Privacy and Personal Data. (i) The Company’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has at all times: (i) provided adequate notice and obtained any necessary consents from end users required for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databases, Company Data and other information relating to the Company’s end users will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or Company User Agreements. (ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products. (iii) The Company has established and maintains industry standard (or better) technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. (iv) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating to Company Data. (v) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the Company has not experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): (A) alleging or confirming non-compliance with, or demanding compliance with, a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data. The Company has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments. (vi) Schedule 2.10(q)(vi) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended. (vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database. (viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company. (ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments. (x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer). (xi) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer). (xii) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the Company does not Process the Personal Data of any natural Person under the age of 13. (xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties. (xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance. (xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages. (xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 2 contracts
Samples: Share Purchase Agreement, Share Purchase Agreement (Yelp Inc)
Privacy and Personal Data. (i) The Company’s and each Subsidiary’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company and each Subsidiary has at all times: (i) provided adequate notice and obtained any necessary consents from end users required for the Processing of Personal Data as conducted by or for the Company or any Subsidiary and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the The execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databases, Company Data and other information relating to the Company’s end users will not cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Buyer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company and each Subsidiary has established and maintains industry standard (or better) appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and each Subsidiary and its data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating to Company Dataincident.
(viv) Except as described at Schedule 2.10(q)(v) of Neither the Company Disclosure Letter, the Company nor any Subsidiary has not received or experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company or any Subsidiary to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or (CD) claiming compensation from the Company or (D) requiring or requesting Company. Neither the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete nor any Company Data. The Company Subsidiary has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.10(q)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company and any Subsidiary under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viiivi) Where the Company or any Subsidiary uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are compliant with the Company’s and any Subsidiary’s obligations under Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company or any Subsidiary and each such data processorprocessor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer Buyer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company or any Subsidiary.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter contains an accurate description of the Company’s collection, handling, and security policies applicable to the Company Data.
(viii) All data that the Company or any Subsidiary obtains from a third party pursuant to a data license contract with a third party (“Company-Licensed Data”) is used pursuant to and in conformity with the terms and conditions of such data license contract. A complete and accurate list of all such data license contracts is attached as Schedule 2.10(q)(viii) of the Company Disclosure Letter. All Company Data that is not Company-Owned Data is Company-Licensed Data. All data used in the Business is either Company-Owned Data or Company-Licensed Data.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of Subsidiaries are the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xi) The Company is the owner owners of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.10(q)(ix) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to AcquirerBuyer).
(xiix) Except as described on Schedule 2.10(q)(xii) of Neither the Company Disclosure, the Company does not Process nor any Subsidiary Processes the Personal Data of any natural Person under the age of 13.
(xiiixi) Except as described on Schedule 2.10(q)(xiii) of Neither the Company Disclosurenor any Subsidiary has ever directly stated or indirectly implied that Company Products enhance the security of data (including Personal Data) accessed, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company provided or sent by the Company on behalf of third partiesend users.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 2 contracts
Samples: Membership Interest Purchase Agreement (Eventbrite, Inc.), Membership Interest Purchase Agreement (Pandora Media, Inc.)
Privacy and Personal Data. (i) The Company’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has at all times: (i) provided adequate notice and obtained any necessary consents from end users data subjects required for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has established and maintains industry standard (or better) appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and its data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the The Company has not received or experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company or (D) claiming compensation from the Company. The Company has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.9(q)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor, if applicable) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended. Other than the notifications and registrations set forth on Schedule 2.9(q)(v) of the Company Disclosure Letter, no other registrations or notifications are required in connection with the Processing of Personal Data by Company.
(vi) Where the Company uses a data processor to Process Personal Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company and each such data processor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(vii) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments, including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor, if applicable.
(viii) Schedule 2.10(q)(vii2.9(q)(viii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Company-Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place that have been adopted and maintained with respect to protect each such Company Database.
(viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.9(q)(ix) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xix) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.9(q)(x) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiixi) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the The Company does not Process the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xivi) The Company has received no complaints from any Person pertaining to CASL compliancenever directly stated or indirectly implied that Company Products enhance the security of data (including Personal Data) accessed, and has received no inquiries, requests for information provided or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliancesent by end users.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 2 contracts
Samples: Share Purchase Agreement, Share Purchase Agreement (Marin Software Inc)
Privacy and Personal Data. (i) The Company’s Acquired Companies’ data, privacy and security practices materially conform, and at all times have materially conformed, in all material respects, to all of the Company Privacy CommitmentsPolicies and applicable Privacy Laws, Privacy Laws and Company Data Agreementsincluding those dealing with the registration of data bases. The Company has Acquired Companies have at all times: (i) provided adequate notice and obtained any necessary consents from end users required for the Processing processing of Personal Data as conducted by or for the Company Acquired Companies and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users relating to Personal Data communicated to, or possessed or controlled by, the Acquired Companies (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer Purchaser of all of the Acquired Company databases, Company Personal Data contained therein, and other information relating to the Company’s Acquired Companies’ end users will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any . Copies of all current Company Data Agreements or Company User Agreements.
(ii) Schedule 2.10(q)(ii) Privacy Policies have been made available to Purchaser. To the Knowledge of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has established and maintains industry standard (or better) technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors.
(iv) Except as described in Schedule 2.10(q)(iv) of the Company DisclosureCompany, no breach, security incident or violation of any data security policy in relation to Company Data data owned or controlled by any Acquired Company, including any Personal Data, has occurred or is threatened, and there has been no unauthorized or illegal Processing processing of any Company Datasuch data. No To the Knowledge of the Company, no circumstance has arisen in which which: (i) Privacy Laws would require the Company or any Acquired Company to notify a Governmental Entity of a data security breach or security incident relating to Company Data.
(v) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the Company has not experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): (A) alleging or confirming non-compliance with, or demanding compliance with, a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data. The Company has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(vi) Schedule 2.10(q)(vi) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xi) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently applicable guidance or previously conducted and as necessary to carry on the business codes of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xii) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the Company does not Process the Personal Data of any natural Person practice promulgated under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, Privacy Laws would recommend the Company or sent by the any Acquired Company on behalf to notify a Governmental Entity of third partiesa data security breach.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 2 contracts
Samples: Stock Purchase Agreement (CAESARS ENTERTAINMENT Corp), Stock Purchase Agreement (Caesars Acquisition Co)
Privacy and Personal Data. (i) The Company’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has at all times: (i) provided adequate notice and obtained any necessary consents from end users data subjects required for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-opt out preferences) of end users data subjects relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has established and maintains industry standard (or better) appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and its data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the The Company has not received or experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, noncompliance with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company to amend, rectify, cease Processing, de combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or (CD) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company DataCompany. The Company has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.9(jj)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EUU.S.EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) . To the Company’s knowledge, other than the notifications and registrations set forth on Schedule 2.10(q)(vii2.9(jj)(v) of the Company Disclosure Letter identifies and describes each distinct electronic Letter, no other registrations or other repository or database containing (notifications are required in whole or in part) Company connection with the Processing of Personal Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company DatabaseCompany.
(viiivi) Where the Company uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company and each such data processorprocessor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ixvii) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments, including the Company’s certification under the U.S.EU/Switzerland Safe Harbor. .
(xviii) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned thirdpartyowned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed CompanyLicensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data CompanyData Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed CompanyLicensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed CompanyLicensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.9(t)(ix) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed CompanyLicensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided Made Available to Acquirer).
(xiix) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed CompanyLicensed Data or (ii) the Company purports to own (collectively, “Company-Owned CompanyOwned Data”). The Company has the right to Process all Company-Company Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.9(t) (x) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned CompanyOwned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided Made Available to Acquirer).
(xiix) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the The Company does not Process the Personal Data of any natural Person under the age of 1316.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xivxi) The Company has received no complaints from any Person pertaining to CASL compliancenever directly stated or indirectly implied that Company Products enhance the security of data (including Personal Data) accessed, and has received no inquiries, requests for information provided or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliancesent by end users.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s and each Subsidiary’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has and each Subsidiary have at all times: (i) provided adequate notice and obtained any necessary consents from end users data subjects required for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies published within the previous six years have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has and its Subsidiaries have established and maintains industry standard (or better) technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company, each Subsidiary and their respective data processors have taken commercially reasonable steps to ensure the reliability of their respective employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to require all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company or any Subsidiary to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company or any Subsidiary to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the The Company Disclosure Letter, the Company has or any Subsidiary have not experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming the Company’s or any of its Subsidiaries non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company or any Subsidiary to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or any Subsidiary or (CD) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company DataSubsidiary. The Company has or any Subsidiary have not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.9(r)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s or any Subsidiary’s Processing of Personal Data. All such notifications and registrations (including including, solely to the extent applicable, the Company’s or any Subsidiary’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) . Other than the notifications and registrations set forth on Schedule 2.10(q)(vii2.9(r)(v) of the Company Disclosure Letter identifies and describes each distinct electronic Letter, no other registrations or other repository or database containing (notifications are required in whole or in part) Company connection with the Processing of Personal Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Databaseany Subsidiary.
(viiivi) Where To the extent the Company or any Subsidiary uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s or any Subsidiary’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company and each such data processorprocessor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of CompanyCompany or any Subsidiary.
(ixvii) The Company has or any Subsidiary have not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments, including, solely to the extent applicable, the Company’s or any Subsidiary’s certification under the U.S.-EU/Switzerland Safe Harbor.
(xviii) Schedule 2.9(r)(viii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company or any Subsidiary at any time (the “Company Databases”), the types of Company Data in each such database (including by Company-Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies that have been adopted and maintained with respect to each such Company Database.
(ix) The Company has and its Subsidiaries have valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has and its Subsidiaries have all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has and its Subsidiaries have been and is are in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.9(r)(ix) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xix) The Company is and its Subsidiaries are the owner of all right, title and interest interest, or possesses sufficient rights, in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports and its Subsidiaries purport to own (collectively, “Company-Owned Data”). The Company has and its Subsidiaries have the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.9(r)(x) of the Company Disclosure Letter, the Company or any Subsidiary has not entered into any Contract governing any Company-Owned Data or to which the Company or any Subsidiary is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiixi) Except as described on Schedule 2.10(q)(xii) of the The Company Disclosure, the Company or any Subsidiary does not Process the Personal Data of any natural Person under the age of 13.
(xiiixii) Except as described on Schedule 2.10(q)(xiiiThe Company or any Subsidiary has never directly stated or indirectly implied that Company Products enhance the security of data (including Personal Data) of the Company Disclosureaccessed, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company provided or sent by the Company on behalf of third partiesend users.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Samples: Merger Agreement (Rocket Fuel Inc.)
Privacy and Personal Data. (ia) The Company’s data, and each Subsidiary’s privacy and security practices materially conformand Processing of Personal Data conform to and comply with, and at all times since January 1, 2015 have materially conformedconformed to and complied with, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has at all timesand each Subsidiary has: (i) provided adequate notice and obtained any necessary consents from end users individuals as required by applicable Privacy Laws for the Processing of Personal Data as conducted by or for the Company or any Subsidiary and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users individuals relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither Except as disclosed on Schedule 2.11, the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databases, Company Data and other information relating to the Company’s end users will not cause, constitute, or result in a breach or violation of any Privacy Laws or Laws, Company Privacy Commitments, any Company Data Agreements Agreements, or Company User Agreements.
(ii) Schedule 2.10(q)(ii) standard terms of service entered into by end users of the Company Disclosure Letter contains Products relating to the Processing of Personal Data. All Company Websites contain privacy notices or policies, as applicable. To the knowledge of the Company, the Company does not store or maintain sensitive Personal Data except in a manner consistent with Company Privacy Policies and in a manner that provides commercially-reasonable secure storage and protection of such information. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Productscomplete.
(iiib) The Company and each Subsidiary has established and maintains industry standard (or better) commercially reasonable technical, physical and organizational measures and security systems and technologies in designed for compliance with all applicable data security requirements under Privacy Laws and Laws, Company Privacy Commitments that are Commitments, and cybersecurity laws, and designed to protect Company Personal Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors.
(ivc) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or material violation of any data security policy in relation to Company Personal Data has occurred or is to the knowledge of the Company has been threatened, and to the knowledge of the Company there has been no unauthorized or illegal Processing of any Company Personal Data. No circumstance has arisen in which applicable Privacy Laws or cybersecurity laws would require the Company or any Subsidiary to notify a Governmental Entity and/or individuals of a data security breach or security incident relating to Company Dataincident.
(vd) Except as described at Schedule 2.10(q)(v) of Neither the Company Disclosure Letter, the Company nor any Subsidiary has not experienced or received written notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company or any Subsidiary to amend, rectify, cease Processing of Personal Data, de-combine, permanently anonymize, block or delete any Personal Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or any Subsidiary or (CD) claiming compensation from the Company or any Subsidiary. There is no circumstance (Dincluding any circumstance arising as a result of an audit or inspection carried out by any Governmental Entity) requiring that would reasonably be expected to give rise to any such Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or requesting allegation from a Governmental Entity or any other Person. Neither the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete nor any Company Data. The Company Subsidiary has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(vie) Schedule 2.10(q)(vi2.11(e) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities (including pursuant to the Company’s compliance with GDPR and the Company’s certification under the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield) in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) registration. Other than the notifications and registrations set forth on Schedule 2.10(q)(vii2.11(e) of the Company Disclosure Letter identifies and describes each distinct electronic Letter, to the knowledge of the Company, no other registrations or other repository or database containing (notifications are required in whole or in part) Company connection with the Processing of Personal Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company DatabaseCompany.
(viiif) Where the Company or any Subsidiary uses a data processor to Process Personal Data on behalf (including Company-Licensed Data), the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data (including Company-Licensed Data), confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company or such Subsidiary and each such data processor. The Company has made available to Acquirer true, correct and complete copies processor that complies with the requirements of all such ContractsPrivacy Laws and Company Privacy Commitments. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of CompanyCompany or any Subsidiary.
(ixg) The Neither the Company nor any Subsidiary has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments, including the Company’s certification under the U.S.-EU Privacy Shield or Swiss-U.S. Privacy Shield.
(xh) Neither the Company nor any Subsidiary has processed any Personal Data in a manner that would constitute a “sale” under the California Consumer Protection Act, Cal. Civ. Code. § 1798.100 et seq.
(i) Schedule 2.11(i) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Personal Data maintained by or for the Company or any Subsidiary at any time (the “Company Databases”), the types of Personal Data in each such database, the means by which the Personal Data was collected or received and the security policies that have been adopted and maintained with respect to each such Company Database.
(j) The Company and each Subsidiary has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data data, (including Personal Data), howsoever obtained or collected by or for the Company Company, in the manner that it is Processed by or for the Company or any Subsidiary, including in relation to delivery of the Company Products (all such data, “Company-Licensed Data”). The Company and each Subsidiary has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to Process, retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties any Person rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conductedBusiness, including the delivery of the Company Products. The Company and each Subsidiary has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, including in relation to international transfers of Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xik) The Company is and the owner Subsidiaries are the owners of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports or the Subsidiaries purport to own (collectively, “Company-Owned Data”). The Company has and the Subsidiaries have the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiil) Except as described on Schedule 2.10(q)(xii) To the knowledge of the Company DisclosureCompany, other than the Personal Data of the dependents of Employees which is processed for the purpose of providing employee benefits, neither the Company does not Process nor any Subsidiary Processes the Personal Data of any natural Person under the age of 1316.
(xiiim) Except as described on Schedule 2.10(q)(xiii) of Neither the Company Disclosurenor any Subsidiary has directly stated or implied that Company Products enhance the security of Personal Data accessed, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company provided or sent by the Company on behalf of third partiesend users.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has at all times, if and as applicable to the Business: (i) provided adequate notice and obtained any necessary consents from end users data subjects required for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of The Company has, and the Company Disclosure Letter contains a truehas contractually required its data processors to, correct and complete copy of each Company Privacy Policy in effect at any time and identifiestake commercially reasonable steps to ensure, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has established and maintains industry standard (or better) technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and, to the Company’s knowledge, its data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments, and to require that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the The Company has not experienced or received notice of andreceived, and to the knowledge of the Company, there is no circumstance event (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation allegation, from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, by the Company with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company or (D) claiming compensation from the Company. The Company has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.9(r)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended. Other than the notifications and registrations set forth on Schedule 2.9(r)(v) of the Company Disclosure Letter, no other registrations or notifications are required in connection with the Processing of Personal Data by Company.
(vi) Where the Company uses a data processor to Process Personal Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company and each such data processor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(vii) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(viii) Schedule 2.10(q)(vii2.9(r)(viii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Company-Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place that have been adopted and maintained with respect to protect each such Company Database.
(viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.9(r)(ix) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xix) The Company is the owner of all right, title and interest interest, or has sufficient rights, in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.9(r)(x) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiixi) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the The Company does not Process the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xivi) The Company has received no complaints from any Person pertaining to CASL compliancenever directly stated or indirectly implied that Company Products enhance the security of data (including Personal Data) accessed, and has received no inquiries, requests for information provided or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliancesent by end users.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Samples: Agreement and Plan of Reorganization (Marin Software Inc)
Privacy and Personal Data. (i) The Company’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data AgreementsAgreements in all material respects. The Company has at all times: (i) provided adequate notice and obtained any necessary consents from end users data subjects required under Applicable Laws for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data as required under Applicable Laws (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither Except as set forth in Schedule 2.9(q)(i) of the Company Disclosure Letter, neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User Agreements.
(ii) Products. Other than as set forth in Schedule 2.10(q)(ii2.9(q)(i) of the Company Disclosure Letter contains a Letter, copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Productscomplete.
(iiiii) The Company has established and maintains industry standard (or better) commercially reasonable technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and, to the knowledge of the Company, its data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the The Company has not received or experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company or (D) claiming compensation from the Company. The Company has not been involved in a party to any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.9(q)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company required under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) . Other than the notifications and registrations set forth on Schedule 2.10(q)(vii2.9(q)(v) of the Company Disclosure Letter identifies and describes each distinct electronic Letter, no other registrations or other repository or database containing (notifications are required in whole or in part) Company connection with the Processing of Personal Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company DatabaseCompany.
(viiivi) Where Other than as set forth in Schedule 2.9(q)(vi) of the Company Disclosure Letter, where the Company uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures that are sufficient for the Company’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company and each such data processorprocessor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ixvii) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA European Economic Area (the “EEA”) outside the EEA, except where such transfers have complied complied, in all material respects, with the requirements of Privacy Laws and Company Privacy Commitments.
(xviii) Schedule 2.9(q)(viii) of the Company Disclosure Letter describes the Company’s practices with respect to collection and storage of Company Data in databases maintained by or for the Company at any time (the “Company Databases”), including with respect to the types of Company Data in each Company Databases and the security policies that have been adopted and maintained with respect to each such Company Database.
(ix) The Company has subsisting and to the knowledge of the Company, valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.9(q)(ix) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xix) The Company is the owner of owns all right, title and or interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.9(q)(x) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiixi) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the The Company does not Process the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xivxii) The Company has received no complaints from any Person pertaining to CASL compliancenever directly stated that Company Products enhance the security of data (including Personal Data) accessed, and has received no inquiries, requests for information provided or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliancesent by end users.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s and its Subsidiaries’ data, privacy and security practices materially conform, and at all times have materially conformed, to all of the applicable Company Privacy Commitments, Commitments (as defined below) and Privacy Laws and Company Data Agreements. Laws.
(ii) The Company has and its Subsidiaries have at all times: (iA) as required by applicable Privacy Laws, provided adequate commercially reasonable notice and obtained any necessary consents from end users Persons required for the Processing processing of Personal Data as conducted by or for the Company and Company, (iiB) if required by applicable Privacy Laws, abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users Persons relating to their Personal Data, and (C) materially adhered to and complied with all obligations, commitments and restrictions related to and governing the collection, use, disclosure, transfer or processing of Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databases, Company Data and other information relating to the Company’s end users will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or Company User Agreements.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has and its Subsidiaries have established and maintains industry standard (or better) maintain commercially reasonable technical, physical and organizational measures and measures, including policies, procedures, security systems and technologies technologies, in material compliance with all relevant data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company the confidentiality, integrity and availability of Personal Data and other Confidential Information and protect it against accidental accidental, unauthorized or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the use or processing. The Company and its data processorsSubsidiaries have taken commercially reasonable steps to ensure the reliability of its employees, contractors and personnel of its service providers that process Personal Data or have access to Confidential Information.
(iv) Except as described in set forth on Schedule 2.10(q)(iv3.19(n)(iv), (1) of the Company Disclosure, there has been no breach, data breach or security incident that resulted in the unauthorized acquisition of or violation of any data security policy access to Personal Data in relation to Company Data has occurred Company’s or is threatenedits Subsidiaries’ possession, and (2) there has been no unauthorized or illegal Processing unlawful processing of any Company Data. No Personal Data in Company’s or its Subsidiaries’ possession, and (3) no circumstance has arisen in which Privacy Laws would require the Company or its Subsidiaries to notify a Governmental Entity Authority or other Person of a data security breach or security incident relating to Company Dataincident.
(v) Except as described at Schedule 2.10(q)(v) of the The Company Disclosure Letterand its Subsidiaries have not received written notice regarding, the Company has not or experienced or received notice of and, to the knowledge of the Company, and there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental EntityAuthority) that would reasonably be expected to give rise to, any Legal ProceedingAction, Order, notice, communicationorder, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): Authority: (A) alleging or confirming non-compliance with, or demanding compliance with, a relevant requirement of with Privacy Laws or Company Privacy Commitments, or (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company DataCompany. The Company has and its Subsidiaries have not been involved in any Legal Proceedings Actions involving a material breach or alleged material breach of relevant Privacy Laws or other Company Privacy Commitments.
(vi) Schedule 2.10(q)(vi) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xi) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xii) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the Company does not Process the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s and each Subsidiary’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company and each Subsidiary has at all times: (i) provided adequate notice and obtained any necessary consents from end users required for the Processing of Personal Data as conducted by or for the Company or any Subsidiary and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over transfer by Acquirer the Company or any Subsidiary to the Final Surviving Entity of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users Personal Data will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company and each Subsidiary has established and maintains industry standard (or better) appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and each Subsidiary and its data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating to Company Dataincident.
