Common use of Data Privacy and Security Clause in Contracts

Data Privacy and Security. (a) The Company and its Subsidiaries have at all times for the past two (2) years complied in all material respects with, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) years, any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy Requirements.

Appears in 2 contracts

Samples: Business Combination Agreement (Strathspey Crown Holdings Group, LLC), Business Combination Agreement (Priveterra Acquisition Corp.)

AutoNDA by SimpleDocs

Data Privacy and Security. 104 (a) The Company and its Subsidiaries have at all times for the past two (2) years complied in all material respects with, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) years, any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company Holdings and its Subsidiaries have implemented commercially reasonable procedures, including implementing firewall protections and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data backup, disaster avoidance, recovery security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and business continuity procedures, databases used by Holdings and have satisfied the requirements of applicable Privacy Laws its Subsidiaries are sufficient in all material respectsrespects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, designed unauthorized intrusions or breaches of security with respect to detect data security incidents any information technology systems and databases used by Holdings and its Subsidiaries. (b) Each of Holdings and its Subsidiaries (i) is, and has at all times been, in compliance in all material respects with all applicable requirements of law and Contractual Obligations regarding the collection, protection, storage, use, processing, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect Personal Data against loss and against Information in their possession or control from unauthorized access, use, modification, disclosure or access by other misusePersons. (fc) The consummation There have not been, to the knowledge of the Credit Parties, any material unauthorized intrusions or breaches of the security of any of the transactions contemplated hereby information technology systems and databases, any material unauthorized access or pursuant to use of any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security Personal Information or other data security incidentsinformation stored or contained therein or accessed or processed thereby, or any violations material compromise of any Privacy Requirementsthe confidentiality, that have been asserted against integrity, or availability of Personal Information or the Company physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries andthat relate to the protection of Personal Information. No Person has, to the Company’s knowledgeknowledge of the Credit Parties, neither made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is in the Company possession or control of Holdings or any of its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise. (d) Neither Holdings nor any of its Subsidiaries has received any, and there has not been any information relating towritten complaint delivered to any regulatory or other governmental body or official, foreign or domestic, or notice of any Proceedings with respect toaudit, any alleged violations by the Company proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any Privacy Requirementsof its Subsidiaries that could reasonably be expected to result in a Material Adverse Effect.

Appears in 2 contracts

Samples: Credit and Guaranty Agreement (ONE Group Hospitality, Inc.), Credit and Guaranty Agreement (ONE Group Hospitality, Inc.)

Data Privacy and Security. (a) The Company and each of its Subsidiaries have at all times for is, and during the past two three (23) years complied in all material respects withimmediately prior to the date hereof has been, and are currently in compliance in all material respects with, with (i) all applicable Information Privacy and Security Laws, Privacy (ii) all Contracts or terms of use to which it is a party or otherwise apply to the Company or a Subsidiary relating to data privacy, data use, data protection and data security, including with respect to the collection, storage, transmission, transfer (including cross-border transfers), disclosure, destruction, amendment and use of, and individual access to, Personal Information, and (iii) the Payment Card Industry Data Security Policies Standard (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”PCI-DSS). The Each of the Company and its Subsidiaries have has adopted and published privacy notices and policies to any website, mobile application or other electronic platform and complied with those notices and policies. Each of the Company and its Subsidiaries has all necessary authority, consents and authorizations to receive, access, use and disclose the Personal Information in each of the Company’s or any Subsidiary’s possession or under its control in connection with the operation of the Business. Each of the Company and its Subsidiaries has implemented adequate written policies relating and maintains reasonable administrative, technical and physical safeguards to ensure that Personal Information is protected against loss, damage and unauthorized access, use, modification, or other misuse. During the three (3) years immediately prior to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is date hereof, there has been no pendingloss, nor has there been for the past two (2) yearsdamage or unauthorized access, any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Personuse, (ii)the United States Federal Trade Commissiondisclosure, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domesticmodification, or (iv) any regulatory or self-regulatory entity, alleging that any violation other misuse of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data Information maintained by or on behalf of the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in , including any loss, damage or unauthorized access, use or disclosure of Personal Data in the possession or control of for which the Company or any of its Subsidiaries is required under applicable Laws to notify a Person. No Person (including any Governmental Authority) has provided any notice, made any Claim or, to the Company’s knowledge, commenced any of its contractors with regard to any Personal Data obtained from investigation, litigation or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents proceeding with respect to the Company IT Systems. (d) The Company and its Subsidiaries own loss, damage or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, disclosure, modification, disclosure or other misuse. (f) The consummation misuse of any Personal Information maintained by or on behalf of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, to the Company’s knowledge, neither there is no reasonable basis for any such notice, Claim or investigation, litigation or proceeding. The (A) collection, storage, processing, transfer, sharing and destruction of Personal Information in connection with the transactions contemplated by this Agreement and (B) execution, delivery and performance of this Agreement and the other agreements and instruments contemplated hereby and the consummation of the transactions contemplated hereby and thereby complies with the Company’s applicable privacy notices and policies and with all applicable Information Privacy and Security Laws. The Company nor any or one of its Subsidiaries Subsidiaries, as applicable, has received any information relating at all times made all disclosures to, and obtained any necessary consents and authorizations from, users, customers, employees, contractors and other applicable Persons required by applicable Information Privacy and Security Laws and has filed any required registrations with the applicable data protection authority, including any consents or notice of any Proceedings with respect to, any alleged violations by authorizations necessary to operate the Company or any of its Subsidiaries of any Privacy RequirementsBusiness.

