Privacy and Data Security Sample Clauses

POPULAR SAMPLE Copied 163 times

Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to a...

Split View

Download

Privacy and Data Security. Except as would not, individually or in the aggregate, have or reasonably be expected to have a Company Material Adverse Effect: (a) The Company and the Company Subsidiaries and, to the Company’s Knowledge, all Third Parties processing Personal Information on behalf of the Company or any Company Subsidiary or otherwise receiving from, or sharing with, the Company or a Company Subsidiary any Personal Information (collectively, “Data Partners”) have since January 1, 2020 complied with all applicable (i) Privacy Laws, (ii) policies, notices, and/or statements related to Personal Information and (iii) contractual commitments related to the processing of Personal Information (collectively, “Company Privacy Requirements”). (b) The Company and each Company Subsidiary have at all times since January 1, 2020 implemented and maintained, and have used their reasonable best effort to cause any Company Data Partners to implement and maintain, commercially reasonable measures to protect Personal Information against any accidental, unlawful or unauthorized access, use, loss, disclosure, alteration, destruction, or compromise of Personal Information (a “Security Incident”). Since January 1, 2020, neither the Company and the Company Subsidiaries nor, to the Company’s Knowledge, any Data Partner has experienced a Security Incident. In relation to any Security Incident and/or Company Privacy Requirement, to the Company’s Knowledge, neither the Company and the Company Subsidiaries nor any Data Partner with respect to the Company and the Company Subsidiaries has (i) been notified or been required to notify any Person under Privacy Laws, or (ii) received any notice, inquiry, request, claim, complaint, correspondence or other communication from, or been the subject of any investigation or enforcement action by, any Person.

Privacy and Data Security. (a) The parties will keep confidential any information regarding the Trust, the Company, Nationwide, the Variable Accounts and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Trust or Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”), and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company and the Trust will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available ...

Privacy and Data Security. The Company is and has at all times been in compliance with all applicable Privacy Laws and the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, maintenance, storage, disclosure, transfer, or other processing of, Personal Information (including any such information of individuals, clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists that interact with the Company in connection with the operation of the Company’s business), except, in each case, for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. To the Knowledge of the Company, the Company (i) has implemented and maintains reasonable written policies and procedures that materially comply with applicable Privacy Laws and are designed to protect the privacy and security of Personal Information (the “Privacy Policies”) and (ii) has complied with such Privacy Policies, except for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. To the Knowledge of the Company, no Legal Proceeding has been asserted or threatened against the Company by any Person alleging a violation of Privacy Laws, Privacy Policies, or the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, maintenance, storage, disclosure, transfer, or other processing of, Personal Information. To the Knowledge of the Company, there have been no data security incidents or data breaches or other adverse events or incidents that have resulted in any unauthorized access to, or collection, use, disclosure, modification or destruction of, Personal Information or other data in the possession or control of the Company or any service provider acting on behalf of the ...

Privacy and Data Security. (a) With respect to Personally Identifiable Information directly collected by any Acquired Company, no such Personally Identifiable Information has been collected, stored, used, processed, disclosed, or transferred (including across national borders) by any Acquired Company in violation of any applicable Laws. Since January 1, 2015, excluding the USEU Privacy Shield Registration, each Acquired Company has complied in all material respects with all applicable externally published privacy policy statements relating to the collection, storage, use, processing, disclosure, or transfer (including transfer across national borders), of any Personally Identifiable Information used by any Acquired Company. Since September 30, 2016, each Acquired Company has complied in all material respects with the USEU Privacy Shield Registration. Each Acquired Company has appropriate contracts to obligate its customers to comply with applicable Laws with respect to the collection, storage, use, processing, disclosure, and transfer (including transfer across national borders) of such information, including Personally Identifiable Information and/or the provision of such Personally Identifiable Information to any Acquired Company for purposes of providing Customer Offerings to such customer. (b) Buyer has been provided with copies of all current externally published privacy policies that apply to the collection, storage, use, processing, disclosure, and transfer (including transfer across national borders) of Personally Identifiable Information. (c) Except as set forth on Schedule 2.17(c), since January 1, 2015, there has been no material incident of unauthorized access to, acquisition of, or other misuse of such Personally Identifiable Information within any Acquired Company’s control. (d) Since January 1, 2015, no person, company, advocacy organization, government entity, or other third party has made any complaint directly to any Acquired Company or claim, or commenced any action, investigation, or inquiry relating to any Acquired Company’s information privacy, data security, or data protection practices, or to the Company’s knowledge threatened any such complaint, claim, action, investigation, or inquiry. (e) Since January 1, 2015, all Acquired Companies have been in material compliance with all aspects of the Payment Card Industry Data Security Standards applicable to the Acquired Companies (“PCI-DSS”) published by the PCI Security Standards Council, as they have been amended...

