Privacy and Cybersecurity Sample Clauses

Privacy and Cybersecurity. (a) The Company and its Subsidiaries and their officers, employees are and, since December 31, 2018, have been in compliance in all material respects with all Data Privacy and Security Requirements. The Company and its Subsidiaries have in place reasonable policies and procedures designed for the proper collection, processing, transfer, disclosure, sharing, storing, security and use of Personal Data, and that comply in all material respects with Data Privacy and Security Requirements. (b) The Company and its Subsidiaries have taken commercially reasonable steps to train their employees on privacy and data security matters, and to ensure that such employees are under written obligations of confidentiality with respect to such Personal Data. All Persons authorized to collect, process, transfer, disclose, share, store or use Personal Data on behalf of the Company or any of its Subsidiaries have not, to the Company’s knowledge: (i) materially breached any written contracts or (ii) materially violated any Data Privacy and Security Requirements. (c) Except as set forth on Section 4.22 of the Company Disclosure Letter, there have been no material Security Incidents since December 31, 2018. Except as set forth on Section 4.22 of the Company Disclosure Letter, none of the Company or any of its Subsidiaries has since December 31, 2018: (i) received any written notice (or, to the Company’s knowledge, received any other notice) from any Person; (ii) been required by the Data Privacy and Security Requirements to give any notice to any Person; or (iii) been subject to any Proceeding, in each case with respect to any Security Incident. The Company and its Subsidiaries have implemented and maintain commercially reasonable security, disaster recovery and business continuity plans, procedures and facilities consistent with applicable industry standards. (d) The Company and its Subsidiaries have subscribed to a cyber-insurance policy which materially complies with all contractual and statutory requirements to which the Company and its Subsidiaries are subject to in this respect. (e) The Company and its Subsidiaries have not been and are not currently: (a) to the Company’s knowledge, under audit or investigation by any authority regarding collection, processing, transfer, disclosure, sharing, storing, protection and use of Personal Data, except for those carried out in the ordinary course of business; or (b) received in writing (or, to the Company’s knowledge, received in any...

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and have at all times been in material compliance with (i) Privacy Laws, (ii) policies, notices, statements and representations relating to the Processing of Personal Information, (iii) any privacy choices required by applicable Law, including opt-out preferences offered by the Company or its Subsidiaries to end users relating to Personal Information, and (iv) any contractual commitment made by the Company or any Subsidiary of the Company that is applicable to Personal Information, including contractual obligations concerning cybersecurity, data security and the security of the Company’s and each of its Subsidiaries’ information technology systems, ((i)-(iv) together with Privacy Laws, the “Company Privacy Commitments”). (b) The execution and delivery by the Company of this Agreement and the applicable Ancillary Agreements and the consummation of the transactions contemplated hereby and thereby do not and will not (i) require the delivery of any notice to or consent from any Person relating to Personal Information and (ii) conflict with or materially violate any Company Privacy Commitments. For the avoidance of doubt, to the extent Personal Information held or controlled by the Company is “personal information” under the CCPA, such data is an asset as contemplated by section 1798.140(t)(2)(D). The Company and its Subsidiaries currently make, and have at all times made, available to individuals (in each case, at or before the moment of collection of Personal Information) privacy policies and such policies are, and have at all times been, accurate, complete and not misleading (including by omission) of the Company’s and its Subsidiaries’ practices in relation to Personal Information and inclusive of all disclosures required by Privacy Laws. (c) The Company and its Subsidiaries have implemented and maintained, and have required their vendors and any other third Person with whom Personal Information is shared or who processes Personal Information on or on behalf of the Company’s or the Subsidiaries’ behalf to implement and maintain, commercially reasonable technical, physical and organizational measures, security systems and technologies to protect such Personal Information owned or controlled by the Company and/or its Subsidiaries and computers, networks, software and systems used by the Company or any Subsidiary of the Company from loss, theft, unauthorized access, use, disclosure or modification (a “Security Inc...

Privacy and Cybersecurity. Except as disclosed in the Registration Statement, the General Disclosure Package and the Final Prospectus, (i) there has been no security breach or incident, unauthorized access or disclosure, or other compromise of, or relating to, the Company or its Subsidiaries information technology and computer systems, networks, hardware, software, data and databases, equipment or technology (together, the “IT Systems”), including any information defined as “personal data,” “personal information,” “protected health information,” “nonpublic personal information,” or other similar terms as defined by applicable privacy, data security and data breach notification laws, the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company and its Subsidiaries, and any such data processed or stored by third parties on behalf of the Company and its Subsidiaries (collectively, “Personal Data”); (ii) neither the Company nor its Subsidiaries have been notified of, and each of them have no knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT Systems or to its Personal Data and has not been required to notify any Governmental Entity or Person of same; (iii) the Company and its Subsidiaries have established and maintain appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Personal Data reasonably consistent with industry standards and practices, or as required by applicable regulatory standards; and (iv) the Company’s IT Systems operate and perform as necessary to operate the Company’s businesses, and do not contain any “back door,” “drop dead device,” “time bomb,” “Trojan horse,” “virus,” “ransomware,” “worm,” or other disabling or malicious codes. The Company and its Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data, and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

