Common use of Compliance with Data Privacy Laws Clause in Contracts

Compliance with Data Privacy Laws. Except as has not been and would not reasonably be expected to be material to the Company and its subsidiaries, taken as a whole, (i) the Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and the GDPR, as applicable (collectively, the “Privacy Laws”); (ii) the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”); (iii) the Company and its subsidiaries have at all times made all disclosures to users or customers required by applicable Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Privacy Laws; and (iv) the Company and its subsidiaries (A) have not received notice of any actual or potential liability of the Company or its subsidiaries under or relating to, or actual or potential violation of, any of the Privacy Laws, and have no knowledge of any event or condition that would reasonably be expected to result in any such notice; (B) are currently not conducting nor paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any order, decree, or agreement by or with any court or arbitrator or governmental or regulatory authority under or relating to any Privacy Law; or (C) are not a party to any order, decree, or agreement by or with any court or arbitrator or governmental or regulatory authority that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. Except as has not been and would not reasonably be expected to be material to to, individually or in the Company and its subsidiariesaggregate, taken as have a wholeMaterial Adverse Effect, (i) the Company and its subsidiaries are, and at all prior times were, are presently in material compliance with all applicable data privacy (i) laws or statutes (including, as applicable, the Health Insurance Portability and security laws Accountability Act of 1996, as amended by the Health Information Technology for Economic and regulations, including without limitation HIPAA Clinical Health Act; the European Union General Data Protection Regulation and the GDPR, as applicable California Consumer Privacy Act) (collectively, the “Privacy Laws”); , (ii) the Company judgments, orders, rules and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis regulations of Personal Data (the “Policies”); (iii) the Company and its subsidiaries have at all times made all disclosures to users or customers required by applicable Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Privacy Laws; and (iv) the Company and its subsidiaries (A) have not received notice of any actual or potential liability of the Company or its subsidiaries under or relating to, or actual or potential violation of, any of the Privacy Laws, and have no knowledge of any event or condition that would reasonably be expected to result in any such notice; (B) are currently not conducting nor paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any order, decree, or agreement by or with any court or arbitrator or governmental or regulatory authority under having jurisdiction over the Company or its subsidiaries, and (iii) internal and external policies, industry standards with which the Company or any of its subsidiaries has represented compliance or is contractually bound to comply with, and contractual obligations of the Company and its subsidiaries, in each case of (i) – (iii), relating to the privacy and security of the IT Systems and the Company’s and its Subsidiaries’ collection, storage, transfer, processing, and/or use of Personal Data. The Company and its subsidiaries: (A) have not, except as would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect, received any written notice of any actual or alleged violation of Privacy LawLaws by the Company or any of its subsidiaries; or and (CB) are not not, to the knowledge of the Company, a party to any order, decree, or agreement that imposes any corrective obligation or liability by or with any court or arbitrator or governmental or regulatory authority that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. Except as has not been and would not reasonably be expected to be material to to, individually or in the Company and its subsidiariesaggregate, taken as have a wholeMaterial Adverse Effect, (i) the Company and its subsidiaries are, and at all prior times were, are presently in material compliance with all applicable data privacy (i) laws or statutes (including, as applicable, the Health Insurance Portability and security laws Accountability Act of 1996, as amended by the Health Information Technology for Economic and regulations, including without limitation HIPAA Clinical Health Act; the European Union General Data Protection Regulation and the GDPR, as applicable California Consumer Privacy Act) (collectively, the “Privacy Laws”); , (ii) the Company judgments, orders, rules and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis regulations of Personal Data (the “Policies”); (iii) the Company and its subsidiaries have at all times made all disclosures to users or customers required by applicable Privacy Laws, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Privacy Laws; and (iv) the Company and its subsidiaries (A) have not received notice of any actual or potential liability of the Company or its subsidiaries under or relating to, or actual or potential violation of, any of the Privacy Laws, and have no knowledge of any event or condition that would reasonably be expected to result in any such notice; (B) are currently not conducting nor paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any order, decree, or agreement by or with any court or arbitrator or governmental or regulatory authority under having jurisdiction over the Company or its subsidiaries, and (iii) internal and external policies of the Company and its subsidiaries, industry standards with which the Company or any of its subsidiaries has represented compliance or is contractually bound to comply with, and contractual obligations of the Company and its subsidiaries, in each case of (i) – (iii), relating to the privacy and security of the IT Systems and the Company’s and its Subsidiaries’ collection, storage, transfer, processing, and/or use of Personal Data. The Company and its subsidiaries: (A) have not, except as would not reasonably be expected to, individually or in the aggregate, have a Material Adverse Effect, received any written notice of any actual or alleged violation of Privacy LawLaws by the Company or any of its subsidiaries; or and (CB) are not not, to the knowledge of the Company, a party to any order, decree, or agreement that imposes any corrective obligation or liability by or with any court or arbitrator or governmental or regulatory authority that imposes any obligation or liability under any Privacy Law.