Privacy and Data Security. Except as would not reasonably be expected to result in a Material Adverse Effect, (a) the Company and its Subsidiaries have established written privacy policies applicable to the collection, use, disclosure, maintenance and transmission of Personal Data, (b) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the collection, processing, storage, disclosure, disposal or other handling of Personal Data, any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material respect any applicable law regarding privacy, data protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2021, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, unauthorized disclosure or unauthorized use of any Personal Data, or (ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, would not reasonably be expected to result in a Material Adverse Effect, the hardware, software, databases, web s▇▇▇▇, ▇▇▇▇▇▇ applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other information technology owned, licensed, leased or otherwise used, distributed or held for use by the Company or its Subsidiaries (i) have not, within the three (3) years prior to the date of this Agreement, malfunctioned or failed in a manner that resulted in chronic or otherwise material disruptions to the operation of the business of the Company and its Subsidiaries, and (ii)...

Privacy and Data Security. (a) The Sellers are, and since January 1, 2017 have been, in all material respects in compliance with all applicable Information Privacy and Security Laws with respect to the Business. With respect to the Business, the Sellers maintain policies and procedures regarding data security and privacy and maintain administrative, technical, organizational and physical security safeguards that are required in compliance with all applicable Information Privacy and Security Laws. (b) Since January 1, 2017, and solely to the extent required under applicable Information Privacy and Security Laws, the Sellers have had in place written data processing agreements with any key vendors acting as processors in material compliance with applicable Information Privacy and Security Laws in the case of processors. (c) With respect to the Business, to the Knowledge of the Sellers, since January 1, 2017, there have been no material Personal Data breaches or material cybersecurity incidents (collectively, “Breaches“) subject to any Information Privacy and Security Laws. No notice or claim has been received by any of the Sellers from a third party vendor or any other Person alleging any Breach, including those alleging any breach of the GDPR since January 1, 2017. With respect to the Business, to the Knowledge of the Sellers, none of the Sellers has experienced a loss, or an unauthorized disclosure, use, or breach of data protection, privacy or security, of any Sensitive Data that required notice to any Person (including any Governmental Authorities or parties to any Contract) under any applicable Information Privacy and Security Laws since January 1, 2017. No Person (including any Governmental Authority or parties to any Contract) has commenced any Action relating to any Seller’s information privacy or data security practices with respect to the Business or, to the Knowledge of the Sellers, threatened any such Action or made any complaint, investigation, or inquiry relating to such practices since January 1, 2017. None of the Sellers has received any notice, request or other communication from any supervisory authority (as defined in the GDPR), or has been subject to any investigation or proceedings (whether of a criminal, civil or administrative nature) by any competent legal or regulatory authority, in each case relating to its processing of Personal Data with respect to the Business since January 1, 2017.

Privacy and Data Security. The Company complies with, and has at all times during the past five (5) years complied with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to the Company, and (iii) all contractual commitments, including any terms of use, that the Company has entered into with respect to the Processing of Personal Information (collectively, the “Data Protection Requirements”). The Company has made available true, complete, and correct copies of all Privacy Policies. The Company has at all relevant times presented a Privacy Policy to individuals prior to the collection of any Personal Information, and all Privacy Policies are, and have at all times, been materially accurate, consistent and complete and not misleading or deceptive (including by omission). The Company routinely engages in due diligence of vendors, processors or other third parties Processing Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) before allowing them to access, receive or Process Personal Information. The Company has valid and enforceable agreements in place with all Data Partners that comply with applicable Data Protection Requirements. The Company has implemented, and at all times during the past five (5) years maintained, and required all Data Partners to implement and maintain, at a minimum, industry standard security measures, plans, procedures, controls, and programs, including a written information security program, to protect and maintain the security of the Company’s Computer Systems and Company Data. Such measures include technical and organizational measures to ensure that only authorized employees or agents of the Company have access to Personal Information, and that Personal Information is processed in compliance with Data Protection Laws. Except as set forth in Schedule 4.24, during the past five (5) years, the Company has not suffered any material business disruptions, material loss of data, or material security breach that required or still requires notification to any supervisory authority. The Company has not received any material complaints, notifications, or allegations of breach of Privacy Laws from any supervisory authority The Information Technology operates and performs in all material respects as currently required to operate the Company’s business taken as a whole. The Information Technology does not contain any worms, viruses, bugs or other embedded faults or other malicious devices that could adversely ...

Privacy and Data Security. The Company and each of its Subsidiaries have complied with all applicable Laws and all internal or publicly posted policies, notices, and statements concerning the collection, use, processing, storage, transfer, and security of personal information in the conduct of the Company’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. In the past three years, the Company and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving personal information in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning the Company’s or any of its Subsidiaries’ collection, use, processing, storage, transfer, or protection of personal information or actual, alleged, or suspected violation of any applicable Law concerning privacy, data security, or data breach notification, and to the Company’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect.

Privacy and Data Security. The Loan Parties and their Subsidiaries shall, at all times, remain in compliance in all material respects with all applicable United States and international privacy and data security laws and regulations including GDPR (to the extent applicable).