Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, to the Knowledge of the Company, the Company Entities are, and at all times prior hereto have been, in compliance with all applicable state, federal, and international data privacy, security, and consumer protection Laws regarding the collection, processing retention, use, and protection of Personal Data, including, without limitation, applicable requirements of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, “HIPAA”), the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company Entities have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, processing, storage, use, disclosure, handling, and analysis of Personal Data. No Person (including any Governmental Body) has made any claim or commenced any Proceeding relating to any Company Entity’s privacy or data security practices, including with respect to the access, disclosure or use of Personal Data maintained by or on behalf of any Company Entity, or, threatened in writing any such Proceeding or conducted any investigation or inquiry thereof. The respective businesses and operations of the Company Entities have not experienced any loss, damage, or unauthorized or unlawful access, disclosure, use, or breach of security of any Personal Data in any Company Entity’s possession, custody, or control, or otherwise held or processed on its behalf, except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Notwithstanding the foregoing, none of the Company Entities: (i) has received notice of any liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, processing or use of, or destruction of Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently paying a third party for, in whole or in part, any investigation, remediation, or other corrective action implemented by a third party pursuant to any Privacy Law; or (iii) is a party to any order or decree that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. Except as where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, to the Knowledge of the Company, the Company Entities and its subsidiaries are, and at all times prior hereto have since February 1, 2020 been, in compliance with all applicable state, federal, and international foreign data privacy, security, security and consumer protection Laws regarding the collectionlaws and regulations, processing retention, use, and protection of Personal Data, including, including without limitation, applicable requirements of to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, the “HIPAAHITECH Act”), the California Consumer Privacy Act, as amended by the Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CCPACPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) and all policies, and contractual obligations relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders). To facilitate compliance , processing and/or use of Confidential Data and, and to the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the Company Entities have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, processing, storage, use, disclosure, handling, and analysis of Personal Data“Data Protection Requirements”). No Person (including any Governmental Body) has made any claim or commenced any Proceeding relating to any Company Entity’s privacy or data security practices, including with respect to the access, disclosure or use of Personal Data maintained by or on behalf of any Company Entity, or, threatened in writing any such Proceeding or conducted any investigation or inquiry thereof. The respective businesses and operations of the Company Entities have not experienced any loss, damage, or unauthorized or unlawful access, disclosure, use, or breach of security of any Personal Data in any Company Entity’s possession, custody, or control, or otherwise held or processed on its behalf, except Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Notwithstanding , the foregoingCompany and its subsidiaries have since February 1, 2020 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Neither the Company Entitiesnor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, processing or use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy LawsData Protection Requirement, and has to the Company’s knowledge, no knowledge of any event such notices are threatened or condition that would reasonably be expected to result in any such noticepending; (ii) is currently conducting or paying a third party for, in whole or in part, any investigation, remediation, or other corrective action implemented by a third party pursuant to any Privacy LawData Protection Requirement; or (iii) is a party to any order order, decree, or decree agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy LawData Protection Requirement.