Appears in 1 contract

Samples: Stock Purchase Agreement (Advisory Board Co)

Data Privacy and Security. (a) The Company and its Subsidiaries have has at all times for the past two (2) years since January 1, 2019 complied in all material respects with, and are currently in compliance in all material respects with, with all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) ), and contractual commitments relating to concerning the Processing of Personal Payment Card Industry Data Security Standards (if any) (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) yearssince January 1, 2019 any Proceeding material Proceedings against the Company or any of its Subsidiaries initiated by (i) any Person, ; (ii)the ii) the United States Federal Trade Commission, any state attorney general or similar state official, ; (iii) any other Governmental Entity, foreign or domestic, ; or (iv) any regulatory or self-regulatory entity, entity alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or is in violation of any of its SubsidiariesPrivacy Requirements. (c) There Since January 1, 2019, there has been no material breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its SubsidiariesCompany, or any material unauthorized intrusions, intrusions or breaches of security or other data security incidents with respect to into the Company IT Systemssystems. (d) The Company and its Subsidiaries own owns or have has license to use the Company IT Systems as necessary to operate the Business as currently conducted and business of the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and Requirements consistent with standards prudent in the industry in which the Company operates, designed operates to protect (i) the integrity, security and operations of the Company’s information technology systems, and (ii) the confidential data owned by the Company IT Systemsor provided by the Company’s customers, and Personal Data against data security incidents or other misuse. The Company and its Subsidiaries have has implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied satisfying the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) In connection with each third-party service provider whose services are material to the Company and involve the Processing of Personal Data on behalf of the Company, the Company has in accordance with Privacy Laws, since January 1, 2018, entered into valid data processing agreements with any such third party in accordance with applicable Privacy Laws. (g) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document hereby, will not violate any applicable Privacy Requirements. (gh) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, incidents or any violations of any Privacy Requirements, Requirements that have been asserted in writing against the Company or any of its Subsidiaries Company, and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has not received any information written correspondence relating to, or written notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any of, Privacy Requirements. (i) The Company has not transferred any Personal Data from the European Union or United Kingdom to a jurisdiction outside the European Economic Area or United Kingdom, other than in accordance with Articles 45 and 46(2) of the GDPR.

Appears in 1 contract

Samples: Business Combination Agreement (Alpha Healthcare Acquisition Corp Iii)

