Data Protection and Cybersecurity. (a) For the purposes of this Section 7.23, the terms “controller,” “data subject,” “personal data breach,” “processor,” “processing” (and its cognates), and “special categories of personal data” shall have the meaning given to them in the GDPR.
(b) Each Target Company complies in all material respects with all Data Protection Laws, contractual obligations in contracts that are material to the relevant Target Company, and such Target Company’s posted or publicly facing privacy policies relating to the privacy, security, processing, storage, transmission, transfer, disclosures, confidentiality and use of Personal Data (including Personal Data of employees, directors, officers, partners, consultants, contractors, third parties who have provided information to a Target Company, and any information which may be re-identified or associated with a unique identifier). Each Target Company has (i) implemented and maintains appropriate policies, notices, logs, and procedures in relation to the processing and transfer of Personal Data (including cross-border transfer) and carried out regular staff training, testing, audits or other mechanisms designed to ensure and monitor compliance with such policies and procedures to demonstrate compliance with Data Protection Laws, (ii) maintained and keeps up-to-date records of its Personal Data processing activities as required under Data Protection Laws, (iii) issued fair processing notices to the relevant data subjects in accordance with Data Protection Laws, (iv) made all disclosures to, and obtained all appropriate consents, approvals and/or authorization from, users, customers, employees, directors, officers, partners, consultants, contractors, and other applicable Persons required in all material respects by applicable Data Protection Laws to process and transfer such Personal Data lawfully and in accordance with Data Protection Laws, and (v) has filed all registrations required in all material respects under Data Protection Laws with the applicable data protection authority.
(c) Each Target Company has implemented and maintains appropriate technical and organizational measures designed or otherwise intended to protect Personal Data and other data relating to the business of the Target Company against Personal Data breaches and cybersecurity incidents. Each Target Company has undertaken, and resolved in all material respects any material issues identified by, all necessary surveys, audits, inventories, reviews, analysis an...
Data Protection and Cybersecurity. Administrator, by and through its affiliated companies, shall maintain and implement an information security program reasonably designed to safeguard the personal information of the Funds’ shareholders that Administrator receives, stores, maintains or processes in connection with the provision of services under this Agreement. The program will include written policies and procedures, systems and training relating to identity theft, fraud, data protection, business continuity and disruptions of service.
Data Protection and Cybersecurity. Adviser, by and through its affiliated companies, shall maintain and implement an information security program reasonably designed to safeguard the personal information of the Funds’ shareholders that Adviser receives, stores, maintains or processes in connection with the provision of services under this Agreement. The program will include written policies and procedures, systems and training relating to identity theft, fraud, data protection, business continuity and disruptions of service.
Data Protection and Cybersecurity. Transfer Agent, by and through its affiliated companies, shall maintain and implement an information security program reasonably designed to safeguard the personal information of the Funds’ shareholders that Transfer Agent receives, stores, maintains or processes in connection with the provision of services under this Agreement. The program will include written policies and procedures, systems and training relating to identity theft, fraud, data protection, business continuity and disruptions of service.
Data Protection and Cybersecurity. (a) For the purposes of this Section 6.23 and Section 10.3, the terms “personal data breach” and “processing” (and its cognates) shall have the meaning given to them in the GDPR.
(b) Each Target Company (i) has implemented and maintains appropriate technical and organizational measures designed to protect Personal Data relating to the business of the Target Company against personal data breaches and cybersecurity incidents and (ii) complies in all material respects with all contractual obligations to which it is bound relating to the privacy, security, processing, transfer and confidentiality of Personal Data.
(c) Except as would not, individually or in the aggregate, be material to the Target Companies, taken as a whole, since January 1, 2020, no Target Company has (i) suffered, or has discovered, any security breach of or, to the Knowledge of the Company, intrusion into any Target Company’s computer networks, the IT Systems or any other computer networks or systems containing Personal Data or a Target Company’s data, (ii) been subject to any actual, pending or, to the Knowledge of the Company, threatened in writing investigations, notices or requests from any Governmental Authority in relation to their data processing or cybersecurity activities, and (iii) received any actual, pending or, to the Knowledge of the Company, threatened claims from individuals alleging any breach of, or exercising their rights under, Data Protection Laws.
