Common use of Data Privacy & Cybersecurity Clause in Contracts

Data Privacy & Cybersecurity. Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect: (a) the IT Assets operate and perform in a manner that permits the Company and its Subsidiaries to conduct their respective businesses as currently conducted; (b) the Company and its Subsidiaries have taken all actions, consistent with current industry standards of similarly sized companies in the consumer packaged goods industry, to protect the confidentiality, integrity and security of the IT Assets (and all information and transactions stored or contained therein or transmitted thereby) against any unauthorized use, access, interruption, modification or corruption, including the implementation of (i) data backup, (ii) disaster avoidance and recovery, (iii) business continuity and (iv) encryption and other security procedures, protocols and technologies; (c) there has been no breach, or unauthorized use, access, interruption, modification, corruption or other compromise, of any of the IT Assets (or any information or transactions stored or contained therein or transmitted thereby); (d) the Company and its Subsidiaries have at all times complied, and are currently in compliance, with all Applicable Data Protection Requirements; (e) no Action is pending or, to the Knowledge of the Company, threatened against the Company or any of its Subsidiaries by any Person alleging a violation of any Applicable Data Protection Requirement; (f) the Company and its Subsidiaries have implemented and maintain commercially reasonable technical and organizational measures, in accordance with industry standards of similarly sized companies in the consumer packaged goods industry, to protect all Personal Information in its possession or control against a breach, or unauthorized use, access, exfiltration, destruction, alteration, disclosure, loss, theft, interruption, modification or corruption thereof (each, a “Data Breach”); (g) the Company and its Subsidiaries have used commercially reasonable efforts to ensure that all service providers, data processors and other third parties that process any Personal Information on behalf of the Company or any of its Subsidiaries are bound by valid, written and enforceable agreements including any terms required by Applicable Data Protection Laws and requiring such third parties to comply with Applicable Data Protection Laws and to maintain the privacy, security and confidentiality of such Personal Information; (h) to the Knowledge of the Company, there has been no Data Breach with respect to any Personal Information in the Company’s or any of its Subsidiaries’ possession or control and the Company and its Subsidiaries have not been required under any Applicable Data Protection Requirement to provide any notice to any Governmental Authority or Person in connection with any Data Breach; and (i) the consummation of the transactions contemplated by this Agreement will not breach any Applicable Data Protection Requirement.

Appears in 2 contracts

Samples: Merger Agreement (Campbell Soup Co), Merger Agreement (Sovos Brands, Inc.)