Data Privacy and Security. (a) The Company and its Subsidiaries have at all times for Sellers (i) in the past two last three (23) years complied have been and are in material compliance with all material respects withData Protection Requirements; (ii) have developed and implemented public privacy notices and internal data security or privacy policies and procedures (copies of which have been made available to Purchaser); (iii) have maintained commercially reasonable and necessary administrative, physical, and are currently in compliance in all material respects withtechnical safeguards designed to protect the confidentiality, all applicable Privacy Lawsintegrity, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing availability of Personal Data (collectivelyInformation in their possession or control, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to prevent the extent required by applicable Law loss and unauthorized use, access, alteration, destruction or disclosure of such Personal Information; and (“Privacy iv) trained their employees to follow these policies and Data Security Policies”)procedures. (b) There is no pendingNo Seller has been subject to or received notice of any Action, nor has there been for the past two (2) years, any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domesticOrder, or (iv) any regulatory written complaint regarding the unauthorized or self-regulatory entityunlawful protection, alleging that any collection, access, use, storage, disposal, disclosure, or transfer of Personal Information or the violation of any Privacy Requirement by the Company Data Protection Requirements, nor, to Sellers’ Knowledge, is any Action or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or any of its SubsidiariesOrder threatened against a Seller. (c) There has The Sellers have not suffered, discovered, or been no notified of any unauthorized acquisition, use, disclosure, access to, or breach of any Personal Information that (i) constitutes a breach or a data security resulting in unauthorized access, use incident under any Data Protection Requirements; or disclosure of Personal Data (ii) materially compromises (individually or in the possession or control of aggregate) the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systemsprivacy of such Personal Information. (d) The Company and its Subsidiaries own No Seller has reported a breach or have license compromise of Personal Information to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being usedPerson, either automatically, with the passage of time voluntarily or upon command by any unauthorized personbased on Data Protection Requirements. (e) The Company No Seller has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed filed a claim for coverage relating to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect any data security incidents and to protect Personal Data against loss and against unauthorized accessor privacy matter covered under an insurance policy issued to, useor on behalf of, modification, disclosure or other misuse.a Seller. 33 (f) Each Seller has performed an annual security risk assessment. Each Seller has addressed and remediated all critical and high risk threats and deficiencies identified in such security risk assessments. (g) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will does not violate any applicable Privacy Data Protection Requirements. (g) There . Immediately following the Closing, the surviving entity will own and continue to have not been any Proceedings related the right to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against use all Personal Information on materially identical terms and conditions as the Company or any of its Subsidiaries and, Sellers enjoyed immediately prior to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy RequirementsClosing Date.

Appears in 1 contract

Samples: Asset Purchase Agreement (Ideanomics, Inc.)

Data Privacy and Security. Except as would not reasonably be expected to have, individually or in the aggregate, an FSI Material Adverse Effect: (a) The Company and its Subsidiaries have at all times for the past two (2) years complied in all material respects with, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company FSI and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“FSI Privacy and Data Security Policies”). Each of FSI and its Subsidiaries has at all times complied in all material respects with all applicable Privacy Laws, the FSI Privacy and Data Security Policies and contractual obligations entered into by FSI or its Subsidiaries relating to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure, or transfer of Personal Data (collectively, the “FSI Privacy Requirements”). (b) There is no pendingAs of the date hereof, FSI has not received notice of any pending Legal Proceedings, nor has there been for the past two (2) years, any Proceeding material Legal Proceedings against the Company FSI or any of its Subsidiaries initiated by (i) any Person, ; (ii)the ii) the United States Federal Trade Commission, any state attorney general or similar state official, ; or (iii) any other Governmental EntityAuthority, foreign or domestic, or (iv) any regulatory or self-regulatory entityin each case, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company FSI or its Subsidiaries is in violation of any of its SubsidiariesFSI Privacy Requirements. (c) There Since the incorporation of FSI, (i) there has been no breach of security resulting in material unauthorized access, use or disclosure Processing of Personal Data in the possession or control of the Company FSI or its Subsidiaries and/or any of the service providers of FSI or its Subsidiaries orand (ii) to FSI’s Knowledge, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from there have been no unauthorized intrusions or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security into any FSI IT Systems under the control of FSI or other data security incidents with respect to the Company IT Systemsits Subsidiaries. (d) The Company FSI and its Subsidiaries own or have license a binding Contract in place to use the Company FSI IT Systems as necessary to operate the Business business of FSI as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized personall material respects. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations Each of the Company IT Systems. The Company FSI and its Subsidiaries have implemented commercially reasonable procedureshas established data safeguards against the destruction, including implementing data backuploss, disaster avoidancedamage, recovery corruption, alteration, loss of integrity, commingling or unauthorized access, acquisition, use, disclosure or other Processing of Personal Data that are consistent with industry standards and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents Law. Each of FSI and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, maintains backups of all data used to conduct the Company’s knowledge, neither the Company nor any business of FSI and its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy Requirementsat a reasonable frequency.

Appears in 1 contract

Samples: Merger Agreement (Flexible Solutions International Inc)

Data Privacy and Security. (a) The Company and its Subsidiaries have at all times for the past two (2) years complied in all material respects with, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) years, any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy Requirements.

Appears in 1 contract

Samples: Business Combination Agreement (Redwoods Acquisition Corp.)

