Privacy and Information Security. (a) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, each Acquired Company maintains commercially reasonable procedures and external and internal policies that comply with applicable Laws governing Personal Data and are designed to protect Personal Data from unauthorized access, use, and disclosure. (b) Except as would not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external and internal written policies, as applicable, governing the security, privacy, transfer and use of Personal Data; (ii) applicable Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data. (c) Since January 1, 2019, except as would not reasonably be expected to have a Material Adverse Effect, no Acquired Company has experienced any unauthorized access, acquisition, theft, destruction, or disclosure of Personal Data. Since January 1, 2019, none of the Acquired Companies have been legally required to provide any notices to data owners in connection with an unauthorized disclosure of Personal Data and none of the Acquired Companies have provided any such notice. (d) There are no claims pending or, to the Knowledge of the Company, threatened in writing against any of the Acquired Companies alleging a violation of any Person’s Personal Data or any Law applicable to the Processing of Personal Data. To the Knowledge of the Company, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosure, and transfer of Personal Data. (e) Since January 1, 2019, no Acquired Company has received any material written claim, complaint, inquiry, or notice from any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of Personal Data. (f) No Acquired Company has made any commitments under Company Contracts in connection with any Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material Personal Data after the Closing in a substantially similar manner as currently used or permitted to be used by the Acquired Companies.
Appears in 2 contracts
Samples: Merger Agreement (Flexion Therapeutics Inc), Merger Agreement (Pacira BioSciences, Inc.)
Privacy and Information Security. Each of Holdings and its Subsidiaries complies, and during the past five (a5) Except as would notyears has complied with (i) all Privacy and Information Security Requirements, individually or in (ii) its privacy policies and notices, and (iii) all contracts relating to Processing of Personal Data, except to the aggregate, extent that failure to so comply could not be reasonably be expected to have a Material Adverse Effect. Neither Holdings nor any of its Subsidiaries has received in the past five (5) years any notice, each Acquired allegation, complaint or other communication, and to their knowledge, there is no pending investigation by any Governmental Authority, regarding any actual or possible violation of any Privacy and Information Security Requirement by or with respect to Holdings or any of its Subsidiaries. To the knowledge of Holdings and its Subsidiaries, neither Holdings nor any of its Subsidiaries has suffered a security breach with respect to any of the Company maintains Data and there has been no unauthorized or illegal use of or access to any Company Data. Neither Holdings nor any of its Subsidiaries has notified, or been required to notify, any person of any information security breach involving Personal Data. Each of Holdings and its Subsidiaries employs commercially reasonable procedures and external and internal policies security measures that comply in all material respects with applicable Laws governing Personal Data all Privacy and are designed Information Security Requirements to protect Personal Company Data from unauthorized accesswithin its custody or control and requires the same of all vendors that Process Company Data on its behalf, use, and disclosure.
(b) Except as would except to the extent that the failure to do so could not reasonably be expected to have a Material Adverse Effect. Each of Holdings and its Subsidiaries has provided all requisite notices and obtained all required consents, since January 1and satisfied all other requirements (including but not limited to notification to Governmental Authorities), 2019, each Acquired Company has been necessary for Processing (including international and onward transfer) of all Personal Data in compliance connection with (i) the respective Acquired Company’s external conduct of the business as currently conducted and internal written policies, as applicable, governing in connection with the security, privacy, transfer and use consummation of Personal Data; (ii) applicable Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 2019the transactions contemplated hereunder, except as would to the extent that the failure to do so could not reasonably be expected to have a Material Adverse Effect, no Acquired Company has experienced any unauthorized access, acquisition, theft, destruction, or disclosure of Personal Data. Since January 1, 2019, none of the Acquired Companies have been legally required to provide any notices to data owners in connection with an unauthorized disclosure of Personal Data and none of the Acquired Companies have provided any such notice.
(d) There are no claims pending or, to the Knowledge of the Company, threatened in writing against any of the Acquired Companies alleging a violation of any Person’s Personal Data or any Law applicable to the Processing of Personal Data. To the Knowledge of the Company, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosure, and transfer of Personal Data.
(e) Since January 1, 2019, no Acquired Company has received any material written claim, complaint, inquiry, or notice from any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of Personal Data.
(f) No Acquired Company has made any commitments under Company Contracts in connection with any Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material Personal Data after the Closing in a substantially similar manner as currently used or permitted to be used by the Acquired Companies.
Appears in 2 contracts
Samples: Credit Agreement (International Money Express, Inc.), Credit Agreement (Fintech Acquisition Corp. II)
Privacy and Information Security. (a) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, each Acquired Company maintains commercially reasonable procedures and external and internal policies that comply with applicable Laws governing Personal Data and are designed to protect Personal Data from unauthorized access, use, and disclosure.
(b) Except as would not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external and internal written policies, as applicable, governing the security, privacy, transfer and use of Personal Data; (ii) applicable Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 2019, except as would not reasonably be expected the privacy and information security policies and procedures of each Acquired Company, and any other terms, notices, descriptions, disclosures, or statements regarding each Acquired Company’s information security practices or the collection, retention, use, Processing, storage, transfer, disclosure and distribution of Personal Data from individuals by each Acquired Company and their respective agents (the “Privacy and Data Security Policies”) are published or otherwise made available in connection with any each Acquired Company’s products to have a Material Adverse Effectthe extent required by applicable Privacy Law. To the Knowledge of the Company, no disclosure or representation made or contained in any Privacy and Data Security Policies has been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respects and, with respect to the Processing of Personal Data, the practices of each Acquired Company materially conform, and at all times have materially conformed, to the Privacy and Data Security Policies that govern the use of such Personal Data.
(b) Each Acquired Company has experienced any unauthorized accessmaintained and currently maintains reasonable safeguards to protect the security, acquisitionconfidentiality and integrity of the Company IT Systems and Personal Data that are in accordance with customary industry standards. Each Acquired Company’s data, theftprivacy and security practices have complied at all times in all material respects with (i) the Privacy and Data Security Policies, destruction(ii) all obligations or restrictions concerning the privacy, security or disclosure Processing of Personal Data. Since Data under any Contract to which the Company is a party or otherwise bound as of the date hereof and (iii) the Privacy Laws.
(c) Except as set forth on Section 3.26(c) of the Company Disclosure Schedule, since January 1, 2019, none of the Acquired Companies have been legally required to provide any notices to data owners in connection with an unauthorized disclosure of Personal Data and none of the Acquired Companies have provided any such notice.
(d) There are no claims pending or, to the Knowledge of the Company, threatened no Personal Data in writing against any the possession or control of the Acquired Companies alleging a violation Companies, or held or Processed by any vendor, processor or other Third Party for or on behalf of any Person’s Personal Data Acquired Company, has been subject to any data or security breach or unauthorized access, disclosure, use, loss, denial or loss of use, alteration, destruction, compromise or unauthorized Processing (a “Security Incident”), in each case that triggered an obligation to notify an individual or Governmental Entity under any Privacy Law or any Law applicable other Person under its contractual obligations. Except as set forth on Section 3.26(c) of the Company Disclosure Schedule, since January 1, 2019, the Acquired Companies have not notified, and to the Processing of Personal Data. To the Knowledge of the CompanyCompany there have been no facts or circumstances that would require the Company to notify, any Governmental Entity or other Person of any Security Incident.
(d) Except as set forth on Section 3.26(d) of the Company Disclosure Schedule, since January 1, 2019, no Acquired Company has received any notice, request, claim, complaint, correspondence or other communication from any Person, and there has not been under investigation any audit, investigation, enforcement action (including any fines or other sanctions) or other action by any Governmental Body regarding its protectionEntity, storagerelating to any actual, usealleged or suspected Security Incident or violation of any Privacy Law involving Personal Data in the possession or control of each Acquired Company, disclosureor held or Processed by any vendor, and transfer processor or other Third Party for or on behalf of Personal Dataeach Acquired Company.
(e) Since January 1The execution, 2019delivery or performance of this Agreement and the consummation of any of the Transactions contemplated by this Agreement do not and will not (i) violate any Privacy and Data Security Policies, no Acquired Company has received (ii) violate any material written claim, complaint, inquiry, of the Privacy Laws or (iii) require the Consent of or notice from to any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of concerning Personal Data.
(f) No The Company has required each Acquired Company to have data processing agreements in place with all Affiliates, vendors, processors, service providers, or other Persons whose relationship with the Company involves the Processing of Personal Data on behalf of each Acquired Company, which agreements comply in material respects with Privacy Law. Each Acquired Company (A) has made any commitments under Company Contracts in connection with periodically monitored all vendors, processors, service providers, or other Persons that Process any Personal DataData for or on the behalf of the Company, which commitments would prevent Purchaser and its Affiliates from using any material (B) has used commercially reasonable standards, plans, procedures, controls and programs to (i) identify and address internal and external risks to the privacy and security of the Company IT Systems and Personal Data after in their possession or control, (ii) implement, monitor and improve adequate and effective administrative, technical and physical safeguards to protect such Company IT Systems and Personal Data and the Closing material operation, integrity, confidentiality, availability, and security of its software, systems, applications and websites, and (iii) provide required notifications in compliance with the Privacy Laws in the case of any Security Incident, except, in each case of clauses (A) and (B), as would not reasonably be expected to have, individually or in the aggregate, a substantially similar manner as currently used or permitted Company Material Adverse Effect. To the Knowledge of the Company, such security measures are consistent with, and have conformed in, all material respects to be used by the Privacy Law and any contractual commitments of each Acquired CompaniesCompany relating to security.
Appears in 2 contracts
Samples: Agreement and Plan of Merger (Hill International, Inc.), Agreement and Plan of Merger (Hill International, Inc.)
Privacy and Information Security. (a) Except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, each Acquired Company maintains commercially reasonable procedures and external and internal policies that comply with applicable Laws governing Personal Data and are designed to protect Personal Data from unauthorized access, use, and disclosure.
(b) Except as would not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external and internal written policies, as applicable, governing the security, privacy, transfer and use of Personal Data; (ii) applicable Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 2019, except as would not reasonably be expected the privacy and information security policies and procedures of each Acquired Company, and any other terms, notices, descriptions, disclosures, or statements regarding each Acquired Company’s information security practices or the collection, retention, use, Processing, storage, transfer, disclosure and distribution of Personal Data from individuals by each Acquired Company and their respective agents (the “Privacy and Data Security Policies”) are published or otherwise made available in connection with any each Acquired Company’s products to have a Material Adverse Effectthe extent required by applicable Privacy Law. To the Knowledge of the Company, no disclosure or representation made or contained in any Privacy and Data Security Policies has been inaccurate, misleading, deceptive or in violation of any Privacy Laws in any material respects and, with respect to the Processing of Personal Data, the practices of each Acquired Company materially conform, and at all times have materially conformed, to the Privacy and Data Security Policies that govern the use of such Personal Data.
(b) Each Acquired Company has experienced any unauthorized accessmaintained and currently maintains reasonable safeguards to protect the security, acquisitionconfidentiality and integrity of the Company IT Systems and Personal Data that are in accordance with customary industry standards. Each Acquired Company’s data, theftprivacy and security practices have complied at all times in all material respects with (i) the Privacy and Data Security Policies, destruction(ii) all obligations or restrictions concerning the privacy, security or disclosure Processing of Personal Data. Since Data under any Contract to which the Company is a party or otherwise bound as of the date hereof and (iii) the Privacy Laws.
(c) Except as set forth on Section 4.26(c) of the Company Disclosure Schedule, since January 1, 2019, none of the Acquired Companies have been legally required to provide any notices to data owners in connection with an unauthorized disclosure of Personal Data and none of the Acquired Companies have provided any such notice.
(d) There are no claims pending or, to the Knowledge of the Company, threatened no Personal Data in writing against any the possession or control of the Acquired Companies alleging a violation Companies, or held or Processed by any vendor, processor or other Third Party for or on behalf of any Person’s Personal Data Acquired Company, has been subject to any data or security breach or unauthorized access, disclosure, use, loss, denial or loss of use, alteration, destruction, compromise or unauthorized Processing (a “Security Incident”), in each case that triggered an obligation to notify an individual or Governmental Entity under any Privacy Law or any Law applicable other Person under its contractual obligations. Except as set forth on Section 4.26(c) of the Company Disclosure Schedule, since January 1, 2019, the Acquired Companies have not notified, and to the Processing of Personal Data. To the Knowledge of the CompanyCompany there have been no facts or circumstances that would require the Company to notify, any Governmental Entity or other Person of any Security Incident.
(d) Except as set forth on Section 4.26(d) of the Company Disclosure Schedule, since January 1, 2019, no Acquired Company has received any notice, request, claim, complaint, correspondence or other communication from any Person, and there has not been under investigation any audit, investigation, enforcement action (including any fines or other sanctions) or other action by any Governmental Body regarding its protectionEntity, storagerelating to any actual, usealleged or suspected Security Incident or violation of any Privacy Law involving Personal Data in the possession or control of each Acquired Company, disclosureor held or Processed by any vendor, and transfer processor or other Third Party for or on behalf of Personal Dataeach Acquired Company.
(e) Since January 1The execution, 2019delivery or performance of this Agreement and the consummation of any of the Transactions contemplated by this Agreement do not and will not (i) violate any Privacy and Data Security Policies, no Acquired Company has received (ii) violate any material written claim, complaint, inquiry, of the Privacy Laws or (iii) require the Consent of or notice from to any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of concerning Personal Data.
(f) No The Company has required each Acquired Company to have data processing agreements in place with all Affiliates, vendors, processors, service providers, or other Persons whose relationship with the Company involves the Processing of Personal Data on behalf of each Acquired Company, which agreements comply in material respects with Privacy Law. Each Acquired Company (A) has made any commitments under Company Contracts in connection with periodically monitored all vendors, processors, service providers, or other Persons that Process any Personal DataData for or on the behalf of the Company, which commitments would prevent Purchaser and its Affiliates from using any material (B) has used commercially reasonable standards, plans, procedures, controls and programs to (i) identify and address internal and external risks to the privacy and security of the Company IT Systems and Personal Data after in their possession or control, (ii) implement, monitor and improve adequate and effective administrative, technical and physical safeguards to protect such Company IT Systems and Personal Data and the Closing material operation, integrity, confidentiality, availability, and security of its software, systems, applications and websites, and (iii) provide required notifications in compliance with the Privacy Laws in the case of any Security Incident, except, in each case of clauses (A) and (B), as would not reasonably be expected to have, individually or in the aggregate, a substantially similar manner as currently used or permitted Company Material Adverse Effect. To the Knowledge of the Company, such security measures are consistent with, and have conformed in, all material respects to be used by the Privacy Law and any contractual commitments of each Acquired CompaniesCompany relating to security.
Appears in 1 contract
Privacy and Information Security. (a) Except as Each member of the Company Group is and has been in material compliance with (i) all applicable Privacy and Information Security Requirements, (ii) its public privacy policies and notices and (iii) all provisions of Contracts relating to the Processing of Personal Data and any related notifications. Without limiting the foregoing, to the extent required by applicable Privacy and Information Security Requirements, each member of the Company Group has posted in accordance with Privacy and Information Security Requirements a privacy policy governing its Processing of Personal Data on its public websites and internally for its employees.
(b) The Company Group has (i) developed, implemented, and conducted its business in compliance with any of its public privacy notices and data security and privacy policies and procedures (copies of which have been made available to the Parent or are otherwise publicly available), (ii) maintained commercially reasonable administrative, technical, and physical security measures designed to protect the confidentiality, integrity and availability of Personal Data in its possession or control, and to prevent the loss and unauthorized use, access, alteration, destruction or disclosure of such Personal Data, and (iii) trained its employees to follow these policies and procedures.
(c) No member of the Company Group, nor any other Person, has received or been subject to any Order, notice, allegation, complaint or other communication, and there is no pending or threatened investigation, action, allegation, complaint, or Order, by any Governmental Entity or payment card association regarding any actual or possible violation of any Privacy and Information Security Requirement or the Processing of Personal Data by or with respect to the Company Group.
(d) The Company Group has not suffered, discovered, or been notified of any unauthorized acquisition, use, disclosure, access to, or breach of any Company Data that (i) constitutes a breach or a data security incident under any applicable Privacy and Information Security Requirement or would nottrigger a notification or reporting requirement under any Contract to which it is a party, any other Contract or the Payment Card Industry Data Security Standards; or (ii) materially compromises (individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, each Acquired Company maintains commercially reasonable procedures and external and internal policies that comply with applicable Laws governing Personal Data and are designed to protect Personal Data from unauthorized access, use, and disclosure.
(b) Except as would not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external and internal written policies, as applicable, governing the security, privacy, transfer and use security or privacy of Personal Data; (ii) applicable Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 2019, except as would not reasonably be expected to have a Material Adverse Effect, no Acquired Company has experienced any unauthorized access, acquisition, theft, destruction, or disclosure of Personal Data. Since January 1, 2019, none of the Acquired Companies have been legally required to provide any notices to data owners in connection with an unauthorized disclosure of Personal Data and none of the Acquired Companies have provided any such notice.
(d) There are no claims pending or, to the Knowledge of the Company, threatened in writing against any of the Acquired Companies alleging a violation of any Person’s Personal Data or any Law applicable to the Processing of Personal Data. To the Knowledge of the Company, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosure, and transfer of Personal Data.
(e) Since January 1The Company Group has not notified, 2019and has not been required to notify, no Acquired Company has received any material written claim, complaint, inquiry, breach or notice from compromise of Personal Data to any Person regarding the Company’s collectionor Governmental Entity, processing, use, storage, security, either voluntarily or based on Contract obligations or Privacy and disclosure of Personal DataInformation Security Requirements.
(f) No Acquired member of the Company Group has made any commitments under Contract obligation to maintain Personal Data in a manner that physically separates data of one customer from another.
(g) The Company Contracts Group has performed a security risk assessment that meets the requirements of applicable Privacy and Information Security Requirements, and has created and maintained documentation in accordance with the applicable Laws and Privacy and Information Security Requirements. The Company Group has addressed and remediated all threats and deficiencies identified in such security risk assessment.
