Common use of Data Privacy and Security Laws Clause in Contracts

Data Privacy and Security Laws. Except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since June 1, 2019 been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since June 1, 2019 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since June February 1, 2019 2020, been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Rights Act (the “CPA”), the Connecticut Data Privacy Act (“CDPA”), the Utah Consumer Privacy Act (the “UCPA”), and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”) as well as the Company and its subsidiaries’ respective internal policies and contractual obligations, in each case relating to the privacy and security of IT Assets and Confidential Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Confidential Data and the protection of such IT Assets and Confidential Data from unauthorized use, access, misappropriation or modification (collectively, with the Privacy Laws, the “Data Protection Requirements”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since June February 1, 2019 2020, made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Neither Except as described in the Registration Statement and the Prospectus, neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy LawsData Protection Requirement, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy LawData Protection Requirement; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy LawData Protection Requirement.

Data Privacy and Security Laws. Except as described in the Registration Statement, the Pricing Disclosure Package and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since June March 1, 2019 2017 been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since June March 1, 2019 2017 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy Law.

Data Privacy and Security Laws. Except as described in the Registration Statement and the Prospectus, and except where non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries are, and have since June August 1, 2019 2018 been, in compliance with all applicable state, federal, and foreign data privacy, security and consumer protection laws and regulations, including without limitation, to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), the California Consumer Privacy Act of 2018 (“CCPA”) and the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have since June August 1, 2019 2018 made all disclosures to users or customers required by Privacy Laws, and none of such disclosures have, to the knowledge of the Company, been inaccurate or in violation of Privacy Laws. Neither the Company nor any subsidiary: (i) has received written notice of any actual or potential liability, including, but not limited to security or data privacy breaches or other unauthorized or unlawful access to, use of, or destruction of its Confidential Data or Personal Data, under or relating to, or actual or potential violation of, any of the Privacy Laws, and to the Company’s knowledge, no such notices are threatened or pending; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement with any governmental, regulatory or supervisory authority or body that imposes any obligation or liability under any Privacy Law.