AutoNDA by SimpleDocs

Data Privacy & Cybersecurity. Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect: (a) the IT Assets operate The Acquired Companies comply and perform in a manner that permits the Company and its Subsidiaries to conduct their respective businesses as currently conducted; (b) the Company and its Subsidiaries have taken all actions, consistent complied with current industry standards of similarly sized companies in the consumer packaged goods industry, to protect the confidentiality, integrity and security of the IT Assets (and all information and transactions stored or contained therein or transmitted thereby) against any unauthorized use, access, interruption, modification or corruption, including the implementation of (i) data backupall Data Protection Laws, (ii) disaster avoidance applicable binding industry standards and recovery, (iii) business continuity the Acquired Companies’ public posted privacy policies and all material contractual commitments that the Acquired Companies have entered into with respect to the Processing of Personal Information (iv) encryption collectively, the “Privacy Commitments”). The execution, delivery, and other security proceduresperformance of this Agreement will not cause, protocols and technologies; (c) there has been no breachconstitute, or unauthorized use, access, interruption, modification, corruption or other compromise, result in violation of any Privacy Commitments. Each of the Internet websites and applications (including mobile applications) owned or operated by an Acquired Company maintains a publicly posted privacy statement or policy that complies with all applicable Privacy Commitments and describes such entity’s practices with respect to the collection, storage, use and disclosure of Personal Information. (b) The IT Assets (or any information or transactions stored or contained therein or transmitted thereby); (di) the Company are in good working order and its Subsidiaries have at all times complied, condition and are currently in compliance, with all Applicable Data Protection Requirements; (e) no Action is pending or, to sufficient for the Knowledge operation of the CompanyBusiness as currently conducted, threatened against the Company or any of its Subsidiaries by any Person alleging a violation of any Applicable Data Protection Requirement; (f) the Company and its Subsidiaries have implemented and maintain commercially reasonable technical and organizational measures, in accordance with industry standards of similarly sized companies in the consumer packaged goods industry, to protect all Personal Information in its possession or control against a breach, or unauthorized use, access, exfiltration, destruction, alteration, disclosure, loss, theft, interruption, modification or corruption thereof (each, a “Data Breach”); (g) the Company and its Subsidiaries have used commercially reasonable efforts to ensure that all service providers, data processors and other third parties that process any Personal Information on behalf of the Company or any of its Subsidiaries are bound by valid, written and enforceable agreements including any terms required by Applicable Data Protection Laws and requiring such third parties to comply with Applicable Data Protection Laws and to maintain the privacy, security and confidentiality of such Personal Information; (hii) to the Knowledge of the Company, there has are free of any “back door,” “time bomb,” “Trojan horse,” “worm,” “drop dead device,” “virus” or other software routines or hardware components that permit unauthorized access, disablement or erasure or otherwise adversely affect the functionality of the IT Assets and (iii) have not materially malfunctioned or failed. The Acquired Companies have implemented and maintain commercially reasonable and appropriate technical and organizational measures to preserve and maintain the performance, physical and electronic security, integrity, and continuous operation of the IT Assets and protect the data (including Personal Information and Trade Secrets) stored thereon or Processed thereby against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, including maintaining commercially reasonable business continuity and disaster recovery plans. (c) The Acquired Companies have not experienced any actual or alleged misuse, intrusion or breach of the IT Assets or any loss, theft, or unauthorized or unlawful corruption, access to or Processing, or the rendering unavailable or inaccessible (including through a ransomware attack) of data (including Personal Information or Trade Secrets) Processed by or on behalf of the Acquired Companies (collectively, “Security Incidents”) in the past five (5) years. The Acquired Companies have not in the past five (5) years (i) been no Data Breach required pursuant to any Privacy Commitment to notify customers, consumers, employees, Governmental Authority, or any other Person of any Security Incident; (ii) been the subject of any inquiry, investigation or enforcement action of any Governmental Authority with respect to compliance with any Personal Information in the Company’s or any of its Subsidiaries’ possession or control and the Company and its Subsidiaries have not been required under any Applicable Data Protection Requirement to provide Law, or (iii) received any notice to notice, request, claim, complaint, correspondence or other communication, or Proceeding pending or threatened from any Governmental Authority or other Person in connection relating to any Security Incident or compliance with or violation of any Data Breach; and (i) the consummation of the transactions contemplated by this Agreement will not breach any Applicable Data Protection RequirementPrivacy Commitments.

Appears in 1 contract

Samples: Membership Interest Purchase Agreement (Apogee Enterprises, Inc.)

Data Privacy & Cybersecurity. Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect: (a) the The Company Entities have, and use all reasonable efforts to require that all third Persons controlling IT Assets operate or processing Company Data in connection with the Company’s products and perform in a manner that permits services have, established and implemented internal and external policies, notices, records, logs and procedures and organizational, physical, administrative, and technical measures regarding privacy, cybersecurity, data transfers and data security (such policies and measures of the Company Entities, collectively, the “Privacy Policies”) that (i) are consistent in all material respects with all applicable Data Protection Laws; and its Subsidiaries to conduct their respective businesses as currently conducted; (ii) protect Company Data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access. (b) The Company Entities comply and have complied at all times with all Data Protection Requirements in all material respects, including, where required, entering into and complying with contracts with its customers and suppliers that meet the requirements of Data Protection Laws. (c) In the previous three (3) years, none of Company and its Subsidiaries have taken all actionsEntities, consistent nor any third party with current industry standards of similarly sized companies in respect to the consumer packaged goods industry, to protect the confidentiality, integrity and security conduct of the IT Assets (and all information and transactions stored or contained therein or transmitted thereby) against any unauthorized useBusiness, access, interruption, modification or corruption, including the implementation of has (i) data backupexperienced any material security breaches of Company Data, (ii) disaster avoidance and recovery, (iii) business continuity and (iv) encryption and other security procedures, protocols and technologies; (c) there has been no breach, including any that would require law enforcement or unauthorized use, access, interruption, modification, corruption individual notification or other compromise, of under any of the IT Assets (or any information or transactions stored or contained therein or transmitted thereby); (d) the Company and its Subsidiaries have at all times complied, and are currently in compliance, with all Applicable applicable Data Protection Requirements; (eii) no Action is been subject to any pending oror threatened investigations, notices or requests from any Governmental Authority in relation to the Knowledge their data processing activities or (iii) received any pending or threatened claims from any Persons alleging any breach of, or exercising their rights under, any Data Protection Requirements. (d) None of the CompanyCompany Entities is subject to any Data Protection Requirements that, threatened against following the Closing, would prohibit the Company or any Company Subsidiaries from receiving or using Company Data in accordance with and subject to such Data Protection Requirements, including in the manner currently received or used. (e) There has been no failure, breakdown, performance reduction, or other adverse event affecting any IT Assets that has caused any (i) substantial disruption of its Subsidiaries by any Person alleging a violation or interruption in or to the use of such IT Assets or the conduct of the business of the Company Entities; (ii) material loss, destruction, damage or harm of or to the Company Entities or their operations, personnel, property, or other assets; (iii) material liability of any Applicable Data Protection Requirement; kind to the Company Entities or (iv) customer or supplier to terminate its relationship with the Company Entities. The Company maintains reasonable backup and data recovery, disaster recovery, and business continuity plans, procedures, and facilities consistent with relevant industry standards. (f) the The Company Entities have materially aligned their cybersecurity practices with relevant industry standards. There is not, and its Subsidiaries have implemented and maintain commercially reasonable technical and organizational measures, in accordance with industry standards of similarly sized companies has not been in the consumer packaged goods industryprevious three (3) years, to protect all Personal Information in its possession any Malicious Code or control against a breach, other material cybersecurity threats or unauthorized use, access, exfiltration, destruction, alteration, disclosure, loss, theft, interruption, modification or corruption thereof (each, a “Data Breach”); (g) the Company and its Subsidiaries have used commercially reasonable efforts to ensure vulnerabilities affecting any IT Assets that all service providers, data processors and other third parties that process any Personal Information on behalf of the Company or any of its Subsidiaries are bound by valid, written and enforceable agreements including any terms required by Applicable Data Protection Laws and requiring such third parties to comply with Applicable Data Protection Laws and to maintain the privacy, security and confidentiality of such Personal Information; (h) to the Knowledge of the Company, there has been no Data Breach with respect to any Personal Information in the Company’s or any of its Subsidiaries’ possession or control and the Company and its Subsidiaries have not been required under any Applicable Data Protection Requirement to provide any notice to any Governmental Authority or Person remediated (including the root causes thereof). The Company Entities have cybersecurity and data breach insurance that is adequate and suitable in connection with any Data Breach; and (i) the consummation respect of the transactions contemplated by this Agreement will not breach any Applicable Data Protection RequirementIT Assets.

Appears in 1 contract

Samples: Equity Purchase Agreement (DENTSPLY SIRONA Inc.)