(h) The Company Group has provided all requisite notices and obtained all required consents, and satisfied all other requirements (including to notify any applicable Governmental Entities) necessary for the Company Group’s Processing (including international and onward transfer) of all Personal Data in connection with the conduct of the business of the Company Group and in connection with the consummation of the transactions contemplated hereby. The consummation of the transactions contemplated hereby does not and will not violate any Privacy and Information Security Requirements, Contract obligation related to Personal Data, which commitments would prevent Purchaser or any Company Group privacy policy. Immediately following the Closing, subject to applicable Privacy and its Affiliates from using any material Information Security Requirements, Parent will own and continue to have the right to use all Personal Data after on identical terms and conditions as the Closing in a substantially similar manner as currently used Company Group enjoyed immediately prior to Closing.
(i) No member of the Company Group nor anyone acting on its behalf, and no software tool created or permitted to be used by or on behalf of any member of the Acquired CompaniesCompany Group, has used false log-on credentials with respect to any third-party website or other false representation or statement to obtain any Company Data or other private information or data. The execution and delivery of this Agreement and the Ancillary Agreements and the consummation of the transactions contemplated hereby and thereby will not give rise to any right on the part of any Person to impair any such rights or impose any such obligations or restrictions.
Appears in 1 contract
Samples: Merger Agreement (Proto Labs Inc)
Privacy and Information Security. (a) Each Acquired Company (i) has at all times since January 1, 2021, been in compliance in all material respects with the Data Privacy and Security Requirements, (ii) takes, and has since January 1, 2021 taken, reasonable and appropriate organizational, physical, administrative and technical measures to preserve the availability, security and integrity of the Company’s information technology systems, and to protect Personal Data against loss, damage and unauthorized access, use, or disclosure and (iii) has provided accurate notices without material omissions or misrepresentations of the privacy or data protection practices of the Acquired Companies and has obtained consent or other legal bases as necessary for compliance with the Data Privacy and Security Requirements, and has and is processing Personal Data in material compliance with all related notices and consents that apply to such Personal Data. Except as would not, individually or in the aggregate, not reasonably be expected to have be material to the Acquired Companies, taken as a Material Adverse Effectwhole, the execution, delivery, and performance of this Agreement and Transactions will not result in a breach or violation of the Data Privacy and Security Requirements, and each Acquired Company maintains commercially reasonable procedures will continue to have the right to use, process, store and external maintain such Personal Data in the same manner as prior to the Closing. To the Knowledge of the Company, there are no unsatisfied requests from individuals to each Acquired Company seeking to exercise their data protection rights under Data Privacy and internal policies Security Requirements (such as rights to access, rectify, or delete Personal Data, to restrict processing of or object to processing of Personal Data, or relating to data portability).
(b) Each Acquired Company has obtained written agreements from each Person performing services for such Acquired Company that comply such Acquired Company has permitted to access or process Personal Data that bind such Person to at least the same restrictions and conditions that apply to such Acquired Company with applicable Laws governing respect to such Personal Data and are designed to protect implement reasonable and appropriate means for protecting such Personal Data from unauthorized access, use, disclosure, and disclosureother processing and, to the Knowledge of the Company, all such Persons comply, and at all times have complied, with the Data Privacy and Security Requirements.
(bc) Except as would not reasonably be expected to have a Material Adverse EffectTo the Knowledge of the Company, since January 1, 2019, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external and internal written policies, as applicable, governing the security, privacy, transfer and use of Personal Data; (ii) applicable Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 20192021, except as would not reasonably be expected to have a Material Adverse Effect, no Acquired Company has experienced any data breaches or other data incidents or intrusions resulting in the loss, damage or unauthorized access, acquisition, theft, destructionuse or disclosure of any Personal Data maintained by or on behalf of any Acquired Company, or disclosure that have caused a material disruption to the function of any Acquired Company’s information technology systems that would require notification to a Governmental Body, individuals or other third party. The Acquired Company has identified, documented, investigated, and materially contained and appropriately addressed such data breach or other data incident or intrusion. No Acquired Company has received any written complaints, notices of investigation or correspondence in connection with any investigation from any Governmental Body, individual, or other third party, or received written notice of any litigation currently pending or threatened against it or violation of Laws, in each case, relating to the collection, use or processing of Personal Data. Since January 1, 2019, none of the Each Acquired Companies have been legally required Company’s employees who has access to provide any notices to data owners in connection with an unauthorized disclosure of Personal Data and none of the Acquired Companies have provided any has received documented training in compliance with all Laws applicable to Personal Data relevant to such noticeemployee’s duties.
(d) There are no claims pending orSince January 1, 2021, to the Knowledge of the Company, threatened in writing against any of the Acquired Companies alleging a violation of any Person’s Personal Data or any Law applicable to the Processing of Personal Data. To the Knowledge of the Company, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosure, and transfer of Personal Data.
(e) Since January 1, 20192021, no Acquired Company has received any material written claim, complaint, inquiry, or notice from any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of Personal Data.
(f) No Acquired Company has made any commitments is (i) a “Covered Entity” or “Business Associate” (each as defined in HIPAA, meaning the Health Insurance Portability and Accountability Act of 1996, as amended and supplemented by the Health Information Technology for Clinical Health Act of the American Recovery and Reinvestment Act of 2009, Pub. Law No. 111-5) or (ii) subject to or otherwise bound under Company Contracts in connection Laws governing patient privacy, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with any Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material regard to the Processing of Personal Data after and on the Closing in a substantially similar manner as currently used free movement of such data (General Data Protection Regulation), or permitted to be used any member state law implementing the same, and the corresponding Laws of the United Kingdom (including the UK GDPR and Data Protection Act 2018). The Company does not process any information covered by the Acquired Companies.then-current version of the Payment Card Industry Data Security Standard, as made available by the PCI Security Standards Council at xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/.
Appears in 1 contract
Privacy and Information Security. (a) Except as would The Company and each of its Subsidiaries are, and have been for the last six (6) years, in compliance with all Privacy Obligations, including but not limited to the privacy and security requirements established by the Privacy Laws and the Company and each of its Subsidiaries own policies and procedures relating to privacy, data security and the collection, storage, use, sharing, selling or disclosing of Personal Information. The Company and each of its Subsidiaries are not, individually and have not been for the last six (6) years, engaged in any activity that would result in a violation of any Privacy Laws, or breach of Privacy Obligations. The Company and each of its Subsidiaries have adopted and have and will continue to maintain compliance with, written privacy, security, and compliance policies and procedures, including a privacy notice regarding the collection, use and disclosure of Sensitive Information in the aggregateCompany’s or Company Subsidiaries’ possession, reasonably be expected custody, or control or otherwise held or processed on its or their behalf. Copies of any written complaints delivered to the Company or any of its Subsidiaries alleging a violation of any Privacy Laws have a Material Adverse Effectbeen made available to Purchaser. 33067829.14
(b) The Company’s and each of its Subsidiaries’ collection, maintenance, creation, transmission, use, analysis, disclosure, storage, disposal, and security of Personal Information currently comply and, and for the last six (6) years have complied, with (i) applicable Privacy Laws; and (ii) all contracts to which the Company or such Subsidiary is bound, and all consents and authorizations that apply to the Company’s or such Subsidiary’s receipt, access, use and disclosure of Personal Information.
(c) For the last six (6) years, the Company and each Acquired Company maintains commercially reasonable procedures of its Subsidiaries have implemented and external maintained administrative, technical and internal policies physical safeguards that comply with applicable Laws governing Personal Data and are designed to protect Personal the security, confidentiality, integrity and availability of its Systems and all Sensitive Data it Processes from and against unauthorized access, use, modification, disclosure or other misuse and disclosure.
(b) Except as would not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company has been in compliance that are consistent with (i) the respective Acquired Company’s external and internal written policiesapplicable Privacy Laws, as applicable, governing the security, privacy, transfer and use of Personal Dataincluding HIPAA; (ii) any notice to, or consent or authorization from, the provider of Personal Information; (iii) any applicable Laws policy adopted by the Company or any of its Subsidiaries; and (iv) any contractual commitment made by the Company or any of its Subsidiaries that is applicable to such Personal Information. The Company and each of its Subsidiaries have conducted risk analyses sufficient to comply with its respective HIPAA obligations and have eliminated or mitigated to a reasonable and appropriate level all risks and vulnerabilities identified by such risk analyses.
(d) The Company and each of its Subsidiaries have (i) business associate agreements in place with all of their covered entity clients or upstream business associate clients as required by HIPAA and have duly performed all obligations under each business associate agreement to which the Company or such Subsidiary is a party; and (ii) subcontractor business associate agreements in place with all of their subcontractor vendors who receive PHI as required by HIPAA and have duly performed all obligations under and remains in compliance with each subcontractor business associate agreement to which Company or such Subsidiary is a party.
(e) The Company and each of its Subsidiaries maintain policies and procedures regarding data security and privacy that are in compliance with HIPAA and all other applicable Privacy Laws. The Company and each of its Subsidiaries are, and for the last six (6) years, have been, in compliance with such policies and procedures governing the maintenance, use, disclosure, privacy and security of, and standard transactions related to, Personal DataInformation and any contractual commitment made by the Company or any of its Subsidiaries that is applicable to such Personal Information.
(f) The Company and each of its Subsidiaries contractually require all third parties, including vendors and other Persons providing services of the Company or such Subsidiary that, in each case, have access to Personal Information from or on behalf of the Company or such Subsidiary, to: (i) comply with all Privacy Laws; (ii) take reasonable steps designed to ensure that all Personal Information in such third parties’ possession or control is protected against damage and loss, and against unauthorized access, acquisition, use, modification, disclosure or other misuse; and (iii) all applicable Company Contracts governing restrict use of Personal DataInformation to that authorized or required under the servicing, outsourcing or other arrangement.
(cg) Since January 1The Company and each of its Subsidiaries have taken commercially reasonable measures to safeguard the Personal Information against unauthorized access or infections 37 33067829.14 by viruses or other harmful code, 2019and, except as would not reasonably be expected for the last six (6) years, there have been no such infections and no Person has gained unauthorized access to have any Systems in a Material Adverse Effect, no Acquired Company manner that has experienced any unauthorized access, acquisition, theft, destructioncaused, or disclosure is reasonably likely to cause, material liability for the Company or any of its Subsidiaries, or has jeopardized any Personal DataInformation. Since January 1, 2019, none The Company and each of the Acquired Companies have been legally required its Subsidiaries provide regular training to provide any notices to their employees on privacy and data owners in connection with an unauthorized disclosure security matters and maintains documentation of Personal Data and none of the Acquired Companies have provided any such noticetraining.
(dh) There are no claims pending orThe execution and delivery of this Agreement will not violate any applicable Privacy Laws, the privacy policies of the Company or any of its Subsidiaries as they currently exist, or any consents or authorizations to which the Personal Information is subject. Neither the Company nor any of its Subsidiaries is subject to any contract or other material legal obligations that, following the Closing, would prohibit Company or such Subsidiary from receiving or using Personal Information in substantially the manner in which Company or such Subsidiary receives and uses such Personal Information prior to the Knowledge Closing.
(i) Except as set forth on Schedule 3.24(i), for the last six (6) years, there have been no Security Breaches or security incidents under applicable Privacy Laws involving the unauthorized use, disclosure, or dissemination of Personal Information used or held for use by the Company, threatened in writing against Company or any of the Acquired Companies alleging its Subsidiaries that have resulted in a violation of any Person’s Personal Data HIPAA or other Privacy Laws or Privacy Obligations. No event has occurred for the last six (6) years that obligates Company to provide notification to a Covered Entity or an upstream Business Associate, as defined under HIPAA, or requires or has required the Company or any of its Subsidiaries to provide notification to any Governmental Authority or individual under any Privacy Law applicable to or any other law that requires breach notification.
(j) Neither the Processing Company nor any of Personal Data. To its Subsidiaries is, or for the Knowledge of the Companylast six (6) years have been, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosureAuthority for a violation of HIPAA or other applicable Privacy Law, and transfer neither the Company nor any of its Subsidiaries is in receipt of any written or oral notices from patients, customers, consumers or the United States Department of Health and Human Services, Office for Civil Rights relating to any such violations of applicable Privacy Laws. Except as set forth on Schedule 3.24(j), for the last six (6) years, neither the Company nor any of its Subsidiaries have been subject to any investigations, lawsuits, actions, inquiries or audits concerning the privacy and/or data security of any Personal DataInformation collected, used, stored, shared or otherwise processed by Company or such Subsidiary.