(viv) Except as described at Schedule 2.10(q)(v) of Neither the Company Disclosure Letter, the Company nor any Subsidiary has not received or experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company or any Subsidiary to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or (CD) claiming compensation from the Company or (D) requiring or requesting Company. Neither the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete nor any Company Data. The Company Subsidiary has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.10(q)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company and any Subsidiary under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viiivi) Where the Company or any Subsidiary uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are compliant with the Company’s and any Subsidiary’s obligations under Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company or any Subsidiary and each such data processorprocessor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company or any Subsidiary.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter contains an accurate description of the Company’s collection, handling, and security policies applicable to the Company Data.
(viii) All data that the Company or any Subsidiary obtains from a third party pursuant to a data license contract with a third party (“Company-Licensed Data”) is used pursuant to and in conformity with the terms and conditions of such data license contract. A complete and accurate list of all such data license contracts is attached as Schedule 2.10(q)(viii) of the Company Disclosure Letter. All Company Data that is not Company-Owned Data is Company-Licensed Data. All data used in the Business is either Company-Owned Data or Company-Licensed Data.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of Subsidiaries are the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xi) The Company is the owner owners of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.10(q)(ix) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiix) Except as described on Schedule 2.10(q)(xii) of Neither the Company Disclosure, the Company does not Process nor any Subsidiary Processes the Personal Data of any natural Person under the age of 13.
(xiiixi) Except as described on Schedule 2.10(q)(xiii) of Neither the Company Disclosurenor any Subsidiary has ever directly stated or indirectly implied that Company Products enhance the security of data (including Personal Data) accessed, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company provided or sent by the Company on behalf of third partiesend users.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s data, privacy and security practices materially conform, and at all times have materially conformedconformed in all material respects, to all of the Company applicable Privacy Commitments, Privacy Laws and Company Data Agreements. Laws.
(ii) The Company has at all times: (iA) provided adequate notice and obtained any necessary consents from end users Persons required for the Processing of Personal Data as conducted by or for the Company and Company, (iiB) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users Persons relating to their Personal Data and (such obligations along C) strictly adhered to and fully complied with those contained all obligations, commitments and restrictions related to and governing the Processing of Company Data, in each case, under Privacy Law applicable to the Company or Company Privacy Policies, Policies (collectively, “Company Privacy Commitments”). The Company has established and maintains commercially reasonable controls and measures to evaluate, monitor and ensure its compliance with all Company Privacy Commitments. Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer Parent of all of the Company databases, Company Data and other information relating to the Company’s end users Company will cause, constitute, or result in a breach or violation of any applicable Privacy Laws or other Company Privacy Commitments, any Company Data Agreements or Company User Agreements.
(ii) Schedule 2.10(q)(ii) agreements entered into by customers of the Company Disclosure Letter contains a Products. Copies of all current and prior Company Privacy Policies have been made available to Parent and such copies are true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Productscomplete.
(iii) The Company has established and maintains industry standard (or better) commercially reasonable technical, physical and organizational measures and measures, including policies, procedures, security systems and technologies technologies, in compliance in all material respects with all data security requirements under Privacy Laws and the Company Privacy Commitments that are designed to protect the confidentiality, integrity and availability of ICT Infrastructure, Company Data and other Confidential Information and protect it against accidental accidental, unauthorized or unlawful Processing in Processing. The Company implements and maintains such measures pursuant to a manner comprehensive written information security program. The Company has taken appropriate steps to confirm the risks represented by the Processing reliability of its employees, contractors and personnel of its service providers that Process Company Data or have access to Confidential Information, to train such individuals on all applicable aspects of Privacy Laws and other Company Privacy Commitments and to ensure that all such individuals are under written obligations of confidentiality with respect to such data by the Company and its data processorsinformation.
(iv) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy Privacy Laws applicable to the Company or other Company Privacy Commitments in relation to Company Data or ICT Infrastructure has occurred or is threatenedoccurred, and there has been no unauthorized or illegal unlawful Processing of any Company Data. No To the Knowledge of the Company, no circumstance has arisen in which which: (A) Privacy Laws would require the Company to notify a Governmental Entity or other Person of a data security breach or security incident relating or (B) applicable guidance or codes of practice promulgated under Privacy Laws applicable to the Company Datawould recommend the Company to notify a Governmental Entity or other Person of a data security breach.
(v) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the The Company has not received or experienced or received notice of and, to the knowledge Knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal ProceedingAction, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): Person: (A) alleging or confirming non-compliance with, or demanding compliance with, a relevant requirement of Privacy Laws or with Company Privacy CommitmentsCommitments or Privacy Laws, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, or (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company. The Company has not been involved in any Legal Proceedings Actions involving a breach or alleged breach of Privacy Laws or other Company Privacy Commitments.
(vi) Schedule 2.10(q)(vi) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xi) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xii) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the Company does not Process the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Samples: Membership Interest Purchase Agreement (TrueCar, Inc.)
Privacy and Personal Data. (i) The Company’s and each Subsidiary’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Commitments (as defined below) and Privacy Laws and Company Data AgreementsLaws. The Company is not a “Covered Entity” or “Business Associate” as such terms are defined in the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and to the Knowledge of the Company, neither the Company nor any Subsidiary has or Processes any “protected health information” as such term is defined by HIPAA.