Data Privacy and Security. (ai) The Company Since the Date of Inception, the Processing of any Personal Data by any Seller and its Subsidiaries have at all times for the past two (2) years complied in all material respects withhas not materially violated, and are currently in compliance in all material respects withdoes not materially violate, all any applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing Requirements. There is no Action pending, asserted in writing or threatened in writing against any Seller or any of Personal Data (collectively, the “Privacy Requirements”). The Company and its their Subsidiaries have implemented adequate written policies relating to the Processing alleging a violation of Personal Data as and to the extent required by applicable Law (“any Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) years, any Proceeding against the Company Requirement or any Person’s right of privacy or publicity, and, to the Knowledge of the Sellers, no valid basis exists for any such Action. Neither the Sellers nor its Subsidiaries initiated by have (i) received any Personwritten communications from or (ii) to the Knowledge of the Sellers, (ii)the United States Federal Trade Commission, been the subject of any state attorney general investigation by a data protection authority or similar state official, (iii) any other Governmental Entity, foreign in each of clause (i) and (ii), regarding data security or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data Data. The execution and performance of this Agreement by the Sellers will not materially breach or otherwise cause any material violation on behalf of the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software part of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company Seller or any of its Subsidiaries of any applicable Privacy and Data Security Requirements. (ii) To the extent required by the Privacy and Data Security Requirements, each of the Sellers and their Subsidiaries have contractually obligated all data processors that Process Personal Data for or on behalf of the Sellers or any of their Subsidiaries to contractual terms relating to the protection and use of IT Assets, or Personal Data or confidential information thereon, that obligate such data processors to comply with all applicable Privacy and Data Security Requirements and to take reasonable steps to protect and secure Personal Data or confidential information from loss, theft, misuse or unauthorized use, access, modification or disclosure. To the Knowledge of the Sellers, there have not been any material violations of such contractual obligations. (iii) To the Knowledge of the Sellers, no Person has gained unauthorized access to, engaged in unauthorized Processing, disclosure or use, or accidentally or unlawfully destroyed, lost or altered (i) any Personal Data or confidential information related to the business of the Sellers or their Subsidiaries or (ii) any IT Assets that Process Personal Data related to the business of the Sellers or their Subsidiaries, its respective Personal Data processors, customers, subcontractors or vendors, or any other Persons on its behalf. Neither the Sellers nor their Subsidiaries has notified or, as of date of this Agreement, plans to notify, either voluntarily or as required by applicable Privacy and Data Security Requirements, any affected individual, any third party, any Governmental Entity or the media of any breach or non-permitted use or disclosure of Personal Data of the Sellers or their Subsidiaries.

Appears in 1 contract

Samples: Asset Purchase Agreement (Silvergate Capital Corp)

Data Privacy and Security. (a) Section 3.27(a) of the Company Disclosure Schedule contains a description of the types of Personal Data currently Processed by or for the Company and each Subsidiary, and the countries in which the Company has (i) operations or (ii) customers. The Company and its the Subsidiaries have at all times for the past two three (23) years complied in all material respects withwith all applicable Information Privacy and Security Laws, all of the Company Privacy Policies, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and their contractual commitments relating obligations to the any Person regarding privacy or data security with respect to their Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”)Data. (b) There is no pendingThe Company and the Subsidiaries have not received any written or, nor has there been for to the past two (2) yearsCompany’s Knowledge, other notice of any Proceeding against claims, audits, investigations by regulatory authorities or any data protection authorities, or written or, to the Company’s Knowledge, other allegations of violations of Information Privacy and Security Laws by the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general Subsidiary or similar state official, (iii) any other Governmental Entity, foreign or domesticwith respect to Personal Data Processed by, or (iv) under the control of, the Company or any regulatory Subsidiary. The Company and the Subsidiaries and, to the Knowledge of the Company, their respective customers have not received any written or, to the Company’s Knowledge, other complaints or self-regulatory entity, claims from any Person alleging that any violation of any applicable Information Privacy Requirement and Security Laws by the Company or its Subsidiaries with respect to any Subsidiary in their Processing of Personal Data. (c) Where the Company or a Subsidiary uses a data processor to Process Personal Data by or on behalf of the Company or any of such Subsidiary, and where, individually or in the aggregate, such use would reasonably be expected to be material to the Company and its Subsidiaries. , taken as a whole, such data processor is subject to obligations under one or more Contracts with the Company or such Subsidiary to (ci) There has been no breach of security resulting comply in all material respects with applicable Laws; and (ii) use reasonable measures to protect and secure Personal Data within such Data Processor’s control from unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries oruse, to the Company’s knowledgedisclosure, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or and other data security incidents with respect to the Company IT SystemsProcessing. (d) The Company and its Subsidiaries own maintain and are in material compliance with a written information security program in compliance in all material respects with all applicable Information Privacy and Security Laws that: (i) includes reasonable and appropriate administrative, technical and physical safeguards designed to safeguard the security, confidentiality, and integrity of Company Data; (ii) designed to protect against unauthorized access to the Internal Systems and Company Data (including on the systems of third parties with access to such Internal Systems or have license Company Data); and (iii) provides for the back-up and recovery of the material Company Data Processed using Internal Systems without material disruption or interruption to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To of the Company’s knowledge, none of and the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT SystemsSubsidiaries’ respective businesses. The Company and its Subsidiaries have implemented commercially reasonable procedureseach Subsidiary has, including implementing data backupat all times in the past three (3) years, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws complied in all material respectsrespects with such information security program. During the past three (3) years, designed (i) to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any the Knowledge of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusionsCompany, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against neither the Company nor the Subsidiaries, nor any third party acting on their behalf, has suffered or any of its Subsidiaries andincurred a material Data Security Incident, to the Company’s knowledge, and (ii) neither the Company nor any of its the Subsidiaries has received notified any information relating to, or notice Person of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy RequirementsData Security Incident.

Appears in 1 contract

Samples: Merger Agreement (Progress Software Corp /Ma)

Data Privacy and Security. (a) The Each Group Company and its Subsidiaries have at all times for the past two (2) years complied in all material respects with, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). Each Group Company has at all times complied in all material respects with all applicable Privacy Laws, the Privacy and Data Security Policies and contractual obligations entered into by a Group Company relating to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure, or transfer of Personal Data (collectively, the “Privacy Requirements”). (b) There is no pendingAs of the date hereof, the Company has not received notice of any pending Proceedings, nor has there been for the past two (2) years, any Proceeding material Proceedings against the any Group Company or any of its Subsidiaries initiated by (i) any Person, ; (ii)the ii) the United States Federal Trade Commission, any state attorney general or similar state official, ; or (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entityin each case, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the a Group Company or is in violation of any of its SubsidiariesPrivacy Requirements. (c) There Since the incorporation of the Company, except as set forth on Section 3.20(c) of the Company Disclosure Schedules, (i) there has been no breach of security resulting in material unauthorized access, use or disclosure Processing of Personal Data in the possession or control of the any Group Company or and/or any of its Subsidiaries or, the service providers of any Group Company and (ii) to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from there have been no unauthorized intrusions or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the into any Company IT SystemsSystems under the control of any Group Company. (d) The Each Group Company and its Subsidiaries own owns or have license has a binding Contract in place to use the Company IT Systems as necessary to operate the Business business of each Group Company as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized personall material respects. (e) The Each Group Company has taken commercially reasonable organizationalestablished data safeguards against the destruction, physicalloss, administrative and technical measures required by Privacy Requirementsdamage, and corruption, alteration, loss of integrity, commingling or unauthorized access, acquisition, use, disclosure or other Processing of Personal Data that are consistent with industry standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in Law. Each Group Company maintains backups of all material respects, designed data used to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuseconduct the business of such Group Company at a reasonable frequency. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy Requirements.

Appears in 1 contract

Samples: Business Combination Agreement (Amplitude Healthcare Acquisition Corp)

AutoNDA by SimpleDocs

Data Privacy and Security. (a) The Company and its Subsidiaries have at all times for the past two (2) four years complied in all material respects withwith all applicable Information Privacy and Security Laws, all of the Company Privacy Policies, and are currently all their obligations set forth in compliance in all material respects witha Contract to any Person regarding data privacy data security, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to or the Processing of Personal Data. (b) The Company uses commercially reasonable effort to require third parties that Process Personal Data on behalf of the Company or its Subsidiaries to (collectivelyi) comply with applicable Information Privacy and Security Laws; and (ii) take reasonable steps to protect and secure Personal Data from unauthorized access, the “Privacy Requirements”). use, disclosure or Processing. (c) The Company and its Subsidiaries have implemented adequate written policies relating to the Processing not received any notice of Personal Data as and to the extent required any claims, audits, investigations (including investigations by applicable Law (“regulatory authorities or any data protection authorities), or allegations of violations of Information Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) years, any Proceeding against Laws by the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general Subsidiary or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by Processed by, or on behalf of under the control of, the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access. The Company, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, and their respective customers have not received any complaints or claims from any Person with respect to the Company’s knowledge, any Processing of its contractors with regard to any Personal Data obtained from or on behalf of by the Company or and any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and each of its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted has established and the Company IT Systems operate and perform is in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws compliance in all material respectsrespects with a written information security program that complies with all applicable Information Privacy and Security Laws that: (i) includes reasonable and appropriate administrative, technical and physical safeguards designed to detect data security incidents safeguard the security, confidentiality, and to protect integrity of Personal Data against loss and Data; (ii) protects against unauthorized accessaccess to Personal Data. For the past four years, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against neither the Company nor its Subsidiaries, nor any third party acting on their behalf by Processing Personal Data, has suffered or any of its Subsidiaries and, to incurred a material Data Security Incident. For the Company’s knowledgepast four years, neither the Company nor any of its Subsidiaries has received any information relating tonotified, or notice been required to notify under any applicable Information Privacy or Security Laws, any Person of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy RequirementsData Security Incident.

