Common use of INFORMATION PRIVACY AND DATA SECURITY Clause in Contracts

INFORMATION PRIVACY AND DATA SECURITY. (a) The Business’s, the Company’s and its Subsidiaries’ practices concerning the creation, receipt, maintenance, transmission, use, disclosure, processing, protection, collection, analysis, retention, storage, privacy, security, breach, transfer, destruction, and disposal of Personal Information comply with, and have not violated, any (i) Contract, (ii) Privacy Laws, or (iii) written policy or privacy statement of the Company or its Subsidiaries. (b) The Company and its Subsidiaries have implemented reasonable administrative, physical, contractual and technical safeguards sufficient to protect the Personal Information processed or maintained by the Company and its Subsidiaries, and such safeguards are sufficient for the size and scope of the Company and its Subsidiaries and the risks posed to the Personal Information processed by the Business, the Company and its Subsidiaries. The Company and its Subsidiaries maintain reasonable and sufficient written policies and procedures concerning the (i) protection of Personal Information, (ii) the protection of the systems, technology and networks that process such Personal Information, and (iii) prevention, detection, containment, and correction of security violations respecting its information systems. (c) Section 3.25(c) of the Disclosure Schedule sets forth all incidents impacting the confidentiality, security, integrity, or availability of the Business’s, the Company’s and its Subsidiaries’ information systems and/or the Personal Information processed by the Business, the Company and its Subsidiaries.

INFORMATION PRIVACY AND DATA SECURITY. (a) The Business’s, the Company’s and its Subsidiaries’ practices concerning the creation, receipt, maintenance, transmission, use, disclosure, processing, protection, collection, analysis, retention, storage, privacy, security, breach, transfer, destruction, and disposal of Personal Information comply with, and have not violated, any (i) Contract, (ii) Privacy Laws, or (iii) written policy or privacy statement of the Company or its Subsidiaries. (b) The Company and its Subsidiaries have implemented reasonable administrative, physical, contractual and technical safeguards sufficient to protect the Personal Information processed or maintained by the Company and its Subsidiaries, and such safeguards are sufficient for the size and scope of the Company and its Subsidiaries and the risks posed to the Personal Information processed by the Business, the Company and its Subsidiaries. The Company and its Subsidiaries maintain reasonable and sufficient written policies and procedures concerning the (i) protection of Personal Information, (ii) the protection of the systems, technology and networks that process such Personal Information, and (iii) prevention, detection, containment, and correction of security violations respecting its information systems. (c) Section ‎Section 3.25(c) of the Disclosure Schedule sets forth all incidents impacting the confidentiality, security, integrity, or availability of the Business’s, the Company’s and its Subsidiaries’ information systems and/or the Personal Information processed by the Business, the Company and its Subsidiaries. Except as set forth in ‎Section 3.25(c) of the Disclosure Schedule, no claims have been asserted or threatened against the Company or any of its Subsidiaries (and to the knowledge of the Company, no such claims are likely to be asserted or threatened) by any Person alleging a violation of such Person’s privacy, personal or confidentiality rights under any applicable Laws.