Compliance with Data Privacy Laws. Except as has not been and would not not, individually or in the aggregate, reasonably be expected to be material to the Company and its subsidiarieshave a Material Adverse Effect, taken as a whole, (i) the Company and its subsidiaries are, and at all prior times were, in material compliance with all applicable data privacy and security laws and regulations, including without limitation HIPAA and the GDPR, as applicable (collectively, the “Privacy Laws”); (ii) the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”); (iii) the Company and its subsidiaries have at all times made complied with all disclosures (x) data protection, privacy and security policies applicable to users the Company or customers required by applicable Privacy Lawsits subsidiaries, (y) contractual obligations of the Company or its subsidiaries concerning data protection, privacy, security of Protected Information, and none (z) applicable laws, statutes, regulations directives, or applicable self-regulatory guidelines or standards and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority relating to the privacy and security of IT Systems and Protected Information or to the protection of such disclosures made IT Systems and Protected Information from unauthorized use, access, misappropriation or contained in modification (collectively, the “Data Protection Requirements”). The Company and its subsidiaries have at all times provided adequate notice to and obtained any Policy havenecessary consents from data subjects for any past and present collection, to the knowledge use, disclosure, international transfer and other processing of Protected Information by or for the Company, been inaccurate except where the failure to do so would not, individually or in violation of any applicable Privacy Laws; and (iv) the aggregate, have a Material Adverse Effect. The Company and its subsidiaries (Ax) have not received written notice of any actual or potential liability of the Company or its subsidiaries under or relating to, or actual or potential violation of, any of the Privacy LawsData Protection Requirements, and have no knowledge of any event or condition that would reasonably be expected to result in any such notice; (By) are not currently not conducting nor or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any order, decree, or agreement by or with any court or arbitrator or governmental or regulatory authority under or relating to any Privacy LawData Protection Requirement; or and (Cz) are not a party to any order, decree, or agreement by or with any court or arbitrator or governmental or regulatory authority that imposes any obligation or liability under relating to any Privacy LawData Protection Requirement.

Compliance with Data Privacy Laws. Except as has not been and would not not, individually or in the aggregate, reasonably be expected to be material to the Company and its subsidiaries, taken as result in a wholeMaterial Adverse Effect, (i) the Company and its subsidiaries Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA limitation, as applicable, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, the California Consumer Privacy Act of 2018 and the European Union General Data Protection Regulation (“GDPR, as applicable ”) (EU 2016/679) (collectively, the “Privacy Laws”); (ii) the . The Company and its subsidiaries Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”); (iii) the Company and its subsidiaries have at all times made all required disclosures to users users, patients or customers required by applicable Privacy Laws, Laws and none of such disclosures made or contained in any Policy policy or procedure of the Company or its Subsidiaries have, to the knowledge of the Company, been inaccurate or in violation of any applicable Privacy Laws; and (iv) the Laws in any material respect. The Company and its subsidiaries Subsidiaries (A) have not received written notice of any actual or potential liability of the Company or its subsidiaries under or relating tounder, or actual or potential violation of, any of the Privacy Laws, and have no knowledge of any event or condition that would reasonably be expected to result in any such notice; (B) are not currently not conducting nor or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any order, decree, regulatory request or agreement by or with any court or arbitrator or governmental or regulatory authority under or relating demand pursuant to any Privacy Law; or and (Ciii) are not a party to any order, decree, or agreement by or with any court or arbitrator or a governmental or regulatory authority that imposes any obligation or liability by any governmental or regulatory authority under any Privacy Law.