Common use of Personal Data; Privacy Requirements Clause in Contracts

Personal Data; Privacy Requirements. In connection with the collection and/or use of an individual’s name, address, credit card information, email address, social security number, and account numbers and any other information that is “nonpublic personal information” concerning a consumer for Title V of the Gramm Xxxxx Xxxxxx Act and its implementing regulation 12 C.F.R. Part 1016 or otherwise protected information under similar federal or state privacy laws (“Personal Data”), the Company and its Subsidiaries have at all times complied with and currently comply with all applicable statutes and regulations in all relevant jurisdictions where the Company currently conducts business, its publicly available privacy policy, any privacy policy otherwise furnished for customers and any third party privacy policies which the Company has been contractually obligated to comply with, in each case relating to the collection, storage, use and onward transfer of all Personal Data collected by or on behalf of the Company (the “Privacy Requirements”). The Company and its Subsidiaries will have the right after the execution of this Agreement to use such Personal Data in substantially the same manner as used by the Company and its Subsidiaries prior to the execution of this Agreement. The Company and its Subsidiaries have adopted a written information security program approved by their respective boards of directors. Such information security program meets the requirements of 12 C.F.R. part 000, Xxxxxxxx X (the “Information Security Requirements”) and includes (A) security measures in place to protect all Personal Data under its control and/or in its possession and to protect such Personal Data from unauthorized access by any parties and (B) the Company’s and its Subsidiaries’ hardware, software, encryption, systems, policies and procedures are sufficient to protect the privacy, security and confidentiality of all Personal Data in accordance with the Privacy Requirements. To the Knowledge of the Company, neither the Company nor its Subsidiaries has suffered any breach in security that has permitted any unauthorized access to the Personal Data under the Company’s or its Subsidiaries’ control or possession. The Company and its Subsidiaries have required and do require all third parties to which any of them provide Personal Data and/or access thereto to maintain the privacy, security and confidentiality of such Personal Data, including by contractually obliging such third parties to protect such Personal Data from unauthorized access by and/or disclosure to any unauthorized third parties.

Personal Data; Privacy Requirements. In connection with the collection and/or use of an individual’s name, address, credit card information, email address, social security number, and account numbers and any other information that is “nonpublic non public personal information” concerning a consumer for Title V of the Gramm Xxxxx Xxxxxx Act and its implementing regulation 12 C.F.R. Part 1016 or otherwise protected information under similar federal or state privacy laws (“Personal Data”), the Company and its Subsidiaries have at all times complied with and currently comply with all applicable statutes and regulations in all relevant jurisdictions where the Company currently conducts business, its publicly available privacy policy, any privacy policy otherwise furnished for customers and any third party privacy policies which the Company has been contractually obligated to comply with, in each case relating to the collection, storage, use and onward transfer of all Personal Data collected by or on behalf of the Company (the “Privacy Requirements”). The Company and its Subsidiaries will have the right after the execution of this Agreement to use such Personal Data in substantially the same manner as used by the Company and its Subsidiaries prior to the execution of this Agreement. The Company and its Subsidiaries have adopted a written information security program approved by their respective boards of directors. Such information security program meets the requirements of 12 C.F.R. part 000, Xxxxxxxx X (the “Information Security Requirements”) and includes (A) security measures in place to protect all Personal Data under its control and/or in its possession and to protect such Personal Data from unauthorized access by any parties and (B) the Company’s and its Subsidiaries’ hardware, software, encryption, systems, policies and procedures are sufficient to protect the privacy, security and confidentiality of all Personal Data in accordance with the Privacy Requirements. To the Knowledge of the Company, neither the Company nor its Subsidiaries has suffered any breach in security that has permitted any unauthorized access to the Personal Data under the Company’s or its Subsidiaries’ control or possession. The Company and its Subsidiaries have required and do require all third parties to which any of them provide Personal Data and/or access thereto to maintain the privacy, security and confidentiality of such Personal Data, including by contractually obliging such third parties to protect such Personal Data from unauthorized access by and/or disclosure to any unauthorized third parties.

Personal Data; Privacy Requirements. In connection with the collection and/or use of an individual’s name, address, credit card information, email address, social security number, and account numbers and any other information that is “nonpublic personal information” concerning a consumer for Title V of the Gramm Xxxxx Xxxxxx Act and its implementing regulation 12 C.F.R. Part 1016 or otherwise protected information under similar federal or state privacy laws (“Personal Data”), the Company Severn and its Subsidiaries have at all times complied with and currently comply in all material respects with all applicable statutes and regulations in all relevant jurisdictions where the Company Severn currently conducts business, its publicly available privacy policy, any privacy policy otherwise furnished for customers and any third party privacy policies which the Company Severn has been contractually obligated to comply with, in each case relating to the collection, storage, use and onward transfer of all Personal Data collected by or on behalf of the Company Severn (the “Privacy Requirements”). The Company and its Subsidiaries will have the right after the execution of this Agreement to use such Personal Data in substantially the same manner as used by the Company and its Subsidiaries prior to the execution of this Agreement. The Company Severn and its Subsidiaries have adopted a written information security program approved by their respective boards of directors. Such information security program meets the requirements of 12 C.F.R. part 00030, Xxxxxxxx X Appendix B (the “Information Security Requirements”) and includes (A) security measures in place to protect all Personal Data under its control and/or in its possession and to protect such Personal Data from unauthorized access by any parties and (B) the CompanySevern’s and its Subsidiaries’ hardware, software, encryption, systems, policies and procedures are sufficient to protect the privacy, security and confidentiality of all Personal Data in accordance with the Privacy Requirements. To the Knowledge of the CompanySevern, neither the Company Severn nor its Subsidiaries has suffered any breach in security that has permitted any unauthorized access to the Personal Data under the CompanySevern’s or its Subsidiaries’ control or possession. The Company Severn and its Subsidiaries have required and do require all third parties to which any of them provide Personal Data and/or access thereto to maintain the privacy, security and confidentiality of such Personal Data, including by contractually obliging such third parties to protect such Personal Data from unauthorized access by and/or disclosure to any unauthorized third parties.