Data Privacy and Security Laws. Except as described in the Registration Statement, the Pricing Disclosure Package and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, to the Knowledge of the Company, the Company Entities and its subsidiaries are, and at all times prior hereto have since March 1, 2017 been, in compliance with all applicable state, federal, and international foreign data privacy, security, security and consumer protection Laws regarding the collectionlaws and regulations, processing retention, use, and protection of Personal Data, including, including without limitation, applicable requirements of to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, the “HIPAAHITECH Act”), the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2018 (“CCPA”), ) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company Entities have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, processing, storage, use, disclosure, handling, and analysis of Personal Data. No Person (including any Governmental Body) has made any claim or commenced any Proceeding relating to any Company Entity’s privacy or data security practices, including with respect to the access, disclosure or use of Personal Data maintained by or on behalf of any Company Entity, or, threatened in writing any such Proceeding or conducted any investigation or inquiry thereof. The respective businesses and operations of the Company Entities have not experienced any loss, damage, or unauthorized or unlawful access, disclosure, use, or breach of security of any Personal Data in any Company Entity’s possession, custody, or control, or otherwise held or processed on its behalf, except Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Notwithstanding , the foregoingCompany and its subsidiaries have since March 1, 2017 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Neither the Company Entitiesnor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, processing or use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has to the Company’s knowledge, no knowledge of any event such notices are threatened or condition that would reasonably be expected to result in any such noticepending; (ii) is currently conducting or paying a third party for, in whole or in part, any investigation, remediation, or other corrective action implemented by a third party pursuant to any Privacy Law; or (iii) is a party to any order order, decree, or decree agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, to the Knowledge of the Company, the Company Entities and its subsidiaries are, and at all times prior hereto have since February 1, 2020, been, in compliance with all applicable state, federal, and international foreign data privacy, security, security and consumer protection Laws regarding the collectionlaws and regulations, processing retention, use, and protection of Personal Data, including, including without limitation, applicable requirements of to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, the “HIPAAHITECH Act”), the California Consumer Privacy Act, as amended by the Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CCPACPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies and contractual obligations, in each case relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders). To facilitate compliance , processing and/or use of Confidential Data and the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the Company Entities have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, processing, storage, use, disclosure, handling, and analysis of Personal Data“Data Protection Requirements”). No Person (including any Governmental Body) has made any claim or commenced any Proceeding relating to any Company Entity’s privacy or data security practices, including with respect to the access, disclosure or use of Personal Data maintained by or on behalf of any Company Entity, or, threatened in writing any such Proceeding or conducted any investigation or inquiry thereof. The respective businesses and operations of the Company Entities have not experienced any loss, damage, or unauthorized or unlawful access, disclosure, use, or breach of security of any Personal Data in any Company Entity’s possession, custody, or control, or otherwise held or processed on its behalf, except Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Notwithstanding , the foregoingCompany and its subsidiaries have since February 1, 2020, made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Except as described in the Registration Statement and the Prospectus, neither the Company Entitiesnor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, processing or use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy LawsData Protection Requirement, and has to the Company’s knowledge, no knowledge of any event such notices are threatened or condition that would reasonably be expected to result in any such noticepending; (ii) is currently conducting or paying a third party for, in whole or in part, any investigation, remediation, or other corrective action implemented by a third party pursuant to any Privacy LawData Protection Requirement; or (iii) is a party to any order order, decree, or decree agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy LawData Protection Requirement.

Data Privacy and Security Laws. Except as where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, to the Knowledge of the Company, the Company Entities and its subsidiaries are, and at all times prior hereto have since June 1, 2019 been, in compliance with all applicable state, federal, and international foreign data privacy, security, security and consumer protection Laws regarding the collectionlaws and regulations, processing retention, use, and protection of Personal Data, including, including without limitation, applicable requirements of to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, the “HIPAAHITECH Act”), the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2018 (“CCPA”), ) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To facilitate compliance with the Privacy Laws, the Company Entities have in place and take commercially reasonable steps to comply in all material respects with their policies and procedures relating to data privacy and security and the collection, processing, storage, use, disclosure, handling, and analysis of Personal Data. No Person (including any Governmental Body) has made any claim or commenced any Proceeding relating to any Company Entity’s privacy or data security practices, including with respect to the access, disclosure or use of Personal Data maintained by or on behalf of any Company Entity, or, threatened in writing any such Proceeding or conducted any investigation or inquiry thereof. The respective businesses and operations of the Company Entities have not experienced any loss, damage, or unauthorized or unlawful access, disclosure, use, or breach of security of any Personal Data in any Company Entity’s possession, custody, or control, or otherwise held or processed on its behalf, except Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Notwithstanding , the foregoingCompany and its subsidiaries have since June 1, 2019 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Neither the Company Entitiesnor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, processing or use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and has to the Company’s knowledge, no knowledge of any event such notices are threatened or condition that would reasonably be expected to result in any such noticepending; (ii) is currently conducting or paying a third party for, in whole or in part, any investigation, remediation, or other corrective action implemented by a third party pursuant to any Privacy Law; or (iii) is a party to any order order, decree, or decree agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy Law.