Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state and federal data privacy and security laws and regulations, including, without limitation, HIPAA, and the Company and its Subsidiaries are in compliance with the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) as applicable (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have, to the knowledge of the Company, at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
Compliance with Privacy Laws NCPS represents and warrants that its collection, access, use, storage, disposal and disclosure of Personal Data does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. Without limiting the foregoing, NCPS shall implement administrative, physical and technical safeguards to protect Personal Data that are no less rigorous than accepted industry, and shall ensure that all such safeguards, including the manner in which Personal Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Escrow Agreement. NCPS shall use and disclose Personal Data solely and exclusively for the purposes for which the Personal Data, or access to it, is provided pursuant to the terms and conditions of this Escrow Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Data for NCPS’s own purposes or for the benefit of any party other than Issuer. For purposes of this section, “Personal Data” shall mean information provided to NCPS by or at the direction of the Issuer, or to which access was provided to NCPS by or at the direction of the Issuer, in the course of NCPS’s performance under this Escrow Agreement that: (i) identifies or can be used to identify an individual (also known as a “data subject”) (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); or (ii) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers), including the identifying information on individuals described in Section 12.
Compliance with Health Care Laws Each of the Company and its Subsidiaries is, and at all times has been, in compliance in all material respects with all applicable Health Care Laws, and has not engaged in activities which are, as applicable, cause for false claims liability, civil penalties, or mandatory or permissive exclusion from Medicare, Medicaid, or any other state or federal health care program. For purposes of this Agreement, “Health Care Laws” means: (i) the Federal Food, Drug, and Cosmetic Act (21 U.S.C. §§ 301 et seq.), the Public Health Service Act (42 U.S.C. §§ 201 et seq.), and the regulations promulgated thereunder; (ii) all applicable federal, state, local and all applicable foreign health care related fraud and abuse laws, including, without limitation, the U.S. Anti-Kickback Statute (42 U.S.C. Section 1320a-7b(b)), the U.S. Physician Payment Sunshine Act (42 U.S.C. § 1320a-7h), the U.S. Civil False Claims Act (31 U.S.C. Section 3729 et seq.), the criminal False Claims Law (42 U.S.C. § 1320a-7b(a)), all criminal laws relating to health care fraud and abuse, including but not limited to 18 U.S.C. Sections 286 and 287, and the health care fraud criminal provisions under the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) (42 U.S.C. Section 1320d et seq.), the exclusion laws (42 U.S.C. § 1320a-7), the civil monetary penalties law (42 U.S.C. § 1320a-7a), HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act (42 U.S.C. Section 17921 et seq.), and the regulations promulgated pursuant to such statutes; (iii) Medicare (Title XVIII of the Social Security Act); (iv) Medicaid (Title XIX of the Social Security Act); (v) the Controlled Substances Act (21 U.S.C. §§ 801 et seq.) and the regulations promulgated thereunder; and (vi) any and all other applicable health care laws and regulations. Neither the Company nor, to the knowledge of the Company, any subsidiary has received notice of any claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action from any court or arbitrator or governmental or regulatory authority or third party alleging that any product operation or activity is in material violation of any Health Care Laws, and, to the Company’s knowledge, no such claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action is threatened. Neither the Company nor, to the knowledge of the Company, any subsidiary is a party to or has any ongoing reporting obligations pursuant to any corporate integrity agreements, deferred prosecution agreements, monitoring agreements, consent decrees, settlement orders, plans of correction or similar agreements with or imposed by any governmental or regulatory authority. Additionally, neither the Company, its Subsidiaries nor any of its respective employees, officers or directors has been excluded, suspended or debarred from participation in any U.S. federal health care program or human clinical research or, to the knowledge of the Company, is subject to a governmental inquiry, investigation, proceeding, or other similar action that could reasonably be expected to result in debarment, suspension, or exclusion.