(ii) The Company and each Subsidiary has at all times: (iA) provided adequate notice and obtained any necessary consents from end users data subjects as required by applicable Privacy Law for the Processing of Personal Data as conducted by or for the Company and or its Subsidiaries, (iiB) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data Data, and (such obligations along C) complied with those contained in all obligations, commitments and restrictions related to and governing the Processing of Personal Data, as required by applicable Privacy Law, or by the terms of the applicable Company Privacy Policies, Policy (collectively, “Company Privacy Commitments”). The Company and each of its Subsidiaries has established and maintains controls and measures to evaluate, monitor and ensure its compliance with all Company Privacy Commitments. Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all consummation of the Company databases, Company Data and other information relating to the Company’s end users Transactions will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or Company User Agreements.
(ii) Schedule 2.10(q)(ii) standard terms of service entered into by individual users of the Company Disclosure Letter contains a Products whose Personal Data is Processed by the Company. Copies of all current and prior Company Privacy Policies have been made available to Purchaser and such copies are true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Productscomplete.
(iii) The Company has established and maintains industry standard (or better) commercially reasonable written technical, physical and organizational measures measures, and security systems and technologies in compliance with all data security requirements under applicable Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental accidental, unauthorized or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company’s comprehensive written information security program described above has been designed using and complies with ISO/IEC 27001 and the SOC 2 (Type 2) security standards, and an independent third party has certified the compliance of the Company with such standards. The Company and, to the Knowledge of the Company, its data processors have taken appropriate steps to ensure the reliability of its employees and contractors that have access to Company Data, to train such employees and contractors on all applicable aspects of Privacy Laws and other Company Privacy Commitments and to ensure that all employees and contractors with the right to access such data are under written obligations of confidentiality with respect to such data.
(iv) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy Privacy Laws in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No To the Knowledge of the Company, no circumstance has arisen in which Privacy Laws would require the Company to notify a Governmental Entity or data subject of a data security breach or security incident relating to Company Dataincident.
(v) Except as described at Schedule 2.10(q)(v) of Neither the Company Disclosure Letter, the Company nor any Subsidiary has not received or experienced or received notice of and, to the knowledge Knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal ProceedingAction, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or other Company Privacy Commitments, (B) requiring or requesting the Company or its Subsidiaries to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, except for data subject requests Processed in the ordinary course of business, as required by applicable Privacy Law, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company with respect to the violation of any applicable Privacy Laws or Company Privacy Commitments or (CD) claiming compensation from the Company or (D) requiring any Subsidiary with respect to the violation of any applicable Privacy Laws or requesting Company Privacy Commitments. Neither the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete nor any Company Data. The Company Subsidiary has not been involved in any Legal Proceedings Actions involving a breach or alleged breach of Privacy Laws or other Company Privacy Commitments.
(vi) Schedule 2.10(q)(vi) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xi) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xii) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the Company does not Process the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s Company and the Subsidiaries’ data, privacy and security practices materially conform, and at all times have materially conformed, to all of the complied and materially comply with Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has at all times: (i) provided adequate notice , and obtained any necessary consents from end users required for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all consummation of the Company databases, Company Data Transactions do not and other information relating to the Company’s end users will cause, not constitute, or result in a breach or violation of any Privacy Laws or Laws, Company Privacy Commitments, Commitments or any Company Data Agreements or Agreements. Copies of the current and most recent prior version of the Company User AgreementsPrivacy Policies have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) The Company and the Subsidiaries have all contractual or rights under Privacy Laws, as necessary to collect and Process all Personal Data and Confidential Information used in the Business of the Company Disclosure Letter contains a trueand its Subsidiaries and, correct to the knowledge of the Company, the Company’s and complete copy of each Company Privacy Policy in effect at the Subsidiaries’ data collection practices do not violate any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was third party’s rights or has been in effect; (B) whether the breach any applicable terms of a later Company Privacy Policy apply to the data service or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Productsother restrictions.
(iii) The Company has and the Subsidiaries have established and maintains industry standard (or better) maintain commercially reasonable technical, physical and organizational controls, policies, procedures, safeguards, measures and security systems systems, plans and technologies in accordance with appropriate industry standards and in compliance with all data security requirements under Privacy Laws, Company Data Agreements and Company Privacy Commitments. The Company and each of the Subsidiaries has implemented and maintains commercially reasonable security, disaster recovery and business continuity plans and acts in compliance therewith and has tested such plans on a periodic basis, and such plans have proven effective upon testing. The Company and the Subsidiaries have taken commercially reasonable steps to ensure the reliability of its employees and contractors who have access to Company Data, to train such employees on applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that are designed all employees with the right to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of access such data by the Company and its data processorsare under written obligations of confidentiality with respect to such data.
(iv) Except as described in Schedule 2.10(q)(iv) Neither Company nor any of the Company Disclosure, no breach, security incident or violation of any data security policy in relation to Company Data Subsidiaries has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating to Company Data.
(v) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the Company has not experienced or received written notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result Proceeding or allegation communication from a Governmental Entity or any other Person (including an end user): (A) alleging relating to any Security Incident or confirming non-compliance with, or demanding compliance with, a relevant requirement violation of Privacy Laws or Company Privacy Commitments, or any Person’s individual privacy rights (B) permitting or mandating relevant Governmental Entities except, with regard to investigate, requisition information from, or enter any Person’s exercise of individual privacy rights within the premises of, the Company, (C) claiming compensation from ordinary course of business which are handled appropriately in accordance with Privacy Laws by the Company or (Dany of its Subsidiaries within the applicable timeline) requiring involving Company Data in the possession or requesting control of the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any of its Subsidiaries. Neither the Company Data. The Company nor any of the Subsidiaries has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.10(p)(v) of the Company Disclosure Letter contains the complete list as of notifications and the Effective Time of registrations made by the Company and the Subsidiaries under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, and the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended. Other than the registrations set forth on Schedule 2.10(p)(v) of the Company Disclosure Letter, no other registrations with Governmental Entities are required in connection with the Processing of Personal Data by Company or any of the Subsidiaries.