(ek) Since January 1Except as set forth on Schedule 3.24(k), 2019for the last six (6) years, no Acquired neither the Company has nor any of its Subsidiaries have received any material written claimor oral notice of any claims, complaint, inquiry, investigations or notice from any Person regarding alleged violations of Privacy Laws possessed by or otherwise subject to the Company’s collection, processing, use, storage, securitycontrol of the Company or such Subsidiary, and disclosure there are no facts or circumstances which could form the basis for any such violation. To the extent the Company or any of its Subsidiaries de-identifies or anonymizes Personal DataInformation and other data, such de-identification or anonymization complies with all Privacy Laws.
(fl) No Acquired The Company and each of its Subsidiaries own, lease or otherwise have rights to access or use all Systems necessary for the operation of its business. In the past twenty-four (24) months, there has made been no failure or other material substandard performance of 38 33067829.14 any commitments under Systems which has caused any material disruption to the business of the Company Contracts or any of its Subsidiaries. The Company and each of its Subsidiaries have implemented reasonable procedures to protect Systems from all “back doors”, “Trojan horses”, “worms”, “drop dead services”, “viruses” and other software that permit unauthorized use of, access to or disablement of any software, data or Systems, and have implemented and maintained reasonable information security policies, practices, and procedures sufficient to satisfy their Privacy Obligations and Privacy Laws.
(m) Neither the Company nor any of its Subsidiaries transmit or store any Personal Information outside of the territorial borders of the United States, and neither the Company nor any of its Subsidiaries have in connection effect any contract with any third-party vendor under which the third-party vendor transmits or stores any Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material Personal Data after Information outside of the Closing in a substantially similar manner as currently used or permitted to be used by territorial borders of the Acquired CompaniesUnited States.
Appears in 1 contract
Privacy and Information Security. (a) Except as Seller and each of its Subsidiaries have been for the past (2) years and are in compliance in all material respects with all Privacy Obligations and Privacy Notices, in each case, to the extent applicable to the operation of the Business, any of the Acquired Assets or the Assumed Liabilities. No Person or Governmental Authority has, in the last two (2) years, overtly threatened or commenced any proceeding with respect to the Business’s privacy, security, or data protection practices, including any allegation of unauthorized Processing of any Personal Data used or held for use by the Business, and there is no reasonable basis for such proceeding to the Knowledge of Seller. The Business is not subject to any Privacy Obligations or Privacy Notices that, following Closing, would notprohibit the Buyer from Processing Personal Data within the custody or control of the Business, in the manner in which the Business Processed Personal Data prior to the Closing, in any material respect.
(b) The Business has implemented and maintains an information security program comprising of commercially reasonable, administrative, physical and technical safeguards that are designed to protect the security, confidentiality, integrity and availability of the Seller Information Systems used in the operation of the Business in a manner appropriate to the size and scope of the Business and the Personal Data Processed by the Business, and makes reasonable efforts to require vendors that Process Personal Data on its behalf to implement substantially similar safeguards. To the Knowledge of Seller, in the past two (2) years, neither the Business nor, to the extent affecting the Business, its vendors, have suffered (i) material security breaches or incidents involving the unauthorized Processing of Personal Data that have required notice to law enforcement or Governmental Authority notification under applicable Privacy Obligations or (ii) malicious disruption to Business Products which would not reasonably be expected to be, individually or in the aggregate, reasonably be expected material to have a Material Adverse Effect, each Acquired Company maintains commercially reasonable procedures and external and internal policies that comply with applicable Laws governing Personal Data and are designed to protect Personal Data from unauthorized access, use, and disclosureSeller.
(b) Except as would not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external and internal written policies, as applicable, governing the security, privacy, transfer and use of Personal Data; (ii) applicable Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 2019, except as would not reasonably be expected to have a Material Adverse Effect, no Acquired Company has experienced any unauthorized access, acquisition, theft, destruction, or disclosure of Personal Data. Since January 1, 2019, none of the Acquired Companies have been legally required to provide any notices to data owners in connection with an unauthorized disclosure of Personal Data and none of the Acquired Companies have provided any such notice.
(d) There are no claims pending or, to the Knowledge of the Company, threatened in writing against any of the Acquired Companies alleging a violation of any Person’s Personal Data or any Law applicable to the Processing of Personal Data. To the Knowledge of the Company, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosure, and transfer of Personal Data.
(e) Since January 1, 2019, no Acquired Company has received any material written claim, complaint, inquiry, or notice from any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of Personal Data.
(f) No Acquired Company has made any commitments under Company Contracts in connection with any Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material Personal Data after the Closing in a substantially similar manner as currently used or permitted to be used by the Acquired Companies.
Appears in 1 contract
Privacy and Information Security. (a) Except as would notThe Company and the Company Subsidiaries, individually or in and, to the aggregateKnowledge of the Sellers, reasonably be expected to have a Material Adverse Effect, each Acquired Company maintains commercially reasonable procedures and external and internal policies all third parties that comply with applicable Laws governing process any Personal Data for or on behalf of the Company or any Company Subsidiaries, solely as it relates to such processing and as applicable (“Data Partners”), have, at all times since December 31, 2021, materially complied with all applicable (i) Laws and industry standards to which they are designed bound, (ii) policies and notices, and (iii) contractual commitments, in each case as it relates to protect the privacy, security and Processing of Personal Data from unauthorized access(collectively, usethe “Privacy Requirements”). Neither the use of Personal Data by the Company or the Company Subsidiaries following the Closing Date in substantially the same manner as Personal Data was used by them prior to the Closing Date, nor the execution, delivery and disclosureperformance of this Agreement and any transactions contemplated hereby, will violate, or otherwise result in any material liabilities in connection with, any Privacy Requirements.