Appears in 1 contract

Samples: Stock Purchase Agreement (Progress Software Corp /Ma)

Data Privacy and Security. (a) Each of the Company and its Subsidiaries is compliant in all material respects, and in the past three (3) years has complied in all material respects with, all (i) Data Protection Laws applicable to the business of the Company and its Subsidiaries, (ii) the Company Privacy and Data Security Policies, and (iii) all contracts to which the Company is a party or otherwise bound as of the date hereof concerning the privacy, security or Processing of Personal Data. (b) Each of the Company and its Subsidiaries maintains and implements, and has in the last three years implemented and maintained, commercially reasonable technical and organizational security measures, plans, procedures, controls, and programs, including a written information security program to (i) identify and address internal and external risks to the privacy and security of Personal Data in its possession or control; (ii) implement, monitor, and improve adequate and effective administrative, technical, and physical safeguards to protect such Personal Data and the operation, integrity, and security of Company IT Systems involved in the Processing of Personal Data; and (iii) provide notification in compliance in all material respects with applicable Data Protection Laws or Company Privacy and Data Security Policies in the case of any Security Incident. The Company has a written contract in place with all vendors, processors, or other third parties that Process any Personal Data for or on behalf of the Company or its Subsidiaries, and such contract complies with the requirements of applicable Data Security Laws, in all material respects. (c) The Company and its Subsidiaries have at all times for not transferred or permitted the past two transfer of Personal Data originating in the European Economic Area (2“EEA”) years or United Kingdom (“UK”) outside the EEA or UK, except where such transfers have materially complied in all material respects withwith the requirements of the applicable Data Protection Laws. (d) To the Company’s Knowledge, the execution, delivery, and are currently performance of this Agreement and the consummation of the transactions contemplated hereby do not and will not result in compliance in all a material respects with, all applicable Privacy Laws, violation or breach of any Data Protection Laws or Company Privacy and Data Security Policies (as defined belowcurrently existing or as existing at any time during which any Personal Data was collected or Processed by or for the Company or any of its Subsidiaries). (e) Since January 1, 2019, the Company and contractual commitments relating its Subsidiaries have not experienced any material data or security breach leading to the Processing unlawful use, loss, denial or loss of use, alteration, destruction, compromise, unauthorized access or disclosure (a “Security Incident”) of Personal Data (collectivelytransmitted, stored or otherwise Processed by or on behalf of the “Privacy Requirements”)Company. The Company has not notified and, to the Company’s Knowledge, since January 1, 2020 there have been no facts or circumstances that would require the Company to notify individuals, other affected parties, law enforcement, or any Governmental Entity of any Security Incident. The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is no pendingnot received any notices, nor has there been for the past two (2) yearscorrespondence, subpoenas, demands or other communication in writing from any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that material written complaint from any other Person in connection with any alleged violation of any Privacy Requirement by Data Protection Law, and, to the Company Company’s Knowledge, there has not been any audit, investigation or its Subsidiaries with respect to enforcement action (including any Processing fines or other sanctions), in each case relating to, any actual, alleged, or suspected Security Incident or violation of Personal any Data by or on behalf of Protection Laws involving the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy Requirements.