Privacy and Cybersecurity. (a) Except as would not have a Group Company Material Adverse Effect, each Group Company maintains and is in compliance with, and during the last twelve (12) months has maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information in the possession or control of such Group Company, (ii) the contractual obligations concerning cybersecurity, data security and the security of the information technology systems of such Group Company. There are no material Actions by any Person (including any Governmental Authority) pending to which any Group Company is a named party, or as to which such Group Company has received a threat in writing, alleging a violation of any third Person’s privacy or personal information rights. (b) During the last twelve (12) months (i) there have been, no material breaches of the security of the information technology systems under the exclusive control of any Group Company, and (ii) there have been no disruptions in any such information technology systems that materially adversely affected the business or operations of such Group Company. Each Group Company takes commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse. To the knowledge of each Group Company, such Group Company has not (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor to the knowledge of such Group Company has any such notice or complaint been threatened in writing against such Group Company.

Privacy and Cybersecurity. (a) The Company and its Subsidiaries maintain and are in compliance in all material respects, and since the date that is three (3) years preceding the date of this Agreement, have maintained and been in compliance in all material respects with, (i) all applicable Privacy Laws and (ii) the Company’s and its Subsidiaries’ contractual obligations concerning cybersecurity, Personal Information and data privacy and security and the security of the Company’s and each of its Subsidiaries’ information technology systems (collectively, (i) and (ii), “Personal Information Laws and Policies”). To the knowledge of the Company, there are no Actions by any Person (including any Governmental Authority) pending to which the Company or any of the Company’s Subsidiaries is a named party or, to the knowledge of the Company, threatened (in writing, or to the knowledge of the Company, otherwise) against the Company or its Subsidiaries alleging a violation of any Personal Information Laws and Policies, and there have been no such Actions brought against the Company or any of the Company’s Subsidiaries. To the knowledge of the Company, neither the Company nor any Subsidiary of the Company has received any written notice from any Governmental Authority relating to an alleged violation of Personal Information Laws and Policies. (b) Since the date that is three (3) years preceding the date of this Agreement, (i) there have been no material breaches of the security of the IT Assets used or held for use by the Company and its Subsidiaries in their businesses, and (ii) there have been no disruptions in any such IT Assets that materially adversely affected the Company’s and its Subsidiaries’ business or operations. To the knowledge of the Company, the Company and its Subsidiaries have taken commercially reasonable and legally compliant measures designed to protect the confidentiality, integrity and security of any Personal Information in its possession or control. To the knowledge of the Company, in the past three (3) years, neither the Company nor any Subsidiary of the Company has (A) experienced any unauthorized acquisition, use, or access of unencrypted Personal Information in the possession or control of the Company or any Subsidiary that requires notification under applicable Laws or (B) received any written notice or complaint from any Person (including any Governmental Authority) with respect to any of the foregoing, nor has any such notice or complaint been threatened in writin...

Privacy and Cybersecurity. (a) Except as would not, individually or in the aggregate, reasonably be expected to be material to the Bank and the Transferred Subsidiaries, taken as a whole, (i) the Bank and the Transferred Subsidiaries are in compliance with all applicable Privacy Laws, the Payment Card Industry Data Security Standard and with all public-facing privacy policies that cover the Bank and the Transferred Subsidiaries; (ii) since January 1, 2019, there has been no unauthorized access, use, modification, disclosure or other misuse of the Personal Information or other information in respect of customers (including borrowers, depositors, clients and counterparties) of the Bank and the Transferred Subsidiaries in the possession or under the control of the Bank or the Transferred Subsidiaries, or other Persons performing services on behalf of the Bank or the Transferred Subsidiaries (with respect to the business of the Bank and the Transferred Subsidiaries), in each case, other than incidents that were resolved without cost, liability or the duty to notify any Person. (b) Except as would not, individually or in the aggregate, reasonably be expected to be material to the Bank and the Transferred Subsidiaries, taken as a whole, (i) the Bank and the Transferred Subsidiaries own or have a license, service agreement or other right to use all IT Assets that are used in their respective businesses, (ii) the Bank and the Transferred Subsidiaries have implemented commercially reasonable IT Asset and data security, relevant data backup and business continuity procedures with respect to all IT Assets used in the businesses of the Bank and the Transferred Subsidiaries (and all information, including Personal Information, processed thereby), (iii) the IT Assets owned or controlled by the Bank or the

Privacy and Cybersecurity. (a) The Business Entities have and will have, as of the Closing, established policies, programs and procedures with respect to the collection, retention, use, processing, modification, storage, protection, import, export, disclosure and transfer of Personal Information, including privacy policies, consistent with applicable Laws relating to privacy, data protection, data security or the collection, storage, handling, disclosure, transfer, use or processing of Personal Information (“Privacy Laws”), and for the past three (3) years have maintained and enforced such policies, programs and procedures. Except as would not be expected to be material to the business of the Business Entities, taken as a whole, the Business Entities are in compliance with, and for the past three (3) years has been in compliance with, (i) all Privacy Laws and (ii) the Business Entities’ privacy policies and contractual commitments relating to privacy, data protection, data security or the collection, storage, handling, disclosure, transfer, use or processing of Personal Information or the Company Systems (collectively, “Privacy Obligations”). There are no Actions by any Person (including any Governmental Authority) pending to which one of the Business Entities is a named party or, to the knowledge of the Company, threatened against one of the Business Entities alleging a violation or breach of any Privacy Laws or Privacy Obligations. (b) The Company Systems (i) are sufficient for the immediate needs of the Business Entities, including as to capacity, scalability and ability to process current and anticipated peak volumes in a timely manner and (ii) are in sufficiently good working condition to effectively perform all information technology operations and include a sufficient number of license seats for all software as necessary for the operation of the Enterprise Apps Business. To the knowledge of the Company, in the past three (3) years, (A) there have been no material unauthorized intrusions or access or breaches of the security of the Company Systems controlled by the Business Entities or, to the knowledge of the Company, all other Company Systems, and (B) there have been no failures, breakdowns, continued substandard performance, or disruptions in any Company Systems that adversely affected the Business Entities’ businesses or operations in any material respect. The Business Entities take, and following the Distribution will take, commercially reasonable measures designed to pro...

Privacy and Cybersecurity. (a) Except as would not have a Company Material Adverse Effect, the Group Companies are, and during the three (3) years prior to the date of this Agreement have been, in compliance with Privacy Obligations, Cybersecurity Laws and Data Security Laws. (b) To the extent required by applicable Privacy Obligations, the Group Companies have provided notice to individuals about whom the Group Companies Process or direct the Processing of Personal Data regarding the applicable Group Company’s Personal Data Processing activities, and such notice fully and accurately discloses in all material respects how the Group Companies Process Personal Data about such individuals. Complete and correct copies of all written privacy notices have been made available to SPAC. (c) The Group Companies have, where required by Privacy Laws, contractually obligated third parties Processing Personal Data on behalf of the Group Companies to comply with applicable Privacy Laws. (d) The Group Companies have taken reasonable steps to protect and secure Business Data from loss, theft, unauthorized or unlawful Processing. (e) The Group Companies have contractually obligated all third parties Processing material Business Data on behalf of the Group Companies to (i) comply with applicable Privacy Obligations and (ii) take reasonable steps to protect and secure Business Data from loss, theft, unauthorized or unlawful Processing or other misuse. (f) The Group Companies have obtained or will obtain any and all necessary rights, approvals, permissions, and consents relating to its Processing of Personal Data necessary in connection with the transactions contemplated by this Agreement such that the transaction will not violate in any material respect any Privacy Laws, except to the extent attributable to the actions or omissions of a third party, including the Merger Subs and/or SPAC. (g) The Group Companies have implemented and maintained a written information security program that is comprised of reasonable and appropriate policies and technical, physical, administrative and organizational security measures designed to ensure a level of protection, security, confidentiality, integrity and availability of the information technology software and systems utilized by any Group Company in the operation of the business of the Company and its Subsidiaries (“IT Systems”) as appropriate for the risk, including by being designed to protect all Business Data Processed thereby, against loss, theft, unauthoriz...

Privacy and Cybersecurity. (a) The Company maintains and is in compliance with, and during the last three years has maintained and been in compliance with, (i) all applicable Laws relating to the privacy and/or security of personal information, (ii) the Company’s posted or publicly facing privacy policies, and (iii) the Company’s contractual obligations concerning cybersecurity, data security and the security of the Company’s information technology systems, in each case of (i)-(iii) above, other than any non-compliance that, individually or in the aggregate, has not been and would not reasonably be expected to be material to the Company. There are no Actions by any Person (including any Governmental Authority) pending to which the Company is a named party or, to the Knowledge of the Company, threatened in writing, against the Company alleging a violation of any third Person’s privacy or personal information rights. (b) During the last three years (i) there have been, no material breaches of the security of the information technology systems of the Company, and (ii) there have been no disruptions in any information technology systems that materially adversely affected the Company’s business or operations. The Company takes commercially reasonable and legally compliant measures designed to protect confidential, sensitive or personally identifiable information in its possession or control against unauthorized access, use, modification, disclosure or other misuse, including through administrative, technical and physical safeguards. To the Knowledge of the Company, the Company has not (A) experienced any incident in which such information was stolen or improperly accessed, including in connection with a breach of security, or (B) received any written notice or complaint from any Person with respect to any of the foregoing, nor has any such notice or complaint been threatened in writing against the Company.