Personal Data; Privacy Requirements. In connection with the collection and/or use (a) Each of an individual’s name, address, credit card information, email address, social security number, and account numbers and any other information that is “nonpublic personal information” concerning a consumer for Title V of the Gramm Xxxxx Xxxxxx Act and its implementing regulation 12 C.F.R. Part 1016 or otherwise protected information under similar federal or state privacy laws (“Personal Data”), the Company CVLY and its Subsidiaries have complies and has at all times complied with and currently comply in all material respects with all (i) applicable statutes Privacy Laws (as defined in Section 9.3), (ii) regulatory, industry, and regulations in self-regulatory guidelines and codes, including the Payment Card Industry Data Security Standard and all relevant jurisdictions where other rules of the Company currently conducts businesspayment card brands, that are legally binding on CVLY and its publicly available privacy policy, any privacy policy otherwise furnished for customers and any third party privacy policies which the Company has been contractually obligated to comply with, in each case Subsidiaries relating to the receipt, collection, compilation, use, storage, use and onward processing, sharing, safeguarding, security, disposal, destruction, disclosure, or transfer of personal information, (iii) all privacy policies published on each web site of CVLY or any of its Subsidiaries or otherwise communicated by CVLY or any of its Subsidiaries in writing to users of any such web site and other third parties, and (iv) any contractual commitment made by CVLY or any of its Subsidiaries with respect to such Personal Data collected by or on behalf of the Company Information (the “CVLY Privacy Requirements”). The Company CVLY and each of its Subsidiaries will have maintains a privacy policy that incorporates all disclosures to data subjects required by applicable CVLY Privacy Requirements and none of the right after the execution disclosures made or contained in such privacy policy has been materially inaccurate, misleading or deceptive or in violation of this Agreement to use such Personal Data applicable CVLY Privacy Requirements in substantially the same manner as used by the Company and its Subsidiaries prior to the execution of this Agreement. The Company and its Subsidiaries have any material respects. (b) CVLY has adopted a written information security program approved by their respective boards of directorsthe CVLY Board. Such information security program meets the requirements of 12 C.F.R. part 000all applicable information security laws (collectively, Xxxxxxxx X (the “Information Security Requirements”) and includes (A) functioning security measures in place designed to protect all Personal Data Information under its CVLY’s control and/or in its possession and to protect such Personal Data Information from unauthorized access or use by any parties parties. CVLY has (i) implemented reasonable procedures to detect data security incidents and (Bii) the Company’s implemented and monitored compliance with such procedures with respect to technical and physical security to protect Personal Information against loss and against unauthorized access, use, modification, disclosure or other misuse. (c) Since January 1, 2020, CVLY has: (i) conducted and conducts vulnerability testing, risk assessments, and audits of, and tracks security incidents related to, CVLY IT Systems and Products of CVLY and its Subsidiaries’ hardwareSubsidiaries (collectively, software“CVLY Information Security Reviews”); and (ii) corrected any critical exceptions or vulnerabilities identified in such CVLY Information Security Reviews. CVLY has employed commercially reasonable disaster recovery and business continuity plans, encryptionprocedures and facilities and has taken commercially reasonable steps to safeguard the CVLY IT Systems. CVLY provides its employees with regular training on privacy and data security matters. (d) In connection with each third-party servicing, systemsoutsourcing, policies and procedures are sufficient processing, or otherwise using Personal Information collected, held, or controlled by or on behalf of CVLY, to protect the privacyextent required under applicable Privacy Laws, security and confidentiality of all Personal Data CVLY has entered into written data processing agreements with any such third party in accordance with the requirements of applicable CVLY Privacy Requirements. . (e) To the Knowledge of CVLY, there have been no material data security incidents, personal data breaches or other adverse events or incidents involving unauthorized use and access to Personal Information in the Companycustody and control of CVLY or any of its Subsidiaries or any service provider acting on behalf of CVLY or any of its Subsidiaries. CVLY has a data breach response plan in place and tests this plan on a no less than an annual basis. (f) The consummation of any of the transactions contemplated hereby will not violate any applicable CVLY Privacy Requirements. (g) In the five years prior to the date of this Agreement, neither the Company CVLY nor any of its Subsidiaries has suffered received any breach in security that has permitted correspondence relating to, or written notice of any unauthorized access proceedings, claims, investigations or alleged violations of, applicable CVLY Privacy Requirements from any Person or Governmental Authority, and, to the Personal Data under Knowledge of CVLY, (i) there is no such ongoing proceeding, claim, investigation or allegation (ii) nor are there any facts or circumstances which could reasonably serve as the Company’s basis for any proceedings, claims, investigations or its Subsidiaries’ control alleged violations of, applicable CVLY Privacy Requirements from any Person or possession. The Company Governmental Authority. (h) CVLY and its Subsidiaries have required and do require all third parties to which any of them provide Personal Data and/or access thereto to maintain the privacy, security and confidentiality of such Personal Data, including by contractually obliging such third parties to protect such Personal Data from unauthorized access by and/or disclosure not distribute marketing communications to any unauthorized third partiesPerson except in accordance with applicable CVLY Privacy Requirements. (i) To the Knowledge of CVLY, CVLY is not subject to the California Consumer Privacy Act (“CCPA”) or the European General Data Protection Regulation (“GDPR”) and has not engaged in any activities that would cause it to be required to comply with the CCPA or the GDPR.