Appears in 1 contract

Samples: Merger Agreement (Houghton Mifflin Harcourt Co)

Data Privacy and Security. (a) The Company and its Subsidiaries have at all times for the past two (2) years complied in all material respects with, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). The Company has at all times complied in all material respects with all applicable Privacy Laws, the Privacy and Data Security Policies and contractual obligations entered into by the Company relating to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure, or transfer of Personal Data (collectively, the “Privacy Requirements”). The Company owns or has a binding Contract in place to use the Company IT Systems as necessary to operate the business of the Company as currently conducted in all material respects. The Company has established data safeguards against the destruction, loss, damage, corruption, alteration, loss of integrity, commingling or unauthorized access, acquisition, use, disclosure or other Processing of Personal Data that are consistent with industry standards and the requirements of applicable Law. The Company maintains backups of all data used to conduct the business of the Company at a reasonable frequency. (b) There is no pendingThe Company has not received written notice of any pending Proceedings, nor to the knowledge of the Company has there been for the past two (2) years, any Proceeding Proceedings against the Company or any of its Subsidiaries initiated by (i) any Person, ; (ii)the ii) the United States Federal Trade Commission, any state attorney general or similar state official, ; or (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entityin each case, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or is in violation of any of its SubsidiariesPrivacy Requirements. (c) There To the knowledge of the Company, during the past seven (7) years, (i) there has been no breach of security resulting in unauthorized access, use or disclosure Processing of Personal Data in the possession or control of the Company or and/or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf service providers of the Company and (ii) there have been no unauthorized intrusions or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and its Subsidiaries own or have license to use the into any Company IT Systems as necessary to operate under the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To control of the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, or any violations of any Privacy Requirements, that have been asserted against the Company or any of its Subsidiaries and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy Requirements.

Appears in 1 contract

Samples: Merger Agreement (Big Cypress Acquisition Corp.)

Data Privacy and Security. (a) The Except as is not and would not, individually or in the aggregate, reasonably be expected to be material to the Business, taken as a whole, the Transferred Company and its Subsidiaries have at all times for the past two (2) years complied Selling Entities, in all material respects withconnection with the Business, and are currently in compliance in all material respects with, with (i) all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments Laws relating to the privacy, security, collection, safeguarding, storage, transfer, use, disclosure, processing, erasure, or destruction (collectively, “Processing”) of Personal Information (“Privacy Laws”) and (ii) all contractual requirements by which the Transferred Company and the Selling Entities, in connection with the Business, are bound that are applicable to Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”)Information. (b) There is no pending, nor has there been for the past two (2) years, any Proceeding against the The Transferred Company or any of its Subsidiaries initiated by and Selling Entities maintain commercially reasonable measures to (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by protect the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data Information in the possession or control of the Transferred Company or any Selling Entity in connection with the Business from unauthorized use, access or modification and (ii) maintain the integrity and security of its Subsidiaries orthe IT Systems and all information stored or contained therein or transmitted thereby, against unauthorized use, access, interruption, modification, or corruption, or the occurrence of an Information Security Incident. The Processing of Personal Information and maintenance of IT Systems by the Transferred Company and the Selling Entities in connection with the Business are done in a manner consistent in all material respects with the Transferred Company’s and Selling Entities’ applicable policies. (c) Except as is not and would not, individually or in the aggregate, reasonably be expected to be material to the Company’s knowledgeBusiness, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiariestaken as a whole, or any unauthorized intrusions, breaches of security or other data security incidents with respect no Information Security Incident relating to the Business or the Transferred Company IT Systemshas occurred since January 1, 2021 or is continuing. (d) The Neither the Transferred Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate nor any part of the Business as that owns the Transferred Assets has been, and is not currently conducted and under, investigation (or similar proceeding) by any Governmental Entity in respect of a violation of Privacy Laws that is or would, individually or in the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledgeaggregate, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof reasonably be expected to be erasedmaterial to the Business, inoperable taken as a whole. There are no claims pending against the Transferred Company or otherwise incapable of being used, either automatically, with the passage of time or upon command any Selling Entity by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings Governmental Entity related to any unauthorized intrusions, breaches the Processing of security or other data security incidentsPersonal Information, or any related alleged, suspected, or actual violations of any Privacy RequirementsLaws, that have been asserted against except as would not, individually or in the Company or any of its Subsidiaries andaggregate, reasonably be expected to be material to the Company’s knowledge, neither the Company nor any of its Subsidiaries has received any information relating to, or notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any Privacy RequirementsBusiness.