AutoNDA by SimpleDocs

Data Privacy & Cybersecurity. (a) Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect: (a) the IT Assets operate and perform in a manner that permits , the Company and its Subsidiaries comply, and since December 31, 2021 have complied, with all Privacy Requirements, including all applicable Laws regarding the collection, use and disclosure of Personal Information stored or processed by the Company or any of its Subsidiaries. Except as has not had, and would not reasonably be expected to conduct their respective businesses as currently conducted; have, individually or in the aggregate, a Company Material Adverse Effect, since December 31, 2021 the Company and its Subsidiaries have not experienced any breach, violation, unauthorized access, loss, destruction, or disclosure of Personal Information stored or processed by or on behalf of the Company or any of its Subsidiaries. (b) Except as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, (i) the Company and its Subsidiaries have taken all actionsimplemented and since December 31, consistent with current industry standards of similarly sized companies in the consumer packaged goods industry2021 maintained commercially reasonable physical, technical, organizational and administrative security measures, procedures, and policies, including security measures designed to protect the confidentialityPersonal Information maintained, integrity and security of the IT Assets (and all information and transactions stored or contained therein processed by or transmitted thereby) against any unauthorized use, access, interruption, modification or corruption, including the implementation on behalf of (i) data backup, (ii) disaster avoidance and recovery, (iii) business continuity and (iv) encryption and other security procedures, protocols and technologies; (c) there has been no breach, or unauthorized use, access, interruption, modification, corruption or other compromise, of any of the IT Assets (or any information or transactions stored or contained therein or transmitted thereby); (d) the Company and its Subsidiaries have at all times compliedagainst loss and against unauthorized access, use, or disclosure, (ii) neither the Company nor any of its Subsidiaries are the subject of any pending or, to the Knowledge of the Company as of the date of this Agreement, threatened Legal Proceeding alleging non-compliance in any material respect with Privacy Requirements, and are currently (iii) to the Knowledge of the Company, the Transactions will not violate in complianceany material respect any applicable Privacy Requirements. (c) Except as has not had, with and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, since December 31, 2021, neither the Company nor any of its Subsidiaries has (i) experienced a cybersecurity incident that resulted in the unauthorized access to, or the disclosure or exfiltration of, any Personal Information or other misuse of any Personal Information in a manner that, individually or in the aggregate, has resulted in liability to the Company or any of its Subsidiaries or an obligation for the Company or any of its Subsidiaries to notify affected individuals or any other Person under all Applicable applicable Laws relating to the protection or processing of Personal Information, data privacy or cybersecurity or the privacy of electronic communications in any relevant jurisdiction (“Data Protection Requirements; Laws”), or (eii) received any written notice (including any enforcement notice) of any pending or threatened Legal Proceeding concerning, any material noncompliance with any applicable Data Protection Laws. There are no Action is Legal Proceedings pending or, to the Knowledge of the Company, threatened in writing against or pertaining to the Company or any of its Subsidiaries by any Person alleging a violation of any Applicable Data Protection Requirement; (f) with respect to the Company and its Subsidiaries have implemented and maintain commercially reasonable technical and organizational measurescollection, in accordance with industry standards of similarly sized companies in the consumer packaged goods industryretention, to protect all Personal Information in its possession or control against a breachstorage, or unauthorized use, access, exfiltration, destruction, alterationsecurity, disclosure, losstransfer, theftdisposal, interruptionuse, modification or corruption thereof (each, a “Data Breach”); (g) the Company and its Subsidiaries have used commercially reasonable efforts to ensure that all service providers, data processors and other third parties that process processing of any Personal Information on behalf of the Company or any of its Subsidiaries are bound by valid, written and enforceable agreements including any terms required by Applicable Data Protection Laws and requiring such third parties to comply with Applicable Data Protection Laws and to maintain the privacy, security and confidentiality of such Personal Information; (h) to the Knowledge of the Company, there has been no Data Breach with respect to any Personal Information in the Company’s or any of its Subsidiaries’ possession or control and the Company and its Subsidiaries have not been required under any Applicable Data Protection Requirement to provide any notice to any Governmental Authority or Person in connection with any Data Breach; and (i) the consummation of the transactions contemplated by this Agreement will not breach any Applicable Data Protection Requirement.

Appears in 1 contract

Samples: Merger Agreement (Perficient Inc)

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!