"hash": "4TRIbrNZtef", "uri": "/contracts/4TRIbrNZtef#privacy-and-data-security", "label": "Shares Purchase Agreement (One Stop Systems, Inc.)", "score": 37.0136909485, "published": true}], "size": 17, "snippet": "The Company complies with, and has at all times during the past five (5) years complied with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to the Company, and (iii) all contractual commitments, including any terms of use, that the Company has entered into with respect to the Processing of Personal Information (collectively, the \u201cData Protection Requirements\u201d). The Company has made available true, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, \u201cData Partners\u201d) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company\u2019s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company\u2019s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely impact the functionality of the Information Technology. The Company has implemented backup, security, and disaster recovery technology designed to be consistent with applicable regulatory standards. The Company maintains insurance coverage containing industry standard policy terms and limits that are reasonable to respond to the risk of liability relating to any unauthorized Processing of Personal Information, a security incident, or any violation of Data Protection Requirements, and no claims have been made under such insurance policy(ies). The execution, delivery, and performance of this Agreement and the transactions contemplated hereby do not and will not: (i) conflict with or result in a violation or breach of any Data Protection Requirements; (ii) require the consent of or provision of notice to any Person concerning such Person\u2019s Personal Information; (iii) give rise to any right of termination or other right to impair or limit Buyer\u2019s rights to own and Process any Personal Information used in or necessary for the operation of all the Company\u2019s businesses; or (iv) otherwise prohibit the transfer of Personal Information to Buyer.", "hash": "211b7dc120291378b9503449a9c0e97f", "id": 5}, {"snippet_links": [{"key": "data-protection-requirements", "type": "clause", "offset": [59, 87]}, {"key": "conduct-of-parent", "type": "clause", "offset": [95, 112]}, {"key": "each-case", "type": "definition", "offset": [152, 161]}, {"key": "in-the-aggregate", "type": "definition", "offset": [230, 246]}, {"key": "parent-material-adverse-effect", "type": "clause", "offset": [250, 280]}, {"key": "necessary-authority", "type": "clause", "offset": [327, 346]}, {"key": "consents-and-authorizations", "type": "clause", "offset": [356, 383]}, {"key": "data-activities", "type": "definition", "offset": [401, 416]}, {"key": "for-parent", "type": "clause", "offset": [451, 461]}, {"key": "to-the-extent", "type": "clause", "offset": [483, 496]}, {"key": "in-connection-with", "type": "clause", "offset": [506, 524]}, {"key": "operation-of-parent", "type": "clause", "offset": [529, 548]}, {"key": "security-incident-involving-personal-data", "type": "clause", "offset": [738, 779]}, {"key": "possession-or-control", "type": "definition", "offset": [789, 810]}, {"key": "subject-to", "type": "clause", "offset": [825, 835]}, {"key": "notice-of-any", "type": "clause", "offset": [852, 865]}, {"key": "action-by", "type": "clause", "offset": [914, 923]}, {"key": "governmental-entity", "type": "clause", "offset": [928, 947]}, {"key": "other-person", "type": "definition", "offset": [951, 963]}, {"key": "in-relation-to", "type": "clause", "offset": [1028, 1042]}, {"key": "data-security", "type": "definition", "offset": [1155, 1168]}, {"key": "data-breach-notification", "type": "clause", "offset": [1173, 1197]}, {"key": "to-parent", "type": "definition", "offset": [1203, 1212]}, {"key": "could-reasonably-be-expected-to", "type": "definition", "offset": [1267, 1298]}, {"key": "business-associate-agreements", "type": "clause", "offset": [1533, 1562]}, {"key": "covered-entity", "type": "clause", "offset": [1721, 1735]}, {"key": "comply-with", "type": "definition", "offset": [1899, 1910]}, {"key": "the-company", "type": "definition", "offset": [1947, 1958]}, {"key": "all-rights", "type": "clause", "offset": [2018, 