Appears in 1 contract

Samples: Equity and Asset Purchase Agreement (Martin Marietta Materials Inc)

Data Privacy and Security. (a) The Company and its Subsidiaries have at all times for the past two (2) years complied in all material respects with, and are currently in compliance in all material respects with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) years, any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or any of its Subsidiaries. (c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems. (d) The Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company Holdings and its Subsidiaries have implemented commercially reasonable procedures, including implementing firewall protections and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data backup, disaster avoidance, recovery security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and business continuity procedures, databases used by Holdings and have satisfied the requirements of applicable Privacy Laws its Subsidiaries are sufficient in all material respectsrespects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, designed unauthorized intrusions or breaches of security with respect to detect data security incidents any information technology systems and databases used by Holdings and its Subsidiaries. (b) Each of Holdings and its Subsidiaries (i) is, and has at all times been, in compliance in all material respects with all applicable requirements of law and Contractual Obligations regarding the collection, protection, storage, use, processing, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect Personal Data against loss and against Information in their possession or control from unauthorized access, use, modification, disclosure or access by other misusePersons. (fc) The consummation There have not been, to the knowledge of the Credit Parties, any material unauthorized intrusions or breaches of the security of any of the transactions contemplated hereby information technology systems and databases, any material unauthorized access or pursuant to use of any Ancillary Document will not violate any applicable Privacy Requirements. (g) There have not been any Proceedings related to any unauthorized intrusions, breaches of security Personal Information or other data security incidentsinformation stored or contained therein or accessed or processed thereby, or any violations material compromise of any Privacy Requirementsthe confidentiality, that have been asserted against integrity, or availability of Personal Information or the Company physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries andthat relate to the protection of Personal Information. No Person has, to the Company’s knowledgeknowledge of the Credit Parties, neither made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is in the Company possession or control of Holdings or any of its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise. (d) Neither Holdings nor any of its Subsidiaries has received any, and there has not been any information relating towritten complaint delivered to any regulatory or other governmental body or official, foreign or domestic, or notice of any Proceedings with respect toaudit, any alleged violations by the Company proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any Privacy Requirementsof its Subsidiaries that could reasonably be expected to result in a Material Adverse Effect.

Appears in 1 contract

Samples: Credit and Guaranty Agreement (ONE Group Hospitality, Inc.)

Data Privacy and Security. (a) The Company and its Subsidiaries have has at all times for the past two (2) years since January 1, 2018 complied in all material respects with, and are currently in compliance in all material respects with, with all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) ), and contractual commitments relating to concerning the Processing of Personal Payment Card Industry Data Security Standards (if any) (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have has implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”). (b) There is no pending, nor has there been for the past two (2) yearssince January 1, 2018 any Proceeding material Proceedings against the Company or any of its Subsidiaries initiated by (i) any Person, ; (ii)the ii) the United States Federal Trade Commission, any state attorney general or similar state official, ; (iii) any other Governmental Entity, foreign or domestic, ; or (iv) any regulatory or self-regulatory entity, entity alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or is in violation of any of its SubsidiariesPrivacy Requirements. (c) There Since January 1, 2018, there has been no material breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its SubsidiariesCompany, or any material unauthorized intrusions, intrusions or breaches of security or other data security incidents with respect to into the Company IT Systemssystems. (d) The Company and its Subsidiaries own owns or have has license to use the Company IT Systems as necessary to operate the Business as currently conducted and business of the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person. (e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and Requirements consistent with standards prudent in the industry in which the Company operates, designed operates to protect (i) the integrity, security and operations of the Company’s information technology systems, and (ii) the confidential data owned by the Company IT Systemsor provided by the Company’s customers, and Personal Data against data security incidents or other misuse. The Company and its Subsidiaries have has implemented commercially reasonable procedures, including implementing data backup, disaster avoidance, recovery and business continuity procedures, and have satisfied satisfying the requirements of applicable Privacy Laws in all material respects, designed to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse. (f) In connection with each third-party service provider whose services are material to the Company and involve the Processing of Personal Data on behalf of the Company, the Company has in accordance with Privacy Laws, since January 1, 2018, entered into valid data processing agreements with any such third party in accordance with applicable Privacy Laws. (g) The consummation of any of the transactions contemplated hereby or pursuant to any Ancillary Document hereby, will not violate any applicable Privacy Requirements. (gh) There have not been any Proceedings related to any unauthorized intrusions, breaches of security or other data security incidents, incidents or any violations of any Privacy Requirements, Requirements that have been asserted in writing against the Company or any of its Subsidiaries Company, and, to the Company’s knowledge, neither the Company nor any of its Subsidiaries has not received any information written correspondence relating to, or written notice of any Proceedings with respect to, any alleged violations by the Company or any of its Subsidiaries of any of, Privacy Requirements. (i) The Company has not transferred any Personal Data from the European Union or United Kingdom to a jurisdiction outside the European Economic Area or United Kingdom, other than in accordance with Articles 45 and 46(2) of the GDPR.

Appears in 1 contract

Samples: Business Combination Agreement (Alpha Healthcare Acquisition Corp.)

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!