INFORMATION PRIVACY AND DATA SECURITY. Citizens takes seriously the privacy concerns of its insureds and others. The purpose of this Section is to properly address the protection, handling and proper disposal of any information the Firm has received from Citizens (“Citizens Confidential Information”). These requirements apply to all information assets, including, but not limited to paper, electronic and film data. The term “Citizens Confidential Information” does not include any information that:
(a) is publicly available through no fault of Firm; (b) Firm developed independently without relying in any way on Citizens Confidential Information. The privacy and data security requirements in this Section are in addition to those set forth in the Firm’s Contract for Legal Services with Citizens and any applicable state or federal law.
INFORMATION PRIVACY AND DATA SECURITY. The Company Group’s practices concerning collection, use, analysis, retention, storage, protection, security, transfer, disclosure, and disposal of Personal Information comply in all material respects with, and have not, since January 1, 2017, violated in any material respect, any (a) Contract with a client, (b) Privacy Laws, or (c) written policy or privacy statement of the Company Group. The Company Group has posted to their website and each of their online sites and services, including all mobile applications, terms of use or service and a privacy policy that complies with Privacy Laws and that accurately reflects in all material respects the Company Group’s practices concerning the collection, use, and disclosure of Personal Information in such online sites, services, and mobile applications. The Company Group has commercially reasonable controls in place designed to address the information security risks and vulnerabilities of the Company Group in light of each member of the Company Group’s business, technology, information systems, and the sensitivity of the Personal Information processed by the Company Group.
INFORMATION PRIVACY AND DATA SECURITY. (a) The Business’s, the Company’s and its Subsidiaries’ practices concerning the creation, receipt, maintenance, transmission, use, disclosure, processing, protection, collection, analysis, retention, storage, privacy, security, breach, transfer, destruction, and disposal of Personal Information comply with, and have not violated, any (i) Contract, (ii) Privacy Laws, or (iii) written policy or privacy statement of the Company or its Subsidiaries.
(b) The Company and its Subsidiaries have implemented reasonable administrative, physical, contractual and technical safeguards sufficient to protect the Personal Information processed or maintained by the Company and its Subsidiaries, and such safeguards are sufficient for the size and scope of the Company and its Subsidiaries and the risks posed to the Personal Information processed by the Business, the Company and its Subsidiaries. The Company and its Subsidiaries maintain reasonable and sufficient written policies and procedures concerning the (i) protection of Personal Information, (ii) the protection of the systems, technology and networks that process such Personal Information, and (iii) prevention, detection, containment, and correction of security violations respecting its information systems.
(c) Section 3.25(c) of the Disclosure Schedule sets forth all incidents impacting the confidentiality, security, integrity, or availability of the Business’s, the Company’s and its Subsidiaries’ information systems and/or the Personal Information processed by the Business, the Company and its Subsidiaries.
INFORMATION PRIVACY AND DATA SECURITY. (a) Each Company is in compliance and has at all times complied in all material respects with all applicable Privacy Laws governing the privacy, security, integrity, accuracy, creation, transmission, receipt, maintenance, use, disclosure, or other protection of Personal Information created, received, maintained, transmitted, or destroyed by such Company, all policies and procedures of such Company, all contractual obligations to which such Company is bound and all industry standards binding upon such Company (collectively, the “Privacy Requirements”).
(b) No Company has suffered any information security or privacy breach or other incident that has resulted in any unauthorized access to, use of and/or disclosure of any Personal Information or any information technology systems on or through which the Personal Information is processed or stored. Each Company has posted to its website and each of its online sites and services, including all mobile applications, terms of use or service and a privacy policy that complies with Privacy Laws and that accurately reflects its practices concerning the collection, use, and disclosure of Personal Information in such online sites, services, and mobile applications. Each Company has sufficient controls in place to ensure the information security needs and address the risks and vulnerabilities of such Company in light of such Company’s business, technology and information systems and the Personal Information processed by such Company.
(c) Each Company has: (i) regularly conducted and regularly conducts vulnerability testing, risk assessments, and external audits of, and tracks security incidents related to the entity’s systems and products (collectively, “Information Security Reviews”); (ii) timely corrected any material exceptions or vulnerabilities identified in such Information Security Reviews; (iii) made available true and accurate copies of all Information Security Reviews; and (iv) timely installed software security patches and other fixes to identified technical information security vulnerabilities. Each Company provides its employees with regular training on privacy and data security matters. No Company has made, or been required by Privacy Laws to make, any disclosures or other notification to any Person or Governmental Authority regarding an actual or potential use or disclosure of information in violation of Privacy Laws.
