Common use of Data Security Obligations Clause in Contracts

Data Security Obligations. (A) The Company and its subsidiaries have complied, and are presently, and since the Company’s and its subsidiaries inception have been, in compliance in all material respects, with all applicable internal and external privacy policies, contractual obligations, industry standards, applicable state, federal and international data privacy and security laws and regulations, including without limitation and to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, the European Union General Data Protection Regulation (EU 2016/679), the California Consumer Privacy Act, and other statutes, judgments, orders, rules and regulations of any applicable court or arbitrator or other governmental or regulatory authority and any legal obligations regarding the collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing by the Company and its subsidiaries of Personal Data (collectively, the “Data Security Obligations”); (B) neither the Company nor any of its subsidiaries has received any notification of or complaint regarding, or are aware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance by the Company or any of its subsidiaries with any Data Security Obligation or has any knowledge of any event or conditions that would reasonably be expected to result in any such non-compliance; (C) there is no pending, or to the knowledge of the Company, threatened, action, suit or proceeding by or before any applicable court or governmental agency, authority or body alleging non-compliance by the Company or any of its subsidiaries with any Data Security Obligation; (D) neither the Company nor any of its subsidiaries has conducted or paid for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Security Obligation; (E) to ensure compliance with the Data Security Obligations, the Company and its subsidiaries have taken steps reasonably necessary in accordance with industry standard practices (including, without limitation, implementing and monitoring compliance with adequate measures with respect to technical and physical security) designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing of Personal Data that is subject to the Data Security Obligations (the “Policies”) to protect such Personal Data against loss and unauthorized access, use, modification, disclosure or other misuse; and (F) the Company and its subsidiaries have made all disclosures of their then-current Policies to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements.

Data Security Obligations. (Ai) The Company and each of its subsidiaries have complied, complied and are presently, and since the Company’s and its subsidiaries inception have been, presently in compliance in all material respects, with all applicable internal and external privacy policies, contractual obligations, industry standards, applicable statelaws, federal and international data privacy and security laws and regulations, including without limitation and to the extent applicable, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, the European Union General Data Protection Regulation (EU 2016/679), the California Consumer Privacy Act, and other statutes, judgments, orders, rules and regulations of any applicable court or arbitrator or other governmental or regulatory authority and any other legal obligations regarding obligations, in each case, relating to the collection, use, transfer, import, export, storage, protection, disposal, disposal and disclosure or other processing by the Company and or any of its subsidiaries of Personal Data personal, personally identifiable, household, sensitive, confidential or regulated data (collectively, the “Data Security Obligations” and such data, “Data”); (Bii) neither the Company nor any of its subsidiaries has not received any notification of or complaint regarding, or are aware regarding and is unaware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance by the Company or any of its subsidiaries with any Data Security Obligation or has any knowledge Obligation; and (iii) of any event or conditions that would reasonably be expected to result in any such non-compliance; (C) there is no pending, or to the knowledge of the Company, threatened, action, suit or proceeding by or before any applicable court or governmental agency, authority or body pending or threatened alleging non-compliance by the Company or any of its subsidiaries with any Data Security Obligation; (D) neither the . The Company nor any and each of its subsidiaries has conducted or paid for, have taken all technical and organizational measures necessary to protect the information technology systems and Data used in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Security Obligation; (E) to ensure compliance connection with the Data Security Obligationsoperation of the Company’s and its subsidiaries’ businesses. Without limiting the foregoing, the Company and its subsidiaries have taken steps reasonably necessary in accordance with industry standard practices (includingused reasonable efforts to establish and maintain, without limitationand have established, implementing maintained, implemented and monitoring compliance with adequate measures with respect to technical complied with, reasonable information technology, information security, cyber security and data protection controls, policies and procedures, including oversight, access controls, encryption, technological and physical security) safeguards and business continuity/disaster recovery and security plans that are designed to ensure compliance in all material respects with their policies protect against and procedures relating to data privacy and security and the collectionprevent breach, destruction, loss, unauthorized distribution, use, transferaccess, importdisablement, exportmisappropriation or modification, storage, protection, disposal, disclosure or other processing compromise or misuse of Personal or relating to any information technology system or Data that is subject to used in connection with the Data Security Obligations operation of the Company’s and its subsidiaries’ businesses (the “PoliciesBreach”) to protect ). There has been no such Personal Data against loss Breach, and unauthorized access, use, modification, disclosure or other misuse; and (F) the Company and its subsidiaries have made all disclosures not been notified of their then-current Policies to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the have no knowledge of the Companyany event or condition that would reasonably be expected to result in, been inaccurate or in violation of any applicable laws and regulatory rules or requirementssuch Breach.

Data Security Obligations. (A) The Company and its subsidiaries have complied, and are presently, and since the Company’s and its subsidiaries inception have been, in compliance in all material respects, with all applicable internal and external privacy policies, contractual obligations, industry standards, applicable state, federal and international data privacy and security laws and regulations, including without limitation and to the extent applicablelimitation, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, the European Union General Data Protection Regulation (EU 2016/679), the California Consumer Privacy Act, and other statutes, judgments, orders, rules and regulations of any applicable court or arbitrator or other governmental or regulatory authority and any legal obligations regarding the collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing by the Company and its subsidiaries of Personal Data (collectively, the “Data Security Obligations”); (B) neither the Company nor any of its subsidiaries has received any notification of or complaint regarding, or are aware of any other facts that, individually or in the aggregate, would reasonably indicate non-compliance by the Company or any of its subsidiaries with any Data Security Obligation or has any knowledge of any event or conditions that would reasonably be expected to result in any such non-compliance; (C) there is no pending, or to the knowledge of the Company, threatened, action, suit or proceeding by or before any applicable court or governmental agency, authority or body alleging non-compliance by the Company or any of its subsidiaries with any Data Security Obligation; (D) neither the Company nor any of its subsidiaries has conducted or paid for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Data Security Obligation; (E) to ensure compliance with the Data Security Obligations, the Company and its subsidiaries have at all times taken steps reasonably necessary in accordance with industry standard practices (including, without limitation, implementing and monitoring compliance with adequate measures with respect to technical and physical security) designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, use, transfer, import, export, storage, protection, disposal, disclosure or other processing of Personal Data that is subject to the Data Security Obligations (the “Policies”) to protect such Personal Data against loss and unauthorized access, use, modification, disclosure or other misuse; and (F) the Company and its subsidiaries have made all disclosures of their then-current Policies to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements.