Personal Data Protection Practices Clause Samples

Personal Data Protection Practices. The information security practices used with respect to all Personal Data maintained by or, to the Knowledge of Holdings, on behalf of, the Company conform in all material respects to all applicable Privacy and Security Policies and Privacy Laws. The Company has used commercially reasonable efforts consistent with Applicable Law and Applicable Requirements relating to privacy, and consistent with its own Privacy and Security Policies, to store and secure all Personal Data, which are designed to protect against unauthorized access to and use of the Personal Data. The Company contractually requires all third parties providing services to it who have access to or receive Personal Data from the Company to use commercially reasonable efforts, consistent with Applicable Law, to store and secure all Personal Data to protect against unauthorized access to and use of such Personal Data. Except as set forth on Schedule 3.3(aa) of the Disclosure Schedule, to the Knowledge of Holdings, there has been no unauthorized or illegal use, processing, or disclosure of or access to, any Personal Data stored or secured by or for the Company, including with respect to any of its databases. Except as set forth on Schedule 3.3(aa) of the Disclosure Schedule, to the Knowledge of Holdings, there have been no material breaches of the Company’s security procedures or any material attempted or successful unauthorized incidents of access, use, disclosure, modification or destruction of information or interference with systems operations in all or any portion of its IT systems, including any such breach or incident that requires notice to any Person.

Personal Data Protection Practices. (i) The Group Companies have maintained appropriate safeguards to protect Personal Data in accordance with Privacy Legal Requirements. The Group Companies have at all times made all disclosures to, and obtained any necessary consents (unless the Company relies on an alternative legal ground) from, customers, employees, contractors, and other applicable Persons required by Privacy Legal Requirements and has filed any required registrations with the applicable data protection authority. (ii) Each Group Company conducts and operates its businesses, including the operation of the Company Products and its distribution to and use by customers, in material compliance with the Privacy Legal Requirements. Where a Group Company uses a Person to process Personal Data on its behalf, there is in existence a written Contract between such Group Company and each such Person that complies in all material respects with the requirements of all Privacy Legal Requirements. The Group Companies have Made Available to Parent true, correct and complete copies of all such Contracts. To the Knowledge of the Company, such Persons have not breached any such Contracts in any material respect in connection with their processing of Personal Data. The Company has not transferred or authorized the transfer of Personal Data outside of European Union, except where such transfers have complied with the requirements of Privacy Legal Requirements or where lack of compliance thereof has not resulted in a material adverse effect. No Group Company knowingly collects any Personal Data from any person under the age of 13 for use in or as part of any Company Products. (iii) The Company did not Sell Personal Data, as such term is defined under the CCPA.

Personal Data Protection Practices. Section 2.15(q) of the Disclosure Schedule sets out (i) a copy of all the forms of consent used by the Company or any Subsidiary in respect of the collection, use or disclosure of Personal Data, (ii) a description of the complaints process, and a list of all complaints or Claims received by the Company or any Subsidiary in respect of the Personal Data collected, used or disclosed by the Company or any Subsidiary, (iii) a description of the access and security safeguards in place in respect of the Personal Data, including computer security, password protection and physical security, employee training programs with respect to compliance with Privacy Legal Requirement and Personal Data retention and disposal programs, and (iv) a list of the individuals who were designated as responsible for overseeing the Company’s Privacy Policies and compliance with Privacy Legal Requirement.

Personal Data Protection Practices. DERMAdoctor has made available: (i) a description of the complaints process, and an accurate and complete list of all written complaints or claims received by DERMAdoctor or any other Person in respect of the Personal Data collected, used or disclosed by DERMAdoctor or such other Person (in each case, to the extent relating to activities by or for DERMAdoctor); (ii) a description of the access and security safeguards in place in respect of the Personal Data maintained by or for DERMAdoctor, including computer security, password protection and physical security and employee training programs with respect to compliance with Privacy Legal Requirements and Personal Data retention and disposal programs; (iii) a description of the process, protocols and/or technologies used to comply with Do Not Track signals, with consumer opt-outs related to self-regulatory programs, and with other consumer preferences; (iv) a description of the process used to ensure the anonymization, privacy and deletion of Personal Data; (v) a description of the identifiers and other information stored in HTTP cookies and HTML5 local storage; and (vi) an accurate and complete list of the individuals currently designated as responsible for overseeing DERMAdoctor Privacy Policies and ensuring compliance with Privacy Legal Requirements. During the past three (3) years, DERMAdoctor has at all times made all disclosures to, and obtained any necessary consents from users, consumers, customers, employees, contractors, and other applicable Persons required by Privacy Legal Requirements and has filed required registrations with the applicable data protection authority. To the Knowledge of DERMAdoctor, neither DERMAdoctor nor any Person performing services for DERMAdoctor, has attempted to reverse engineer Personal Data in a manner intended to reidentify anonymized data.

Personal Data Protection Practices. Section 2.2(w)(ii) of the Disclosure Schedule sets out a copy or summary of the Company’s Privacy and Security Policies, including (without limitation) all the forms of consent (including a description of how such consent is obtained) used by Company in respect of the collection, use or disclosure of Personal Data. The information security practices used with respect to all Personal Data maintained by or on behalf of the Company conform, and at all times have conformed, to all Privacy and Security Policies and Privacy Laws. The Company has used commercially reasonable efforts consistent with standard industry practices, applicable Law, self-governing rules and policies relating to privacy and its own Privacy and Security Policies to store and secure all Personal Data to protect against unauthorized access to or use of the Personal Data. To the knowledge of the Company and/or Shareholder, there has been no unauthorized or illegal use, processing, or disclosure of or access to, any Personal Data stored or secured by or for the Company, including with respect to any of its databases. The Company maintains reasonable administrative, physical and technical security controls for its computer systems in an effort to safeguard such systems against the risk of business disruption arising from attacks (including virus, trojan horse, worm and denial-of-service attacks), unauthorized activities of any employee or contractor of the Company, hackers or any other Person. To the knowledge of the Company and/or Shareholder, there have been no material breaches of the Company’s security procedures or any material attempted or successful unauthorized incidents of access, use, disclosure, modification or destruction of information or interference with systems operations in all or any portion of its computer systems, including any such breach or incident that requires notice to any Person.