Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. The Company is, and at all prior times was, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act. To ensure compliance with the Privacy Laws, the Company has in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data. “Personal Data” means (A) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (B) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (C) Protected Health Information as defined by HIPAA; (D) “personal information,” “personal health information” and “business contact information” as defined by PXXXXX; (E) “personal data” as defined by GDPR; and (F) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies it has not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice.

Data Privacy and Security Laws. The Company isand its subsidiaries are, and at all prior times waswere, in material compliance with all applicable state federal, state, local and federal foreign data privacy and security laws and regulations in the United Statesregulations, including, without limitation, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) ), 42 U.S.C. § 1320d et seq., as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), 42 U.S.C. § § 17921 et seq., Ca. Civil Code § 1798.81.5 (Security of Personal Information) and Ca. Civil Code § 56-56.37 (Medical Information Confidentiality), each as amended, and the regulations promulgated thereunder (collectively, the “Privacy Laws”). To ensure compliance with the Privacy LawsLaws and all contractual obligations of Company relating to Personal Data, the Company has and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures and all contractual obligations relating to data privacy and security and the collection, storage, use, disclosure, handling, transmitting, providing notification of breaches or misuse, and analysis of Personal DataData (the “Policies”). “Personal Data” means (Ai) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (Bii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, 15 U.S.C. §§ 41-58, as amended; (Ciii) Protected Health Information as defined by HIPAA; (D) “personal information,” “personal health information” and “business contact information” as defined by PXXXXX; (E) “personal data” as defined by GDPR; and (Fiv) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has and its subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Except as otherwise disclosed in the SEC Documents, the Company further certifies that neither it nor any subsidiary: (i) has not received written notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; (iii) is a party to any order or decree that imposes any obligation or liability under any Privacy Law; or (iv) has violated any contractual obligation relating to Personal Data or compliance with Privacy Laws in any material respect.