Data Protection and Cybersecurity. (a) For the purposes of this Section 6.24, the terms “controller,” “data subject,” “personal data,” “personal data breach,” “processor,” “processing” (and its cognates), and “special categories of personal data” shall have the meaning given to them in the GDPR.
(b) Each Target Company complies in all material respects with all Data Protection Laws and contractual obligations relating to the privacy, security, processing, transfer and confidentiality of personal data. Each Target Company has (i) implemented and maintains appropriate policies, notices, logs, and procedures in relation to the processing and transfer of personal data and carried out regular staff training, testing, audits or other mechanisms designed to ensure and monitor compliance with such policies and procedures to demonstrate compliance with Data Protection Laws, (ii) maintained and keeps up-to-date records of all its personal data processing activities as required under Data Protection Laws, (iii) issued fair processing notices to the relevant data subjects in accordance with Data Protection Laws, (iv) obtained all appropriate consents, approvals and/or authorisation to process and transfer such personal data lawfully and in accordance with Data Protection Laws, including in relation to the placement of cookies or similar technologies on the devices of users of each Target Company’s website.
(c) Each Target Company has implemented and maintains appropriate technical and organisational measures to protect personal data and other data relating to the business of the Target Company against personal data breaches and cybersecurity incidents, as monitored through regular external penetration tests and vulnerability assessments (including by remediating any and all material identified vulnerabilities).
(d) In the past three (3) years, no Target Company has (i) suffered, or has discovered, any personal data breach or security breach or, to the Knowledge of the Company, intrusion into a Target Company’s computer networks or systems or any other computer networks or systems containing personal data or a Target Company’s data, (ii) been subject to any actual, pending, or threatened investigations, notices or requests from any Governmental Authority in relation to their data processing or cybersecurity activities, and (iii) received any actual, pending, or threatened claims from individuals alleging any breach of, or exercising their rights under, Data Protection Laws, except where such a claim wou...
Data Protection and Cybersecurity. For the purposes of this Section 3.17, the terms “personal data,” “personal data breach,” “process” (and its derivatives) and “supervisory authority” shall have the meaning given to them in the GDPR. Except as would not reasonably be expected to have, individually or in the aggregate, an Aspen Material Adverse Effect: (a) Aspen and each of its Subsidiaries have complied with all applicable requirements of the Data Protection Laws; (b) Aspen and each of its Subsidiaries have implemented appropriate technical and organizational measures to keep personal data processed by or on behalf of Aspen and its Subsidiaries confidential in accordance with Applicable Law (including, for the avoidance of doubt, Data Protection Laws) and to protect such personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, as monitored through regular penetration tests and vulnerability assessments (including by remediating any and all identified vulnerabilities); and (c) neither Aspen nor any of its Subsidiaries has (i) suffered any personal data breach; (ii) received any written notice, request or other communication from any supervisory authority or any regulatory authority relating to a breach or alleged breach of their obligations under Data Protection Laws; or (iii) received any written claim or complaint from any data subject or other person claiming a right to compensation for failure to respond to any of their data subject rights requests or alleging any breach of Data Protection Laws.
Data Protection and Cybersecurity. For the purposes of this Section 4.15, the terms “personal data,” “personal data breach,” “process” (and its derivatives) and “supervisory authority” shall have the meaning given to them in the GDPR. Except as would not reasonably be expected to be material to Bridge Media, taken as a whole, Bridge Media has (a) posted privacy policies on all websites, mobile apps and other online properties operated by or on behalf of Bridge Media regarding the collection and use of personal data of individuals who are visitors to such websites, mobile apps or online properties or customers of Bridge Media, (b) complied with all applicable requirements of the Data Protection Laws, and (c) implemented reasonably appropriate technical and organizational measures to keep personal data processed by or on behalf of Bridge Media confidential in accordance with Applicable Law (including, for the avoidance of doubt, Data Protection Laws) and to protect such personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, as monitored through regular penetration tests and vulnerability assessments (including by remediating any and all identified critical- and high-severity vulnerabilities). Bridge Media has not (i) since January 1, 2021, suffered any personal data breach concerning personal data processed by or on behalf of Bridge Media, (ii) received any written notice, request or other communication from any supervisory authority or any regulatory authority relating to a breach or alleged breach of their obligations under Data Protection Laws, or (iii) received any written claim or complaint from any data subject or other person claiming a right to compensation for failure to respond to any of their data subject rights requests or alleging any breach of Data Protection Laws and, to the knowledge of Simplify, there is no pending investigation by any Governmental Authority of Bridge Media relating to such Data Protection Laws.
Data Protection and Cybersecurity. (a) Except as would not, individually or in the aggregate, have a Company Material Adverse Effect, (i) the Company and its Subsidiaries, and the Processing by them or, to the Company’s Knowledge, on their behalf of any Personal Information are, and since January 1, 2017 have been, in compliance with (A) all applicable Privacy Laws and, to the extent applicable, PCI DSS, (B) all applicable contractual obligations and (C) all policies of the Company and its Subsidiaries relating to Personal Information; (ii) there has been no unauthorized access to or breach, misuse or theft of any Personal Information Processed by the Company or any of its Subsidiaries, and, to the Company’s Knowledge, there has been no unauthorized access to, or breach, misuse or theft of any Personal Information Processed by Third Parties on behalf the Company or any of its Subsidiaries; (iii) each online site and mobile application of the Company and its Subsidiaries has posted terms of use and a privacy policy that materially comply with all applicable Privacy Laws and accurately reflects the Company’s and its Subsidiaries’ practices concerning the Processing of Personal Information collected by or through such site or mobile application; (iv) no disclosure of any data breach or network security breach, or any unauthorized access to, misuse of or theft of any Personal Information, has been or should have been made by the Company and its Subsidiaries under any applicable Privacy Law, to any Governmental Entity or affected Person; (v) each of the Company and its Subsidiaries, as applicable, has entered into a Business Associate Agreement with the applicable third party (to the extent required by, and in conformity with, HIPAA) in each instance where (A) the Company or such Subsidiary acts as a business associate (as defined in 45 C.F.R. § 160.103) to that third party, (B) that third party creates, receives, maintains or transmits protected health information (as defined in 45 C.F.R. § 160.103) from or on behalf of the Company or such Subsidiary or (C) that third party otherwise acts as a business associate to the Company or such Subsidiary, and each of the Company and its Subsidiaries has at all times been since January 1, 2017 in material compliance with any Business Associate Agreements to which it is a party; and (vi) the execution of this Agreement and the consummation of the transactions contemplated by this Agreement comply with all applicable Privacy Laws and contractual obligation...
Data Protection and Cybersecurity. (a) For the purposes of this Section 5.23 and Section 8.3, the terms “personal data breach” and “processing” (and its cognates) shall have the meaning given to them in the GDPR.
(b) Each Target Company (i) has implemented and maintains commercially reasonable technical and organizational measures designed to protect Personal Data relating to the business of the Target Company against personal data breaches and cybersecurity incidents and (ii) complies in all material respects with all contractual obligations to which it is bound relating to the privacy, security, processing, transfer and confidentiality of Personal Data, except to the extent any non-compliance, either individually or in the aggregate, would not reasonably be expected to be material to the Target Companies.
(c) Except as would not, individually or in the aggregate, be material to the Target Companies, taken as a whole, since January 1, 2021, no Target Company has (i) been subject to any actual, pending or, to the Knowledge of the Company, threatened in writing, investigations, notices or requests from any Governmental Authority in relation to its data processing or cybersecurity activities, or (ii) received any actual, pending or, to the Knowledge of the Company, threatened, claims from individuals alleging any violation of Data Protection Laws.