2028]}, {"key": "user-data", "type": "definition", "offset": [2073, 2082]}, {"key": "in-accordance-with", "type": "clause", "offset": [2120, 2138]}, {"key": "the-requirements", "type": "clause", "offset": [2139, 2155]}, {"key": "other-data", "type": "clause", "offset": [2169, 2179]}], "samples": [{"hash": "j2BVyy9TOrM", "uri": "/contracts/j2BVyy9TOrM#privacy-and-data-security", "label": "Merger Agreement (Icon PLC)", "score": 32.1485290527, "published": true}, {"hash": "j1TKyRFapKT", "uri": "/contracts/j1TKyRFapKT#privacy-and-data-security", "label": "Merger Agreement (PRA Health Sciences, Inc.)", "score": 32.1485290527, "published": true}, {"hash": "8DcoGn5DO8b", "uri": "/contracts/8DcoGn5DO8b#privacy-and-data-security", "label": "Merger Agreement (Icon PLC)", "score": 32.1485290527, "published": true}], "size": 13, "snippet": "Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent\u2019s and its Subsidiaries\u2019 businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent\u2019s and its Subsidiaries\u2019 business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent\u2019s or any of its Subsidiaries\u2019 Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent\u2019s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid \u201cBusiness Associate Agreements\u201d (as described by HIPAA and the corresponding regulations) with each (A) \u201cbusiness associate\u201d (as described by HIPAA and the corresponding regulations), (B) \u201ccovered entity\u201d (as described by HIPAA and the corresponding regulations), and (C) \u201csubcontractor\u201d (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.", "hash": "292684ae14d1f5906c354135bf9d1ac6", "id": 9}, {"snippet_links": [{"key": "at-all-times", "type": "definition", "offset": [25, 37]}, {"key": "in-compliance", "type": "clause", "offset": [65, 78]}, {"key": "in-all-material-respects", "type": "definition", "offset": [79, 103]}, {"key": "data-privacy-and-security-requirements", "type": "definition", "offset": [113, 151]}, {"key": "reasonable-measures", "type": "clause", "offset": [226, 245]}, {"key": "to-ensure", "type": "clause", "offset": [255, 264]}, {"key": "integrity-of", "type": "clause", "offset": [296, 308]}, {"key": "information-technology-systems", "type": "definition", "offset": [323, 353]}, {"key": "possession-or-control", "type": "definition", "offset": [398, 419]}, {"key": "unauthorized-access", "type": "clause", "offset": [445, 464]}, {"key": "all-consents-obtained", "type": "clause", "offset": [640, 661]}, {"key": "by-the-company", "type": "clause", "offset": [662, 676]}, {"key": "to-the-company", "type": "definition", "offset": [688, 702]}, {"key": "to-the-extent", "type": "clause", "offset": [756, 769]}, {"key": "consummation-of-the-transactions", "type": "clause", "offset": [828, 860]}, {"key": "the-company-will", "type": "clause", "offset": [862, 878]}, {"key": "rights-to-use", "type": "clause", "offset": [916, 929]}, {"key": "the-merger-closing", "type": "clause", "offset": [1073, 1091]}, {"key": "data-breaches", "type": "clause", "offset": [1139, 1152]}, {"key": "data-incidents", "type": "clause", "offset": [1162, 1176]}, {"key": "material-loss", "type": "definition", "offset": [1213, 1226]}, {"key": "other-material", "type": "clause", "offset": [1315, 1329]}, {"key": "behalf-of-the-company", "type": "clause", "offset": [1385, 1406]}, {"key": "material-disruption", "type": "clause", "offset": [1435, 1454]}, {"key": "the-function", "type": "definition", "offset": [1458, 1470]}, {"key": "each-case", "type": "definition", "offset": [1523, 1532]}, {"key": "with-respect-to", "type": "clause", "offset": [1533, 1548]}, {"key": "notification-to", "type": "clause", "offset": [1585, 1600]}, {"key": "governmental-entities", "type": "definition", "offset": [1601, 1622]}, {"key": "other-third-party", "type": "definition", "offset": [1640, 1657]}, {"key": "applicable-data", "type": "clause", "offset": [1664, 1679]}, {"key": "neither-the-company", "type": "definition", "offset": [1738, 1757]}, {"key": "written-complaints", "type": "clause", "offset": [1797, 1815]}, {"key": "written-correspondence", "type": "clause", "offset": [1851, 1873]}, {"key": "governmental-entity", "type": "clause", "offset": [1917, 