Data Privacy and Information Security Sample Clauses
Data Privacy and Information Security. (a) The Company and each Company Subsidiary have complied with all applicable (i) Laws, (ii) contractual obligations and (iii) publicly posted privacy policies to which the Company and each Company Subsidiary is subject that are related to privacy, patient confidentiality, information security, data protection or the Processing of Personal Information (collectively, the “Privacy Obligations”). Neither the Company nor any of the Company Subsidiaries have received written notices or complaints, and no claims (whether by a Governmental Authority or Person) are pending or threatened against the Company or any of the Company Subsidiaries, alleging any violation of Privacy Obligations.
(b) The Company and each Company Subsidiary maintains appropriate (i) written policies and procedures, and (ii) organizational, physical, administrative and technical safeguards designed to protect Personal Information against a Security Breach. The Company and each Company Subsidiary periodically assesses risks to privacy and the confidentiality and security of Personal Information. Since January 1, 2020, (i) there have been no Security Breaches of any of the IT Systems of the Company, any of the Company Subsidiaries or any of their respective vendors that Process Personal Information on its/their behalf and (ii) there have been no material disruptions in the IT Systems of Company, any of the Company Subsidiaries or any of their respective vendors that adversely affected the Company’s or any of the Company Subsidiaries’ business or operations.
(c) The Company and each Company Subsidiary (i) has operated its respective business in material compliance with all Privacy Obligations in connection with the operation of the CGRP Business, and (ii) has implemented all confidentiality, security and other protective measures required in connection with (i) of this subsection (c), including, as required by applicable Law, by obtaining study subjects’ consent and/or authorization to use and disclose Personal Information for research.
(d) Since January 1, 2020, none of the Company, any of the Company Subsidiaries or any of their respective vendors that Process Personal Information on their behalf has experienced any Security Breach for which written notification was provided or required to be provided to any Person or Governmental Authority under any applicable Laws related to privacy, information security, data protection or the Processing of Personal Information.
(e) The Company and each Co...
Data Privacy and Information Security. (a) The Borrower and its Subsidiaries maintain appropriate data security policies, processes, and controls and an appropriate comprehensive privacy program, all of which meet or exceed any requirements of applicable Law in all material respects. Schedule 6.23(a) sets forth the terms of each such policy or written data security or privacy program (or a reasonable description thereof) that has been adopted by the Borrower or a Subsidiary at present time. None of the Borrower’s or any Subsidiary’s privacy statements or disclosures have been or are misleading or deceptive, and the contemplated transactions to be consummated hereunder as of the Closing will not violate any privacy statements, other consumer-facing disclosures or Laws. There is not currently pending and there has not been in the past five years any action, proceeding, suit or claim against the Borrower or its Subsidiaries with respect to privacy or data security, and, to the knowledge of the Borrower, neither the Borrower nor any Subsidiary nor any Products have experienced any security incident in which an unauthorized party accessed or acquired Personal Data or Confidential Business Information.
(b) The Borrower and its Subsidiaries have contractually obligated all Data Processors to commercially reasonable contractual terms relating to the protection and use of Personal Data and IT Assets, including without limitation obligations substantially similar to the following: (i) compliance with applicable Privacy Laws in all material respects, (ii) implementation of a commercially reasonable information security program that includes administrative, technical, and physical safeguards to protection the applicable data and/or systems, (iii) restricting processing of Personal Data to those authorized or required under the servicing, outsourcing, processing, or similar arrangement, and (iv) certifying or guaranteeing the return or adequate disposal or destruction of Personal Data. The Borrower and its Subsidiaries have taken commercially reasonable measures to ensure that all Data Processors have complied with their contractual obligations.
(c) The IT Assets are sufficient and operate and perform as is necessary to conduct the business of the Borrower and the Subsidiaries as currently conducted in all material respects and as currently proposed to be conducted by the Borrow and the Subsidiaries in all material respects. To the knowledge of the Borrower, neither the IT Assets nor any Products contain an...
Data Privacy and Information Security. (a) The members of the Remainco Group (to the extent related to the Spinco Business) and, to the Knowledge of Remainco, its Data Processors and other Persons with whom the Remainco Group (to the extent related to the Spinco Business) has shared Personal Data, in each case since the Lookback Date, (i) have complied with applicable Privacy Laws, Spinco Company Privacy Policies and other Contracts relating to the collection, use, protection, or processing of Spinco IT Systems or Spinco Company Data, (ii) have not suffered and are not currently suffering a Security Incident and (iii) have not been subject to any complaints, litigation or regulatory investigations or enforcement actions from any Person or Governmental Authority and have not received any notices or inquiries alleging noncompliance with any applicable Privacy Laws in each case, except in the case of each of clause (i) through (iii), as would not, individually or in the aggregate, reasonably be expected to be material to the Spinco Business or the Spinco Group, taken as a whole. To the Knowledge of Remainco, neither the execution, delivery or performance of any of the Transaction Documents, nor the consummation of the Contemplated Transactions, violate any Privacy Laws or Spinco Company Privacy Policies, except as, individually or in the aggregate, would not reasonably be expected to (A) be material to the Spinco Business or the Spinco Group, taken as a whole or (B) prevent or materially delay, materially interfere with or materially impair (1) the consummation by the members of the Remainco Group of the Contemplated Transactions or (2) the compliance by any member of the Remainco Group with the Transaction Documents. When any member of the Spinco Group uses a Data Processor to Process Personal Data, the relevant Data Processor has provided guarantees, warranties or covenants in relation to the Processing of Personal Data, confidentiality, and security measures, and has agreed to comply with those obligations in a manner sufficient for the relevant member of the Spinco Group’s material compliance with applicable Privacy Law. (b) The members of the Remainco Group (to the extent related to the Spinco Business) have established and maintain a Spinco Information Security Program, and since the Lookback Date there have been no material violations of the Spinco Information Security Program. The Spinco Information Security Program has been assessed and tested on a no less than annual basis; all critical ...