(vi) Neither the Company nor any of the Subsidiaries Process the Personal Data of any natural Person known to be under the age of 13 (or other age applicable to children as such term is defined under Applicable Laws).
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viii) Where the Company or any of the Subsidiaries uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract Company Data Agreement between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies processor that materially complies with the requirements of all such ContractsPrivacy Laws and Company Privacy Commitments. To the knowledge of the Company, such data processors have not breached any such Contracts Company Data Agreements pertaining to Personal Data Processed by such Persons on behalf of CompanyCompany or any of the Subsidiaries.
(ixviii) The Neither the Company nor any of the Subsidiaries has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, (or from any other jurisdiction with restrictions on the transfer of Personal Data), except where such transfers have complied with the requirements of Privacy Laws Laws, Company Data Agreements and Company Privacy Commitments.
(xix) The Company has valid and subsisting contractual rights Except with respect to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company “protected health information” (as such term is defined in the manner that it is Processed Health Insurance Portability and Accountability Act of 1996 as amended by or the Health Information Technology for the Company (all such data, “Company-Licensed Data”). The Company has all rights, Economic and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rightsClinical Health Act of 2009, as the case may be, otherwise amended from time to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Datatime, and the consummation of rules and regulations promulgated thereunder, including the Privacy Standards (45 C.F.R. Parts 160 and 164), the Electronic Transactions will not conflict withStandards (45 C.F.R. Parts 160 and 162), and the Security Standards (45 C.F.R. Parts 160, 162 and 164) (“HIPAA”) or result in for any violation or breach of, or default under, similar term under any such Contract. Schedule 2.10(q)(xother applicable Privacy Laws) provided by employees of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which or the Subsidiaries and such employees’ beneficiaries, and maintained by the Company is a party or is bound by, except and the standard terms of use entered into by users of Subsidiaries in connection with the Company Products (copies of which have been provided to Acquirer).
(xigroup health plan(s) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.12(a) of the Company Disclosure Letter, neither the Company has not entered into nor any Contract governing any Company-Owned Data of the Subsidiaries receives, Processes or stores information that is subject to which HIPAA. To the extent the Company or its Subsidiaries Process or store information that is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided subject to Acquirer).
(xii) Except as described on Schedule 2.10(q)(xii) of the Company DisclosureHIPAA, the Company does not Process and the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable antiSubsidiaries have entered into HIPAA-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents compliant Contracts with respect to the computer programs protection of such information. Neither the Company nor any of the Subsidiaries has agreed in writing that it has, is a “Business Associate” (as such term is defined in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASLHIPAA).
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s and each member of the Parent Group’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the applicable Company Privacy CommitmentsCommitments (defined below), Privacy Laws and Company Data Agreements. The Company has and each member of the Parent Group (with respect to the Business) have at all times: (i) provided adequate notice and obtained any necessary consents from end users data subjects required for the Processing of Personal Data as conducted by or for Company or the Company Business and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data (such obligations obligations, along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer transfer to Acquiror of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users or any member of the Parent Group’s customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Purchaser and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) Company and the members of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, Parent Group (with respect to each Company Privacy Policy: (Athe Business) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has have established and maintains industry standard (or better) maintain appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under applicable Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its the Parent Group and their data processors. Company and the members of the Parent Group and their data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except To the knowledge of Company and Parent as described in Schedule 2.10(q)(iv) of the Company Disclosuredate of this Agreement, no breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) applicable Privacy Laws would require Company or any member of the Company Parent Group (with respect to the Business) to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice expressly promulgated under Privacy Laws would recommend Company or any member of the Parent Group (with respect to Company Datathe Business) to notify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) Company and the members of the Company Disclosure LetterParent Group have not received or experienced, the Company has not experienced or received notice of and, to the knowledge of the Company, and there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting Company or the Company members of the Parent Group (with respect to the Business) to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, Company or the members of the Parent Group (with respect to the Business) or (D) claiming compensation from Company or the members of the Parent Group (with respect to the Business). The Company has and the members of the Parent Group (with respect to the Business) have not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.9(dd)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by Company and each member of the Company Parent Group (with respect to the Business) under Privacy Laws with relevant Governmental Entities in connection with the Company’s and each member of the Parent Group’s (with respect to the Business) Processing of Personal Data. All such notifications and registrations Data (including the Company’s and member of the Parent Group’s (with respect to the Business) certification under the U.S.-EU/Switzerland Safe Harbor) . Such notifications and registrations are valid, accurate, complete and fully paid up and, to the knowledge of the Company, and the consummation of the Transactions Mergers will not invalidate such notification or registration or require such notification or registration to be amended. Other than the notifications and registrations set forth on Schedule 2.9(dd)(v) of the Company Disclosure Letter, no other registrations or notifications are required in connection with the Processing of Personal Data by Company or any member of the Parent Group (with respect to the Business).
(vi) Where Company and any member of the Parent Group (with respect to the Business) use a data processor to Process Personal Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for Company’s and each member of the Parent Group’s compliance with applicable Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between Company or such member of the Parent Group and each such data processor that complies with the requirements of all applicable Privacy Laws and Company Privacy Commitments. Company and the members of the Parent Group have made available to Acquiror true, correct and complete copies of all such Contracts. To the knowledge of Company and Parent as of the date of this Agreement, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company or the members of the Parent Group.
(vii) Company and the members of the Parent Group (with respect to the Business) have not transferred Personal Data originating in the European Economic Area outside the European Economic Area, except where such transfers have complied with the requirements of applicable Privacy Laws and Company Privacy Commitments, including Company’s or such member of the Parent Group’s certification under the U.S.-EU/Switzerland Safe Harbor.