1936]}, {"key": "notice-of-any", "type": "clause", "offset": [1957, 1970]}, {"key": "relating-to", "type": "definition", "offset": [2040, 2051]}, {"key": "processing-of-personal-information", "type": "clause", "offset": [2075, 2109]}, {"key": "privacy-laws", "type": "definition", "offset": [2169, 2181]}], "samples": [{"hash": "fXJZ3DDrLPp", "uri": "/contracts/fXJZ3DDrLPp#privacy-and-data-security", "label": "Merger Agreement (Concentra Biosciences, LLC)", "score": 36.6194381714, "published": true}, {"hash": "dRwo1jvyOY6", "uri": "/contracts/dRwo1jvyOY6#privacy-and-data-security", "label": "Merger Agreement (iTeos Therapeutics, Inc.)", "score": 36.5509910583, "published": true}], "size": 14, "snippet": "(a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company\u2019s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company\u2019s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing.\n(b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company\u2019s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Since January 1, 2022, neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.", "hash": "cfe5f46bc3715eb84dc59c7097149251", "id": 7}, {"snippet_links": [{"key": "the-loan-parties", "type": "clause", "offset": [0, 16]}, {"key": "at-all-times", "type": "definition", "offset": [47, 59]}, {"key": "in-compliance", "type": "clause", "offset": [68, 81]}, {"key": "in-all-material-respects", "type": "definition", "offset": [82, 106]}, {"key": "united-states", "type": "clause", "offset": [127, 140]}, {"key": "privacy-and-data-security-laws-and-regulations", "type": "clause", "offset": [159, 205]}, {"key": "to-the-extent", "type": "clause", "offset": [222, 235]}], "samples": [{"hash": "9LnllpDMU7s", "uri": "/contracts/9LnllpDMU7s#privacy-and-data-security", "label": "Loan and Security Agreement (Vertex Energy Inc.)", "score": 35.6502380371, "published": true}, {"hash": "daaOHsjpaea", "uri": "/contracts/daaOHsjpaea#privacy-and-data-security", "label": "Loan and Security Agreement (Vertex Energy Inc.)", "score": 35.5763168335, "published": true}, {"hash": "1Dr3rXH1LJk", "uri": "/contracts/1Dr3rXH1LJk#privacy-and-data-security", "label": "Loan and Security Agreement (Vertex Energy Inc.)", "score": 35.4887046814, "published": true}], "size": 13, "snippet": "The Loan Parties and their Subsidiaries shall, at all times, remain in compliance in all material respects with all applicable United States and international privacy and data security laws and regulations including GDPR (to the extent applicable).", "hash": "8fd34ae3ae26d6e47b1121dc1d2881d8", "id": 8}, {"snippet_links": [{"key": "the-company-and-its-subsidiaries", "type": "clause", "offset": [4, 36]}, {"key": "at-all-times", "type": "definition", "offset": [53, 65]}, {"key": "in-all-material-respects", "type": "definition", "offset": [75, 99]}, {"key": "privacy-obligations", "type": "definition", "offset": [109, 128]}, {"key": "privacy-notice-and-policy", "type": "clause", "offset": [192, 217]}, {"key": "privacy-practices", "type": "clause", "offset": [298, 315]}, {"key": "commercially-reasonable", "type": "definition", "offset": [359, 382]}, {"key": "privacy-and-data-security-policies", "type": "definition", "offset": [383, 417]}, {"key": "an-appropriate", "type": "clause", "offset": [448, 462]}, {"key": "privacy-program", "type": "definition", "offset": [463, 478]}, {"key": "all-necessary-consents", "type": "clause", "offset": [527, 549]}, {"key": "the-execution", "type": "clause", "offset": [606, 619]}, {"key": "the-transactions-contemplated-by-this-agreement", "type": "clause", "offset": [663, 710]}, {"key": "processing-of-personal-information", "type": "clause", "offset": [726, 760]}, {"key": "in-connection", "type": "definition", "offset": [761, 774]}, {"key": "breach-or-violation", "type": "clause", "offset": [817, 836]}, {"key": "information-security-program", "type": "clause", "offset": [946, 974]}, {"key": "technical-safeguards", "type": "definition", "offset": [1042, 1062]}, {"key": "scope-of-the", "type": "clause", "offset": [1104, 1116]}, {"key": "the-personal", "type": "clause", "offset": [1150, 1162]}, {"key": "other-confidential-information", "type": "clause", "offset": [1179, 