Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.
Appears in 3 contracts
Samples: Agreement and Plan of Merger (PRA Health Sciences, Inc.), Agreement and Plan of Merger (Icon PLC), Agreement and Plan of Merger (Icon PLC)
Privacy and Data Security. Parent The Company and each of its Subsidiaries have complied with all applicable Laws, contractual obligations, and internal or publicly posted policies, procedures, notices, and statements concerning the collection, acquisition, use, processing, storage, transfer, distribution, dissemination, disclosure, protection and security (“Data Activities”) of personally identifiable information of individual natural persons (including any information that alone or in combination with any other information held by the Company and its Subsidiaries, can be used to specifically identify an individual person and any “individually identifiable health information,” “personal data” or “personal information” or similar terms defined under applicable Law (“Personal Data”) (such applicable Laws, contractual obligations, and internal or publicly posted policies, procedures notices and statements, collectively the “Data Protection Requirements Requirements”) in the conduct of Parentthe Company’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Company Material Adverse Effect. Parent The Company and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent the Company and its Subsidiaries to the extent required in connection with the operation of Parentthe Company’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent the Company and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parentthe Company’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parentthe Company’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Company Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company Parent and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.
Appears in 3 contracts
Samples: Agreement and Plan of Merger (Icon PLC), Agreement and Plan of Merger (Icon PLC), Agreement and Plan of Merger (PRA Health Sciences, Inc.)
Privacy and Data Security. Parent (a) Except as set forth in section 4.13 of the Disclosure Schedule, in the collection, use, storage and each Processing (including transfer to a third party or to any jurisdiction, to the extent applicable) by the Company or any of its Subsidiaries of any Personal Data, the Company or such Subsidiarity, its Personal Data Processors and, to the Company’s Knowledge, its Personal Data Suppliers have complied in all material respects with all Data Protection Requirements in applicable Information Privacy Laws, the conduct Privacy Policies of Parent’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually the Company or in the aggregate, a Parent Material Adverse Effect. Parent and each any of its Subsidiaries have all necessary authorityand, rightsto the extent obligated by contract to do so, consents and authorizations to engage in the Data Activities Privacy Policies of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conductedSuppliers. Since January 1, 2019, Parent The Company and its Subsidiaries have not: (i) experienced any actualtaken commercially reasonable measures to prevent unauthorized use, alleged, access or suspected data breach or other security incident involving alteration of Personal Data in their possession or control; or , which measures are in material compliance with applicable Information Privacy Laws and Privacy Policies. Without limiting the foregoing, (iii) been subject the Company and its Subsidiaries and, to or received any notice the Company’s Knowledge, its Personal Data Suppliers have provided, and in such manner as required under applicable Information Privacy Laws, adequate notices to and acquired all necessary consents from Data Subjects for the use, and Processing (including transfer to a third party of any auditjurisdiction, investigation, complaint, or other Legal Action to the extent applicable) of all Personal Data Processed by any Governmental Entity or other Person concerning Parent’s the Company or any of its Subsidiaries’ Data Activities in relation Subsidiaries and otherwise have all requisite legal authority to Process, use and hold (including transfer to a third party of any jurisdiction, to the extent applicable) Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregatemanner it is now Processed by the Company, a Parent Material Adverse Effect. Parent and any of its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and or any Personal Data Processor on behalf of the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); Company or any of its Subsidiaries and (ii) materially comply with such Business Associate Agreements. The respect to all Personal Data in the databases owned or licensed by the Company and each of or its Subsidiary, the Company, its Subsidiaries and, to the Company’s Knowledge, its Personal Data Suppliers have obtainedprovided, where and in such manner as required under applicable Information Privacy Laws, adequate disclosures and notices, requisite consents from Data Subjects and have sufficient legal ground under applicable law to Process such Personal Data in the manner it is now Processed by the Company or its Subsidiary or any Personal Data Processor on behalf of the Company, including transfer to a third party of any jurisdiction, to the extent applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements).