(d) In connection with each third-party servicing, outsourcing, processing, or otherwise ...
INFORMATION PRIVACY AND DATA SECURITY. (a) The Company Group has established an Information Security Program that is appropriately implemented and maintained, and there have been no material violations of such Information Security Program. The Company Group has (i) assessed and tested its Information Security Program on a no less than annual basis; and (ii) remediated all critical, high, and medium risks and vulnerabilities. The Information Security Program has proven sufficient and compliant with Data Protection Requirements in all material respects. The IT Systems currently used by the Company Group are in all material respects in good working condition, do not contain any malicious code or defect, and operate and perform as necessary for the operation of the Business. All Company Data will continue to be available for Processing by the Company Group following the Closing on substantially the same terms and conditions as existed immediately prior to the Closing. The Company Group has commercially reasonable controls in place designed to address the information security risks and vulnerabilities of the Company Group in light of the Business and the technology, information systems, and the sensitivity of the Personal Information processed by the Company Group.
(b) The Company Group and, with respect to the Processing of Company Data, its Data Processors complies, and has complied in all material respects at all times, with its privacy policies and the Data Protection Requirements. Neither (i) the execution and the delivery of this Agreement nor the Ancillary Agreements to which the Company is a party, (ii) the performance by the Company or its Affiliates of its obligations hereunder and thereunder, nor (iii) the consummation of the Transactions, will (with or without notice or lapse of time or both) violate any Data Protection Requirements or privacy policies of the Company Group. Where the Company Group uses a Data Processor to Process Personal Information, the Data Processor has provided guarantees, warranties, or covenants in relation to Processing of Personal Information, confidentiality, and security measures, and has agreed to comply with those obligations in a manner sufficient for the Company Group’s compliance with Data Protection Requirements.
(c) Except as set forth in Section 3.24(c) of the Disclosure Schedule, the Company Group and, to the Knowledge of the Seller Parties, its Data Processors (i) since January 1, 2023 have not suffered, and are not suffering, a Security Incident, (i...
INFORMATION PRIVACY AND DATA SECURITY. (a) Seller’s practices concerning collection, use, analysis, retention, storage, protection, security, transfer, disclosure and disposal of all data or information constituting the personal information of any natural person, including employees, that has been collected or otherwise obtained, including all such information subject to any applicable Legal Requirements respecting the privacy of financial, credit, or other information (“Privacy Laws”), comply with, and do not violate, any (i) of the terms of any Material Contract, (ii) applicable Privacy Laws or other Legal Requirements or (iii) written policy or privacy statement of Seller (with respect to sub-clause (iii), to the extent existing). All information systems used by Seller in the conduct of the Business are sufficient for the conduct of the Business as currently conducted and as presently proposed to be conducted. Seller uses reasonable means, taking into account the nature of personal information collected and processed by Seller, to protect the security and integrity of all information systems used by the Business.
(b) Seller (i) is not now and has not been in the last three (3) years under investigation by any Governmental Authority for an actual or alleged violation of any applicable Privacy Law, (ii) has not received any written notices from any Governmental Authority relating to any such actual or alleged violations of any applicable Privacy Law, (iii) has not received any complaints, notices or other written communications from any person or entity alleging a violation of any applicable Privacy Law and (iv) has not acted in a manner that would trigger an obligation to notify any person or entity under any applicable Privacy Laws.
(c) Seller has established and maintained commercially reasonable privacy policies relating to privacy, data protection and the collection, retention, protection and use of personal information collected, used or held for use by Seller (the “Privacy Policies”). In connection with its collection, storage, transfer (including any transfer across national borders) and/or use of any personally identifiable information from any employees (collectively, “Employee Personal Information”). Seller is and has been, during the three (3) year period immediately preceding the date hereof, in compliance with, and the consummation of the transactions contemplated hereby will not breach or cause a violation of, all applicable Legal Requirements in all relevant jurisdictions, the ...