(b) Except as would not reasonably be expected to The Company and the Company Subsidiaries have a Material Adverse Effectat all times since December 31, since January 12021, 2019implemented, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external maintained and internal written policiescomplied with, and have required, as applicable, governing the securityall Data Partners to implement, privacycommercially reasonable technical, transfer physical, and use of organizational measures to (i) protect Personal Data; Data and confidential information against Security Incidents, and (ii) applicable Laws governing Personal Data; identify and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 2019, except as would not reasonably be expected address internal and external risks to have a Material Adverse Effect, no Acquired Company has experienced any unauthorized access, acquisition, theft, destruction, or disclosure of Personal Data. Since January 1, 2019, none of the Acquired Companies have been legally required to provide any notices to data owners in connection with an unauthorized disclosure privacy and security of Personal Data and none confidential information. None of the Acquired Companies Company, the Company Subsidiaries nor, to the Knowledge of the Sellers, any Data Partners have provided experienced any such notice.
material Security Incidents since December 31, 2021. In relation to any Security Incident and/or violation of a Privacy Requirement, neither the Company nor the Company Subsidiaries have, since December 31, 2021, (di) There are no claims pending notified, or been required to notify any Person or (ii) received any notice or other communication alleging a material failure to comply with any applicable Privacy Requirements from, or, to the Knowledge of the CompanySellers, threatened in writing against any of been the Acquired Companies alleging a violation subject of any investigation or enforcement action by, any Person’s Personal Data or any Law applicable to the Processing of Personal Data. To the Knowledge of the Company, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosure, and transfer of Personal Data.
(e) Since January 1, 2019, no Acquired Company has received any material written claim, complaint, inquiry, or notice from any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of Personal Data.
(f) No Acquired Company has made any commitments under Company Contracts in connection with any Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material Personal Data after the Closing in a substantially similar manner as currently used or permitted to be used by the Acquired Companies.
Appears in 1 contract
Samples: Stock Purchase Agreement (Advanced Micro Devices Inc)
Privacy and Information Security. (ai) Except Each Acquired Entity has adopted written policies and procedures that apply to the Acquired Entity with respect to privacy, data protection, security and the Processing of Acquired Entity Data, and those policies and procedures are commercially reasonable and comply in material respects with the Information Privacy and Security Laws.
(ii) Part 2.10(p)(ii) of the Disclosure Schedule contains each Acquired Entity Privacy Policy in effect at any time and identifies, with respect to each Acquired Entity Privacy Policy: (i) the period of time during which such privacy policy was or has been in effect; and (ii) if applicable, the mechanism (such as would notopt-in, individually opt-out or notice only) used to apply a later Acquired Entity Privacy Policy to data or information previously collected under such privacy policy. Each current Acquired Entity Privacy Policy: (A) is displayed on the applicable Acquired Entity Website and is referred to in the Acquired Entity XXXX; (B) states that User Data may be transferred in a corporate sale, merger, reorganization, dissolution or similar event; and (C) states that User Data may be transferred to the United States for Processing. The Acquired Entities make available and have made available the applicable Acquired Entity Privacy Policy to each user of any Acquired Entity Website and Acquired Entity Software and have obtained user consents to applicable Acquired Entity Privacy Policy as required by Information Privacy and Security Laws. No disclosures made or contained in any Acquired Entity Privacy Policy to any Person have been materially inaccurate, misleading, or deceptive (in any case, including by omission), or in material violation of any Information Privacy and Security Laws.
(iii) Each Acquired Entity has collected, used, shared, and Processed User Data and Personal Data only in compliance with t Information Privacy and Security Laws, applicable Acquired Entity Contracts, standards to which any Acquired Entity is legally bound, and self-governing rules and policies to which any Acquired Entity is legally bound.
(iv) Each Acquired Entity has complied at all times in all material respects with all of the aggregateAcquired Entity Privacy Policies, reasonably be expected to have a Material Adverse EffectInformation Privacy and Security Laws and with each applicable Acquired Entity Contract that governs Acquired Entity Data. Without limiting the foregoing, each Acquired Company maintains commercially reasonable procedures Entity has acquired, collected, used shared and external and internal policies that comply with applicable Laws governing Personal Processed all Acquired Entity Data and are designed to protect Personal Data from unauthorized access, usepursuant to, and disclosurein accordance with the terms of, Acquired Entity Privacy Policies, Information Privacy and Security Laws, and all Acquired Entity Contracts that govern or relate to Acquired Entity Data.
(bv) Except as would None of the Acquired Entities is aware of any information or claim indicating or alleging that any Acquired Entity is not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company or has not been in compliance with (i) the respective any material term of any agreement, contractual clause, representation, warranty or covenant it has agreed to with any third party regarding compliance by such Acquired Company’s external and internal written policies, as applicable, governing the security, Entity with any obligations to protect privacy, transfer and use data protection or data security of Personal Data; (ii) applicable Data or comply with Information Privacy and Security Laws governing Personal Data; and (iii) all applicable Company Contracts governing Personal Data.
(c) Since January 1, 2019, except as would not reasonably be expected with respect to have a Material Adverse Effect, no Acquired Company has experienced any unauthorized access, acquisition, theft, destruction, User Data or disclosure of Personal Data. Since January 1, 2019, none None of the Acquired Companies Entities has pending, current, or prior letters, complaints, subpoenas, court orders, consent decrees, citations, administrative actions, notifications or other claims from a state, federal, national or multi-national governmental entity, or another person alleging breach with respect any Acquired Entity of any of the Information Privacy and Security Laws, and it is not aware of any information that would provide a reasonable basis for any party to assert any such claim or breach, whether or not such Acquired Entity would have grounds to contest any such assertion, claim or alleged breach. None of the Acquired Entities has been legally fined, penalized, sanctioned, or otherwise required to provide pay a monetary judgment by any notices to data owners in connection Governmental Body, or entered into any voluntary settlement with an unauthorized disclosure of Personal Data any party, under the Information Privacy and Security Laws, no claim for such monetary judgments is outstanding, and none of the Acquired Companies have provided any such notice.
(d) There are no claims pending or, to the Knowledge of the Company, threatened in writing against any of the Acquired Companies alleging a violation Entities is aware of any Person’s Personal Data or any Law applicable to the Processing of Personal Data. To the Knowledge of the Company, since January 1, 2019, no Acquired Company has been under investigation by any Governmental Body regarding its protection, storage, use, disclosure, and transfer of Personal Datainformation that could reasonably support a claim for such compensation being made.
(e) Since January 1, 2019, no Acquired Company has received any material written claim, complaint, inquiry, or notice from any Person regarding the Company’s collection, processing, use, storage, security, and disclosure of Personal Data.
(f) No Acquired Company has made any commitments under Company Contracts in connection with any Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material Personal Data after the Closing in a substantially similar manner as currently used or permitted to be used by the Acquired Companies.
Appears in 1 contract
Privacy and Information Security. (ai) Except as would notEach Acquired Entity has adopted written policies and procedures that apply to the Acquired Entity with respect to privacy, individually or in data protection, security and the aggregateprocessing of Acquired Entity Data, reasonably be expected to have a Material Adverse Effect, each Acquired Company maintains and those policies and procedures are commercially reasonable procedures and external and internal policies that comply in all material respects with applicable Laws governing Personal Data and are designed Legal Requirements pertaining to protect Personal Data from unauthorized access(A) the collection, processing, use, and disclosure.
(b) Except as would not reasonably be expected to have a Material Adverse Effect, since January 1, 2019, each Acquired Company has been in compliance with (i) the respective Acquired Company’s external and internal written policies, as applicable, governing the security, privacy, transfer transfer, disposal or security of data, User Data or Personal Data (including Legal Requirements, and use of Personal Data; (iiall regulations promulgated and guidance issued by Governmental Bodies thereunder, relating to data-related consents, registrations or notice requirements) applicable Laws governing Personal Data; and (iiiB) all applicable Company Contracts governing Personal Data.
data breach notification, anti-spam, security and spyware (c) Since January 1, 2019, except as would not reasonably be expected to have a Material Adverse Effect, no Acquired Company has experienced any unauthorized access, acquisition, theft, destruction, or disclosure of Personal Data“Information Privacy and Security Laws”). Since January 1, 20192014, none the Company has made available to Parent each Acquired Entity Privacy Policy in effect at any time, which identifies, with respect to each Acquired Entity Privacy Policy the date when each went into effect. Each present, consumer-facing external Acquired Entity Privacy Policy: (A) is displayed on the applicable Acquired Entity Website and referenced in the applicable Acquired Entity XXXX; (B) states that personal data collected thereunder may be transferred in a merger, reorganization, or transfer of substantial assets; and (C) states that data collected thereunder may be transferred to the United States for processing. The Acquired Entities require each user of any Acquired Entity Website and Acquired Entity Software to agree and consent to the applicable Acquired Entity Privacy Policy.
(ii) The Acquired Entities have at all times taken the steps reasonably necessary (including without limitation implementing and monitoring compliance with adequate measures with respect to technical and physical security) to ensure the confidentiality, integrity and security of all Personal Data, User Data and Acquired Entity Databases against loss and against unauthorized or illegal use, modification, interruption, corruption, disclosure or access.
(iii) There has been no unauthorized or illegal use, modification or disclosure of or access to any of the Acquired Companies have been legally required to provide data or information in any notices to data owners of the electronic or other database containing (in connection with an unauthorized disclosure of whole or in part) Personal Data and none of the Acquired Companies have provided any such notice.
(d) There are no claims pending User Data maintained by or, to the Knowledge of the Company, threatened in writing against for any of Acquired Entity at any time (the “Acquired Companies alleging a violation of Entity Databases”), or any Person’s other Personal Data or any Law applicable User Data owned, transmitted, used, stored, received, or controlled by or, to the Processing of Personal Data. To the Knowledge of the Company, since January 1on behalf of any Acquired Entity.
(iv) Each Acquired Entity’s receipt, 2019collection, no Acquired Company has been under investigation by any Governmental Body regarding its protectionmonitoring, maintenance, creation, transmission, use, analysis, disclosure, storage, disposal and security of Acquired Entity Data has complied, and complies with, (i) any Acquired Entity Contract to which an Acquired Entity is a party, (ii) applicable Information Privacy and Security Laws, (iii) PCI DSS, and (iv) each Acquired Entity Privacy Policy. Each Acquired Entity has complied, and complies with, all of the Acquired Entity Privacy Policies, Information Privacy and Security Laws and with each applicable Acquired Entity Contract that governs the receipt, collection, monitoring, maintenance, creation, transmission, use, analysis, disclosure, storage, disposal and transfer security of Personal Acquired Entity Data.
(ev) Since January 1, 2019, no Employees of the Acquired Company has Entities who have access to Personal Data or User Data have received any material written claim, complaint, inquiry, or notice from any Person regarding the Company’s collection, processing, use, storage, security, training (in accordance with leading industry standards and disclosure of Personal Dataapplicable Information and Privacy and Security Laws) with respect to compliance with all applicable Information Privacy and Security Laws.
(fvi) No None of the Acquired Company Entities is aware of any claim indicating or alleging that any Acquired Entity is not or has made any commitments under Company Contracts not been in connection compliance with any material term of any agreement, contractual clause, representation, warranty or covenant it has agreed to with any third party regarding compliance by such Acquired Entity with any obligations to protect privacy, data protection or data security with respect to User Data or Personal Data, which commitments would prevent Purchaser and its Affiliates from using any material Personal Data after the Closing in a substantially similar manner as currently used or permitted to be used by . None of the Acquired CompaniesEntities has pending, current, or prior letters, complaints, subpoenas, court orders, consent decrees, citations, administrative actions, notifications or other claims from a state, federal, national or multi-national governmental entity, or another person alleging breach with respect any Acquired Entity of any of the Information Privacy and Security Laws, and it is not aware of any information that would provide a reasonable basis for any party to assert any such claim or breach, whether or not such Acquired Entity would have grounds to contest any such assertion, claim or alleged breach. None of the Acquired Entities has been fined, penalized, sanctioned, or otherwise required to pay a monetary judgment by any Governmental Body, or entered into any voluntary settlement with any party, in each case, under the Information Privacy and Security Laws, and no claim for such monetary judgments is outstanding, and none of the Acquired Entities is aware of any information that could reasonably support a claim for such compensation being made.
(vii) Neither the execution, delivery or performance of this Agreement or any of the other agreements referred to in this Agreement, nor the consummation of any of the transactions contemplated by this Agreement or any such other agreements, will result in any violation of any Acquired Entity Privacy Policy, Acquired Entity Contract, or any of the Information Privacy and Security Laws.
Appears in 1 contract
Samples: Merger Agreement (Autodesk Inc)