Appears in 2 contracts
Samples: Share Purchase Agreement, Share Purchase Agreement (Mimecast LTD)
Privacy and Data Security. Parent The Company and each of its Subsidiaries and, to the Knowledge of the Company with respect to the Processing of Company Data, their Data Processors, comply and have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businessesPrivacy Requirements, in each case except as would not reasonably be expected to havebe, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a Parent Material Adverse Effectwhole. Parent To the extent required by Privacy Requirements or Company Privacy Policies, Personal Data is securely deleted or destroyed by Company and each of its Subsidiaries. Neither the execution, delivery or performance of this Agreement nor any of the other agreements contemplated by this Agreement, nor the consummation of any of the transactions contemplated by this Agreement or any such other agreements violate any Privacy Requirements or Company Privacy Policies. Where the Company or its Subsidiaries have all necessary authorityuse a Data Processor to Process Personal Data, rights, consents and authorizations to engage in the Data Activities Processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data maintained by or Data, confidentiality, and security measures, and has agreed to comply with those obligations in a manner sufficient for Parent and its Subsidiaries to the extent required in connection with the operation of ParentCompany’s and each of its Subsidiaries’ business as currently conductedcompliance in all material respects with Privacy Requirements. Since January 1December 31, 20192018, Parent the Company and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or controlSecurity Incident; or (ii) been subject to or received any notice (including any enforcement notice) of any audit, investigation, complaint, or other Legal Action legal action by any Governmental Entity or other Person concerning Parentthe Company’s or any of its Subsidiaries’ Data Activities in relation to Personal Data collection, use, processing, storage, transfer, or protection of personal information or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notificationPrivacy Requirement, and to Parent’s Knowledgethe Knowledge of the Company, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Actionlegal action, in each case except as would could not reasonably be expected to havebe, individually or in the aggregate, a Parent Material Adverse Effect. Parent material to the Company and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (Subsidiaries, taken as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreementsa whole. The Company and each of its Subsidiaries are not in material breach of any Contracts relating to the Company IT Systems or to Company Data and do not transfer Personal Data internationally except where such transfers comply with Privacy Requirements and Company Privacy Policies. The Company and each of its Subsidiaries maintain, and have obtainedmaintained for the last five (5) years, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance cyber liability insurance with the requirements of HIPAA and other Data Protection Requirementsreasonable coverage limits.
Appears in 1 contract
Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except Except as would not reasonably be expected to haveresult in a Material Adverse Effect, (a) the Company and its Subsidiaries have established written privacy policies applicable to the collection, use, disclosure, maintenance and transmission of Personal Data, (b) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the collection, processing, storage, disclosure, disposal or other handling of Personal Data, any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material respect any applicable law regarding privacy, data protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2021, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, unauthorized disclosure or unauthorized use of any Personal Data, or (ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or result in the aggregate, a Parent Material Adverse Effect. Parent , the hardware, software, databases, web xxxxx, xxxxxx applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other information technology owned, licensed, leased or otherwise used, distributed or held for use by the Company or its Subsidiaries (i) have executed current not, within the three (3) years prior to the date of this Agreement, malfunctioned or failed in a manner that resulted in chronic or otherwise material disruptions to the operation of the business of the Company and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations)its Subsidiaries, (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company are adequate for the Company’s and each of its Subsidiaries have obtained, Subsidiaries’ businesses as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirementscurrently conducted.