INFORMATION PRIVACY AND DATA SECURITY. (i) The Company’s practices concerning collection, use, analysis, retention, storage, protection, security, transfer, disclosure and disposal of Personal Information comply with, and have not violated, any (i) Material Contract (ii) Privacy Laws, or (iii) public-facing written policy or privacy statement of the Company. The Company has posted to its websites and each of its online sites and the Airfox Mobile Wallet, terms of use or service and a privacy policy that complies in all material respects with Privacy Laws and that are consistent with, the Company’s practices concerning the collection, use, and disclosure of Personal Information; and
(ii) The Company is not, and has not been, been in the last two years (i) to the Company’s Knowledge, under investigation by any Governmental Body for an actual or alleged material violation of any Privacy Law or (ii) received any complaints, notices or other written communications from any Governmental Body alleging a material violation of any Privacy Law. The Company maintains, and complies with, written policies and procedures concerning the (i) protection of Personal Information, (ii) the protection of the systems, technology, and networks that process such Personal Information, and (iii) prevention, detection, containment, and correction of security violations respecting its information systems. To the Knowledge of the Company, there has been no incident involving the Company, its customers, personnel or assets that would require the Company to provide notification to any Governmental Body under any Privacy Laws.
INFORMATION PRIVACY AND DATA SECURITY. 3.1.23.1. Seller’s practices concerning collection, use, analysis, retention, storage, protection, security, transfer, disclosure and disposal of personal data with respect to the operation of the Business comply in all material respects with, and do not violate in any material respect, any applicable privacy laws.
3.1.23.2. In the past three (3) years, with respect to the Business, Seller has not (i) been under investigation by any Governmental Authority for an actual or alleged violation of any privacy laws, (ii) received any written notices from the United States Department of Health and Human Services Office for Civil Rights, Department of Justice, Federal Trade Commission, Attorney General of any state or territory of the United States, or any other Governmental Authority, relating to any such actual or alleged violations, (iii) received any written complaints, notices or other written communications from any Person alleging a violation of any privacy law, or (iv) to Seller’s Knowledge triggered an obligation to notify any Person under any privacy law or Business Associate Agreement (as defined by HIPAA).
3.1.23.3. With respect to the operation of the Business, Seller has implemented reasonable administrative, physical and technical safeguards intended to protect the personal data processed by such entity, and such safeguards comply in all material respects with all applicable privacy laws.
3.1.23.4. In the past three (3) years, Xxxxxx has not experienced a breach of unsecured personal data pertaining to the Business under applicable privacy laws.
INFORMATION PRIVACY AND DATA SECURITY. Citizens takes seriously the privacy concerns of its insureds and others. The purpose of this Section is to properly address the protection, handling and proper disposal of any information the Firm has received from Citizens (“Citizens Confidential Information”). These requirements apply to all information assets, including, but not limited to paper, electronic and film data. The term “Citizens Confidential Information” does not include any information that:
(a) is publicly available through no fault of Firm; (b) Firm developed independently without relying in any way on Citizens Confidential Information. Agreement between Citizens and XXXXXXX XXXX, P.L.L.C. d/b/a XXXXXXX XXXX The privacy and data security requirements in this Section are in addition to those set forth in the Firm’s Contract for Legal Services with Citizens and any applicable state or federal law.
INFORMATION PRIVACY AND DATA SECURITY. Each Group Company is and has for the past six (6) years been, in material compliance with: (i) all Applicable Privacy Laws; (ii) publicly facing Company privacy policies and statements, and (iii) contractual obligations relating to the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure, or transfer of Personal Information; ((i)-(iii) collectively, the “Privacy Requirements”). For the past six (6) years, the Group Companies have had in place policies relating to the security and privacy of Personal Information that materially comply with all Applicable Privacy Laws, and the Group Company has made such policies available to Buyer. Each Group Company has posted to its website and each of its online sites and services, including all mobile applications, terms of use or service and a privacy policy that materially complies with Applicable Privacy Laws and that reflects such Group Company’s practices concerning the collection, use, and disclosure of Personal Information in such online sites, services, and mobile applications. Each Group Company has entered into business associate agreements with business associates or subcontractors (as defined under HIPAA) when required by HIPAA and such agreements have been made available to Buyer. For the past six (6) years, each Group Company has, in accordance with Applicable Privacy Laws, maintained reasonable controls in place to detect data security incidents and to protect Personal Information against loss and against data security incidents, and other unauthorized access, use, modification, disclosure, or other misuse that would constitute a violation of Applicable Privacy Laws. For the past six (6) years, each Group Company has: (i) conducted vulnerability testing, risk assessments, and external audits of such Group Company’s systems and products (collectively, “Information Security Reviews”); (ii) timely corrected any material exceptions or critical or high vulnerabilities identified in such Information Security Reviews; (iii) made available true and accurate copies of third party Information Security Reviews; and (iv) timely installed critical and high-risk software security patches and other fixes to identified technical information security vulnerabilities. For the past six (6) years, each Group Company has provided its employees with regular training on privacy and data security matters as required by Privacy Requirements. Except as set ...