1209]}, {"key": "conduct-of", "type": "clause", "offset": [1230, 1240]}, {"key": "consistent-with-the", "type": "clause", "offset": [1262, 1281]}, {"key": "best-practices", "type": "definition", "offset": [1282, 1296]}, {"key": "the-operation", "type": "clause", "offset": [1399, 1412]}, {"key": "security-of-the", "type": "clause", "offset": [1459, 1474]}, {"key": "it-systems", "type": "clause", "offset": [1507, 1517]}, {"key": "unauthorized-access", "type": "clause", "offset": [1610, 1629]}, {"key": "knowledge-of-the-company", "type": "clause", "offset": [1781, 1805]}, {"key": "neither-the-company", "type": "definition", "offset": [1807, 1826]}, {"key": "material-failure", "type": "definition", "offset": [1875, 1891]}, {"key": "reasonable-measures", "type": "clause", "offset": [2000, 2019]}, {"key": "to-ensure", "type": "clause", "offset": [2020, 2029]}, {"key": "third-parties", "type": "definition", "offset": [2039, 2052]}, {"key": "comply-with-applicable", "type": "clause", "offset": [2103, 2125]}, {"key": "measures-to-safeguard", "type": "clause", "offset": [2272, 2293]}, {"key": "the-company-has", "type": "definition", "offset": [2320, 2335]}, {"key": "vulnerability-testing", "type": "clause", "offset": [2384, 2405]}, {"key": "risk-assessments", "type": "clause", "offset": [2407, 2423]}, {"key": "external-audits", "type": "clause", "offset": [2429, 2444]}, {"key": "security-incidents", "type": "clause", "offset": [2460, 2478]}, {"key": "to-the-company", "type": "definition", "offset": [2487, 2501]}, {"key": "information-security-reviews", "type": "definition", "offset": [2541, 2569]}, {"key": "material-exceptions", "type": "clause", "offset": [2603, 2622]}, {"key": "such-information", "type": "definition", "offset": [2656, 2672]}, {"key": "employees-with", "type": "clause", "offset": [2716, 2730]}, {"key": "privacy-and-data-security-matters", "type": "clause", "offset": [2751, 2784]}, {"key": "other-proceeding", "type": "clause", "offset": [2933, 2949]}, {"key": "governmental-authority", "type": "definition", "offset": [2977, 2999]}, {"key": "with-respect-to", "type": "clause", "offset": [3047, 3062]}, {"key": "reasonable-basis", "type": "definition", "offset": [3139, 3155]}, {"key": "two-years", "type": "clause", "offset": [3243, 3252]}, {"key": "third-party", "type": "definition", "offset": [3335, 3346]}, {"key": "information-on-the-company", "type": "clause", "offset": [3370, 3396]}, {"key": "behalf-of-the-company", "type": "clause", "offset": [3548, 3569]}], "samples": [{"hash": "d4zRdLIA7UV", "uri": "/contracts/d4zRdLIA7UV#privacy-and-data-security", "label": "Agreement and Plan of Merger (Alaska Communications Systems Group Inc)", "score": 31.9404525757, "published": true}, {"hash": "6dBhf3so9XR", "uri": "/contracts/6dBhf3so9XR#privacy-and-data-security", "label": "Agreement and Plan of Merger (Alaska Communications Systems Group Inc)", "score": 31.9404525757, "published": true}, {"hash": "7nYHoIe3eDG", "uri": "/contracts/7nYHoIe3eDG#privacy-and-data-security", "label": "Merger Agreement (Alaska Communications Systems Group Inc)", "score": 31.8391513824, "published": true}], "size": 12, "snippet": "(a) The Company and its Subsidiaries comply and have at all times complied in all material respects with all Privacy Obligations. The Company and its Subsidiaries have adopted and published a privacy notice and policy at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587.\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/Privacy that accurately describes their privacy practices. The Company and its Subsidiaries maintain commercially reasonable privacy and data security policies, processes, and controls, and an appropriate privacy program. The Company and its Subsidiaries have obtained all necessary consents, required for them to Process Personal Information.\n(b) The execution, delivery, performance and consummation of the transactions contemplated by this Agreement (including the Processing of Personal Information in connection therewith) will not cause or constitute a breach or violation of any applicable Privacy Obligations.\n(c) The Company and its Subsidiaries have implemented and maintain an information security program comprising reasonable and appropriate physical, administrative and technical safeguards that are (i) appropriate to the size and scope of the Company and its Subsidiaries and the Personal Information and other confidential information they Process in the conduct of their business, (ii) consistent with the best practices adopted for the industry in which the Company and its Subsidiaries operate, (iii) designed to protect the operation, confidentiality, integrity, availability and security of the Company\u2019s and its Subsidiaries\u2019 IT systems, and all Personal Information and other confidential information processed thereby, against unauthorized access, acquisition, interruption, alteration, modification, or use, and (iv) consistent with the Company\u2019s and its Subsidiaries\u2019 Privacy Obligations. To the Knowledge of the Company, neither the Company nor any of its Subsidiaries has experienced any material failure of these physical, administrative and technical safeguards.\n(d) The Company and its Subsidiaries have taken reasonable measures to ensure that all third parties that Process Personal Information on their behalf comply with applicable Privacy Obligations. The Company and its Subsidiaries obligate third parties that Process Personal Information on their behalf to take reasonable measures to safeguard Personal Information.\n(e) The Company has: (i) regularly conducted and regularly conducts vulnerability testing, risk assessments, and external audits of, and tracks security incidents related to the Company\u2019s systems and products (collectively, \u201cInformation Security Reviews\u201d); and (ii) timely corrected any material exceptions or vulnerabilities identified in such Information Security Reviews. The Company provides its employees with regular training on privacy and data security matters.\n(f) There is not currently pending and there has not been since January 1, 2016 any claim, action, litigation, investigation, audit, complaint, or other proceeding to, from, by or before any Governmental Authority against the Company or any of its Subsidiaries with respect to privacy or data security, and, to the Knowledge of the Company, there is no reasonable basis for such actions.\n(g) Neither the Company nor any of its Subsidiaries has, in the past two years, experienced any security incident, nor has, to the Knowledge of the Company, any third party who Processes Personal information on the Company\u2019s or its Subsidiaries\u2019 behalf, experienced any Security Incident affecting the Processing of Personal Information or other confidential information on behalf of the Company or any of its Subsidiaries.", "hash": "d2930d1ce5b51cbdd8196c8eeed37b8c", "id": 10}], "next_curs": "CmISXGoVc35sYXdpbnNpZGVyY29udHJhY3Rzcj4LEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IiJwcml2YWN5LWFuZC1kYXRhLXNlY3VyaXR5IzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"parents": [["representations-and-warranties-of-the-company", "REPRESENTATIONS AND WARRANTIES OF THE COMPANY"], ["intellectual-property", "Intellectual Property"], ["representations-and-warranties-of-seller", "REPRESENTATIONS AND WARRANTIES OF SELLER"], ["representations-and-warranties", "Representations and Warranties"], ["affirmative-covenants", "Affirmative Covenants"]], "children": [["", ""], ["severability", "Severability"], ["build-and-maintain-a-secure-network", "Build and Maintain a Secure Network"], ["maintain-an-information-security-policy", "Maintain an Information Security Policy"], ["implement-strong-access-control-measures", "Implement Strong Access Control Measures"]], "size": 929, "title": "Privacy and Data Security", "id": "privacy-and-data-security", "related": [["data-security", "Data Security", "Data Security"], ["privacy-and-data-protection", "Privacy and Data Protection", "Privacy and Data Protection"], ["privacy-and-security", "Privacy and Security", "Privacy and Security"], ["data-privacy-and-security", "Data Privacy and Security", "Data Privacy and Security"], ["confidentiality-and-data-security", "Confidentiality and Data Security", "Confidentiality and Data Security"]], "related_snippets": [], "updated": "2026-06-03T05:49:28+00:00"}, "json": true, "cursor": ""}}