Appears in 1 contract
Samples: Subscription and Exchange Agreement (Comtech Telecommunications Corp /De/)
Privacy and Data Security. Parent Nobul and each of its Subsidiaries have complied in all material respects with all Data Protection Requirements applicable Privacy Laws and the applicable terms of any Nobul Contracts relating to privacy, security, collection, transfer (including cross-border), keeping complete, correct, accurate and up-to-date, retention, storage, registration of databases, processing, sharing, disclosure or use of Personal Information of any individuals that interact with Nobul and its Subsidiaries in connection with the conduct operation of ParentNobul’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effectbusiness. Parent Nobul and each of its Subsidiaries have all necessary authorityimplemented and maintain reasonable written policies and procedures, rightssatisfying the requirements of applicable Privacy Laws, consents concerning the privacy, security, collection, transfer and authorizations to engage in the Data Activities use of Personal Data maintained by or for Parent Information (the “Privacy Policies”) and its Subsidiaries to the extent required have complied in connection all material respects with the operation same. As of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1the date hereof, 2019, Parent and its Subsidiaries no claims have not: (i) experienced any actual, alleged, been asserted or suspected data breach or other security incident involving Personal Data threatened in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s writing against Nobul or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected Subsidiaries by any Person alleging a violation of Privacy Laws, Privacy Policies and/or the applicable terms of any Data Protection Requirement concerning Nobul Contracts relating to privacy, data security, collection or data breach notification, and to Parent’s Knowledgeuse of Personal Information of any individuals. To the Knowledge of Nobul, there are have been no facts data security incidents, data breaches or circumstances that could reasonably be expected other adverse events or incidents related to give rise to any such Legal Actionthe unauthorized access, use or processing of Personal Information in the custody or control of Nobul or its Subsidiaries, in each case except as where such incident, breach or event would not reasonably be expected result in a notification obligation to have, individually any Person under applicable Law or in pursuant to the aggregate, a Parent Material Adverse Effectterms of any Nobul Contract. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company and each Neither Nobul nor any of its Subsidiaries have obtainedhas received written notice, as applicableor, all rights necessary to undertake de-identification the Knowledge of user data and has de-identified such user data in accordance with Nobul, been subject to any audits, proceedings or investigations by any Governmental Authority or any customer, or received any material written claims or complaints regarding the requirements collection, dissemination, storage or use of HIPAA and other Data Protection RequirementsPersonal Information, and, to the Knowledge of Nobul, there is no reasonable basis for the same.
Appears in 1 contract
Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except Except as would not reasonably be expected to haveresult in a Material Adverse Effect, (a) the Company and its Subsidiaries have established written privacy policies applicable to the collection, use, disclosure, maintenance and transmission of Personal Data, (b) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the collection, processing, storage, disclosure, disposal or other handling of Personal Data, any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material respect any applicable law regarding privacy, data protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2021, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, unauthorized disclosure or unauthorized use of any Personal Data, or (ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or result in the aggregate, a Parent Material Adverse Effect. Parent , the hardware, software, databases, web xxxxx, xxxxxx applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other information technology owned, licensed, leased or otherwise used, distributed or held for use by the Company or its Subsidiaries (i) have executed current and valid “Business Associate Agreements” not, within the three (as described by HIPAA and 3) years prior to the corresponding regulations) with each (A) “date of this Agreement, malfunctioned or failed in a manner that resulted in chronic or otherwise material disruptions to the operation of the business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.the
Appears in 1 contract
Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent (i) The Company and its Subsidiaries have not: (i) experienced any actualcomplied in all material respects with its applicable privacy and data protection policies, allegedprocedures, or suspected data breach or other security incident involving and applicable Information Privacy and Security Laws with respect to Personal Data in their possession that is accessed, collected, possessed by or control; or (ii) been otherwise subject to the use or received any notice control of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s the Company or any of its Subsidiaries’ ; (ii) implemented and maintained measures, including appropriate technical, physical and administrative safeguards, sufficient to ensure that the Company and its Subsidiaries and the operation of the businesses of the Company and its Subsidiaries materially complies with (a) applicable Information Privacy and Security Laws, (b) any notice to or consent from the individual to whom the Personal Data Activities in relation relate(s) (“Data Subjects”), (c) any policy adopted by the Company or any of its Subsidiaries, (d) any Company Material Contract made by any of the Company or its Subsidiaries that is applicable to such Personal Data or actual(e) any information technology or privacy policy or privacy statement from time to time published or otherwise made available to Data Subjects and (iii) in connection with each third party servicing, allegedoutsourcing or similar arrangement involving Personal Data used, processed, stored, transferred, collected or otherwise exploited in connection with the businesses of the Company and its Subsidiaries, contractually obligated any such third party service provider to (w) comply with the applicable Information Privacy and Security Laws with respect to Personal Data, (x) protect and secure from loss or damage, unauthorized access, use, disclosure or modification, or suspected violation any other misuse of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations)Personal Data, (By) “covered entity” (as described by HIPAA and restrict use of Personal Data to those authorized or required under the corresponding regulations)servicing, outsourcing or similar arrangement and (Cz) “subcontractor” (as described by HIPAA and certify or guarantee the corresponding regulations); and (ii) materially comply with such Business Associate Agreementsreturn or adequate disposal of Personal Data. The Company and its Subsidiaries have the right (and upon consummation of this Agreement will have the right) to use all of the Personal Data in each of its databases in the operation of the business conducted by the Company and its Subsidiaries. Except for disclosures of Personal Data required or permitted by applicable Legal Requirements, or authorized by a Data Subject or other party authorized to permit disclosure, the Company and its Subsidiaries have obtainednot sold, leased, transferred or otherwise made available to third parties any Personal Data. The execution of this Agreement and the consummation of the transactions contemplated hereby do not violate any privacy policy, Company Material Contract or Information Privacy and Security Laws. For the avoidance of doubt, the term “privacy” as applicable, all rights necessary to undertake de-identification used in this Section 7K includes the concepts of user data protection and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirementssecurity.
Appears in 1 contract
Samples: Agreement and Plan of Merger (Evolent Health, Inc.)
Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except Except as would not reasonably be expected to haveresult in a Material Adverse Effect, (a) the Company and its Subsidiaries have established written privacy policies applicable to the collection, use, disclosure, maintenance and transmission of Personal Data, (b) each of the Company and its Subsidiaries is in compliance in all material respects with their written privacy policies, contracts which impose requirements relating to the collection, processing, storage, disclosure, disposal or other handling of Personal Data, any applicable laws relating to privacy, data protection, anti-spam, personal information and similar consumer protection laws, and any applicable industry standards which impose requirements on the collection, processing, storage, disclosure, disposal or other handling of Personal Data (collectively, the “Privacy Requirements”). Except as would not reasonably be expected to result in a Material Adverse Effect, neither the operation by the Company or any of its Subsidiaries of any its websites nor the content thereof or data processed, collected, stored or disseminated by such entity in connection therewith, violates in any material respect any applicable law regarding privacy, data protection, anti-spam, personal information and similar consumer protection laws. Since January 1, 2019, none of the Company nor any of its Subsidiaries has experienced (i) incidents of unauthorized access or other security breaches, including any loss, misuse, damage, unauthorized access, unauthorized disclosure or unauthorized use of any Personal Data, or (ii) any other event that the Company or any of its Subsidiaries required a data breach notice to any Person or Governmental Entity under Privacy Requirements, except, in each case, as would not reasonably be expected to result in a Material Adverse Effect. Except as, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or result in the aggregate, a Parent Material Adverse Effect. Parent , the hardware, software, databases, web sxxxx, xxxxxx applications, servers, workstations, routers, hubs, switches, circuits, networks, communications networks, and other information technology owned, licensed, leased or otherwise used, distributed or held for use by the Company or its Subsidiaries (i) have executed current not, within the three (3) years prior to the date of this Agreement, malfunctioned or failed in a manner that resulted in chronic or otherwise material disruptions to the operation of the business of the Company and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations)its Subsidiaries, (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company are adequate for the Company’s and each of its Subsidiaries have obtained, Subsidiaries’ businesses as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirementscurrently conducted.
Appears in 1 contract
Samples: Subscription Agreement (Comtech Telecommunications Corp /De/)
