Data Privacy & Cybersecurity. (a) Except as would not be material to the Company Group, taken as a whole, (i) each member of the Company Group is, and at all times since January 1, 2021, has been, in compliance with all Privacy Obligations; (ii) the Company and the Company Subsidiaries have used commercially reasonable efforts to ensure that all service providers, data processors and other third parties that process any Personally Identifiable Information on behalf of the Company or any of the Company Subsidiaries are bound by written agreements including any terms required by applicable Privacy Laws and requiring such third parties to comply with applicable Privacy Laws and (iii) neither the execution of this Agreement by the Company nor the consummation of the Transactions will result in a breach or violation of any Privacy Obligation by the Company or any Company Subsidiary. Except as would not be material to the Company Group, taken as a whole, neither the Company nor any Company Subsidiary has received any written or, to the Knowledge of the Company, threatened notices or complaints from any person or Governmental Authority alleging, or been subject to any audits or investigations concerning, and no Action is pending or, to the Knowledge of the Company, threatened alleging any failure to comply with any Privacy Obligations.
Data Privacy & Cybersecurity. Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect: (a) the IT Assets operate and perform in a manner that permits the Company and its Subsidiaries to conduct their respective businesses as currently conducted; (b) the Company and its Subsidiaries have taken all actions, consistent with current industry standards of similarly sized companies in the consumer packaged goods industry, to protect the confidentiality, integrity and security of the IT Assets (and all information and transactions stored or contained therein or transmitted thereby) against any unauthorized use, access, interruption, modification or corruption, including the implementation of (i) data backup, (ii) disaster avoidance and recovery, (iii) business continuity and (iv) encryption and other security procedures, protocols and technologies; (c) there has been no breach, or unauthorized use, access, interruption, modification, corruption or other compromise, of any of the IT Assets (or any information or transactions stored or contained therein or transmitted thereby); (d) the Company and its Subsidiaries have at all times complied, and are currently in compliance, with all Applicable Data Protection Requirements; (e) no Action is pending or, to the Knowledge of the Company, threatened against the Company or any of its Subsidiaries by any Person alleging a violation of any Applicable Data Protection Requirement; (f) the Company and its Subsidiaries have implemented and maintain commercially reasonable technical and organizational measures, in accordance with industry standards of similarly sized companies in the consumer packaged goods industry, to protect all Personal Information in its possession or control against a breach, or unauthorized use, access, exfiltration, destruction, alteration, disclosure, loss, theft, interruption, modification or corruption thereof (each, a “Data Breach”); (g) the Company and its Subsidiaries have used commercially reasonable efforts to ensure that all service providers, data processors and other third parties that process any Personal Information on behalf of the Company or any of its Subsidiaries are bound by valid, written and enforceable agreements including any terms required by Applicable Data Protection Laws and requiring such third parties to comply with Applicable Data Protection Laws and to maintain the privacy, security and confidentiality of such Personal Info...
Data Privacy & Cybersecurity. (a) Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, the Company and its Subsidiaries comply, and since December 31, 2021 have complied, with all Privacy Requirements, including all applicable Laws regarding the collection, use and disclosure of Personal Information stored or processed by the Company or any of its Subsidiaries. Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, since December 31, 2021 the Company and its Subsidiaries have not experienced any breach, violation, unauthorized access, loss, destruction, or disclosure of Personal Information stored or processed by or on behalf of the Company or any of its Subsidiaries.
Data Privacy & Cybersecurity. Each Party shall comply and shall ensure that its Personnel and other Representatives comply with, the provisions of any Data Protection Laws applicable to their conduct under or in connection with this Agreement. To the extent required under applicable Data Protection Laws with respect to the transfer of personal data, the Parties shall enter into (or to the extent required by such Data Protection Laws, cause their respective Affiliates to enter into) such other agreements as may be required by the applicable Data Protection Laws. Each Party shall implement adequate policies and commercially reasonable security measures regarding the integrity and availability of the information technology and software applications owned, operated, or outsourced by that Party, and the data and Intellectual Property thereon. In case one Party or its Affiliates experiences any of the following events, it shall, as soon as such Party is aware, use reasonable efforts to notify the other Party within thirty-six (36) hours of: a confirmed data breach involving the unauthorized access to or accidental or illicit destruction, loss, change, communication, or dissemination of information related to an identified or identifiable natural person provided by the other Party or its Affiliates or Intellectual Property; or any order issued by a judicial or administrative authority regarding data exchanged between the Parties under this Agreement. Each Party shall use reasonable efforts to notify the other Party within thirty-six (36) hours of receiving: data subject requests related to an identified or identifiable natural person provided by the other Party or its Affiliates, such as access, rectification and deletion requests; and any complaint regarding the processing of data related to an identified or identifiable natural person provided by the other Party or its Affiliates, including allegations that the processing operations violate data subject rights.
Data Privacy & Cybersecurity. (a) The Company Entities have, and use all reasonable efforts to require that all third Persons controlling IT Assets or processing Company Data in connection with the Company’s products and services have, established and implemented internal and external policies, notices, records, logs and procedures and organizational, physical, administrative, and technical measures regarding privacy, cybersecurity, data transfers and data security (such policies and measures of the Company Entities, collectively, the “Privacy Policies”) that (i) are consistent in all material respects with all applicable Data Protection Laws; and (ii) protect Company Data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access.
Data Privacy & Cybersecurity. (a) The Companies and their Affiliates have and, to Cinergy’s Knowledge, with respect to the Processing of Personal Data on the Companies’ behalf, their respective Data Processors have, since the Lookback Date, complied in all respects with all applicable Company Privacy Policies and Privacy Laws. To the extent required by Privacy Laws or Company Privacy Policies, (i) Personal Data is Processed by the Companies, their Affiliates and their respective Data Processors in an encrypted manner, and (ii) Personal Data is securely deleted or destroyed by the Companies, their Affiliates and their respective Data Processors. Neither the execution, delivery or performance of this Agreement nor any of the other Transaction Documents, nor the consummation of any of the Transactions violate any Privacy Laws or Company Privacy Policies. Where any Company or any of its Affiliates uses a Data Processor to Process Personal Data, the Data Processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and has agreed to comply with those obligations in a manner sufficient for the Companies’ and their Affiliates’ compliance with Privacy Laws.
Data Privacy & Cybersecurity. (a) The Company complies in material respects with, and has for the past four (4) years complied in material respects with: (i) all Privacy Laws, (ii) all Privacy Policies applicable to the Company and (iii) all contractual commitments, including any terms of use, that the Company has entered into with respect to the Processing of Personal Information (collectively, the “Data Protection Requirements”). To the Company’s knowledge, its material vendors, processors, or other third parties that have been engaged by Company to Process Personal Information collected by and/or Processed by or for the Company (collectively, “Data Partners”) comply in material respects with, and have for the past four (4) years complied in material respects with all Privacy Laws applicable to their Processing of Personal Information on behalf of the Company. Where required by Privacy Policies and/or any applicable Privacy Laws, the Company has at all times presented a Privacy Policy to individuals prior to the collection of any Personal Information from such individuals, and all Privacy Policies are and have at all times been materially accurate, consistent and complete and have not been misleading or deceptive (including by omission).