Data Privacy and Information Security. Contractor covenants and agrees that it will comply with the SPE Data Protection & Information Security Rider attached as Attachment 1 hereto (the “SPE DP & Info Sec Rider”), and incorporated herein.
Data Privacy and Information Security. 10.1 To the extent that Company provides to Consultant, or Consultant otherwise accesses Personal Data (as defined below) about Company’s employees, customers, or other individuals in connection with this Agreement, Consultant represents and warrants that: (i) Consultant will only use Personal Data for the purposes of fulfilling its obligations under the Agreement, and Consultant will not disclose or otherwise process such Personal Data except upon Company’s instructions in writing; (ii) Consultant will notify Company in writing and obtain Company’s consent before sharing any Personal Data with any government authorities or other third parties; and (iii) Consultant agrees to adhere to additional contractual terms and conditions related to Personal Data as Company may instruct in writing that Company deems necessary, in its sole discretion, to address applicable data protection, privacy, or information security laws or requirements.
10.2 In the event that (i) any Personal Data is disclosed by Consultant (including its agents or subcontractors), in violation of this Agreement or applicable laws pertaining to privacy or data security, or (ii) Consultant (including its agents or subcontractors) discovers, is notified of, or suspects that unauthorized access, acquisition, disclosure or use of Personal Data has occurred (“Privacy Incident”), Consultant shall notify Company immediately in writing of any such Privacy Incident. Consultant shall cooperate fully in the investigation of the Privacy Incident, indemnify Company for any and all damages, losses, fees or costs (whether direct, indirect, special or consequential) incurred as a result of such incident, and remedy any harm or potential harm caused by such incident. To the extent that a Privacy Incident gives rise to a need, in Company’s sole judgment, to provide (A) notification to public authorities, individuals, or other persons, or (B) undertake other remedial measures (including, without limitation, notice, credit monitoring services and the establishment of a call center to respond to inquiries (each of the foregoing a "Remedial Action")), at Company’s request, Consultant shall, at Consultant’s cost, undertake such Remedial Actions. The timing, content and manner of effectuating any notices shall be determined by Company in its sole discretion.
10.3 To the extent that Company provides to Consultant, or Consultant otherwise accesses Personal Data about Company’s employees, customers, or other individuals ...
Data Privacy and Information Security. (a) At all times since January 1, 2022, except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, the Company and each Company Subsidiary have complied with all applicable (i) Privacy Laws, (ii) public-facing policies, notices, and statements of the Company or the Company Subsidiaries, and (iii) Contracts binding upon the Company or any Company Subsidiary, in the case of each of clauses (i) through (iii), related to privacy, security, or the Processing of Personal Information (collectively, the “Company Privacy Requirements”).
(b) At all times since January 1, 2022, except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, the Company and each Company Subsidiary have implemented, maintained and complied with reasonably appropriate technical, physical, and organizational measures and safeguards designed to protect Personal Information (including against Security Incidents). At all times since January 1, 2022, except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, neither the Company nor the Company Subsidiaries nor, to the Knowledge of the Company, any Person Processing Personal Information on behalf of the Company in relation to such Processing of Personal Information has experienced a Security Incident that required notification to another Person under applicable Company Privacy Requirements.
(c) Since January 1, 2022, neither the Company nor the Company Subsidiaries nor, to the Knowledge of the Company, any Person Processing Personal Information on behalf of the Company in relation to such Processing of Personal Information has received written notice, inquiry, request, claim, complaint, correspondence or other communication from, or, to the Knowledge of the Company, been the subject of any investigation or enforcement action by, any Person alleging a material violation of applicable Company Privacy Requirements.
Data Privacy and Information Security. Undertaking by Xxxxxx. Without limiting Vendor's obligation of confidentiality as further described herein, Vendor shall be responsible for establishing and maintaining a data privacy and information security program, including physical, technical, administrative, and organizational safeguards, that is designed to: (a) ensure the security and confidentiality of the County Data; (b) protect against any anticipated threats or hazards to the security or integrity of the County Data; (c) protect against unauthorized disclosure, access to, or use of the County Data; (d) ensure the proper disposal of County Data; and, (e) ensure that all employees, agents, and subcontractors of Vendor, if any, comply with all of the foregoing. In no case shall the safeguards of Vendor's data privacy and information security program be less stringent than the safeguards used by County.
Data Privacy and Information Security. Vendor covenants and agrees that it will comply with the SPE Data Protection & Information Security Rider attached as Attachment 1 hereto (the “SPE DP & Info Sec Rider”), and incorporated herein.
Data Privacy and Information Security. Reserved
Data Privacy and Information Security. In any case where Supplier will access, handle or use any data that relates to or identifies any natural person (“personal data”) owned, controlled or processed by Accenture or by an Accenture client, Supplier will comply with “Schedule 1 Handling of Personal Information” and any additional agreement, schedule, addendum and provisions provided by Accenture (if any). Also, Supplier will comply with any information security requirements provided by Accenture separately.