(viii) Schedule 2.10(q)(vii2.9(dd)(viii) of the Company Disclosure Letter identifies and describes describes, as of the date of this Agreement, each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for Company and any member of the Company Parent Group (with respect to the Business) at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Company-Licensed Data and Company Company-Owned Data), the means by which the Company Data was collected or received and the security policies in place that have been adopted and maintained with respect to protect each such Company Database.
(viii) Where . Company and the Company uses a data processor to Process Personal Data on behalf members of the Company, there is in existence a written Contract between Parent Group (with respect to the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors Business) have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is currently Processed by or for Company and each member of the Company Parent Group (with respect to the Business) (all such data, “Company-Licensed Data”). The Company has and each member of the Parent Group have all rights, and all permissions or authorizations required under applicable Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has and each member of the Parent Group (with respect to the Business) have been and is are in compliance with all Contracts pursuant to which Company and such member of the Company Parent Group Processes or has have Processed Company-Licensed Data, and the consummation of the Transactions Mergers will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.10(dd)(viii) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which Company and the Company is members of the Parent Group (with respect to the Business) are a party or is are bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to AcquirerAcquiror).
(xiix) The Company is and the members of the Parent Group (with respect to the Business) are a licensee of or the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) Company and the Company purports members of the Parent Group (with respect to the Business) purport to own (collectively, “Company-Owned Data”). The Company has and the members of the Parent Group (with respect to the Business) have the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.9(dd)(ix) of the Company Disclosure Letter, Company and the Company has members of the Parent Group (with respect to the Business) have not entered into any Contract governing restricting Company’s use or Processing of any Company-Owned Data or to which the Company is a party or bound byData, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to AcquirerAcquiror).
(xiix) Except as described on Schedule 2.10(q)(xii) Company and the members of the Company Disclosure, Parent Group (with respect to the Company does Business) do not knowingly Process the Personal Data of any natural Person under the age of 13.
(xiiixi) Except as described on Schedule 2.10(q)(xiii) Company and each member of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
Parent Group (xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it hasBusiness) has implemented and maintains a comprehensive security plan which is designed to do the following: (i) identify internal and external risks to the security of the Confidential Information, including personally identifiable information; (ii) implement, monitor and improve adequate and effective administrative, electronic and physical safeguards to control those risks; and (ii) maintain notification procedures in compliance with applicable Legal Requirements in the course case of commercial activityany breach of security compromising unencrypted data containing personally identifiable information. To the knowledge of Company and Parent as of the date of this Agreement, installed neither Company nor any member of the Parent Group (with respect to the Business) has experienced any breach of security or caused otherwise unauthorized access by third parties to be installed on any other Personthe Confidential Information, including personally identifiable information in Company’s computer systemor such member of the Parent Group’s possession, within the meaning of CASLcustody or control.
Appears in 1 contract
Samples: Agreement and Plan of Merger and Reorganization (Glu Mobile Inc)
Privacy and Personal Data. (i) The Company’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has at all times: (i) provided adequate notice and obtained any necessary consents from end users data subjects required for the Processing of Personal Data as conducted by or for the Company and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has established and maintains industry standard (or better) appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and its data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the The Company has not received or experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, (C) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company or (D) claiming compensation from the Company. The Company has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.. 28
(viv) Schedule 2.10(q)(vi2.9(jj)(v) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) . To the Company’s knowledge, other than the notifications and registrations set forth on Schedule 2.10(q)(vii2.9(jj)(v) of the Company Disclosure Letter identifies and describes each distinct electronic Letter, no other registrations or other repository or database containing (notifications are required in whole or in part) Company connection with the Processing of Personal Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company DatabaseCompany.
(viiivi) Where the Company uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company and each such data processorprocessor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ixvii) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments, including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor. .
(xviii) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Company-Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.9(t)(ix) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided Made Available to Acquirer).
(xiix) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.9(t)(x) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided Made Available to Acquirer).. 29
(xiix) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the The Company does not Process the Personal Data of any natural Person under the age of 1316.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xivxi) The Company has received no complaints from any Person pertaining to CASL compliancenever directly stated or indirectly implied that Company Products enhance the security of data (including Personal Data) accessed, and has received no inquiries, requests for information provided or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliancesent by end users.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Samples: Merger Agreement (Facebook Inc)
Privacy and Personal Data. (i) The Company’s and each Subsidiary’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company has and each Subsidiary comply, and have at all times have complied, with all Privacy Laws. The Group Companies have at all times: (i) provided adequate notice and obtained any necessary consents from end users required for the Processing of Personal Data as conducted by or for the Company or any Subsidiary and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users relating to Personal Data (such obligations along with those contained in Company Privacy Policies, Policies and Privacy Laws (collectively, the “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over transfer by Acquirer the Company or any Subsidiary to the Final Surviving Entity of all of the Company databases, Company Data and other information relating to the Company’s end users (including all Personal Data) will cause, constitute, or result in a material breach or material violation of any Privacy Laws Laws, or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Modern Media and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has Group Companies have established and maintains industry standard (or better) maintain commercially reasonable technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under applicable Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental unauthorized or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Group Companies and its data processors have taken commercially reasonable steps to train Company employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company Products.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no The Group Companies have not suffered any security breach, security incident incident, or violation of any data security policy policies in relation to Company Data has occurred or is threatenedData, and there has been no intentional, unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which Privacy Laws would require the Company to notify a Governmental Entity of a data security breach or security incident relating to Company Databreach, as defined by relevant Privacy Law.
(viv) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the No Group Company has not experienced received or received notice of experienced, and, to the knowledge Knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal ProceedingDispute, Order, notice, communication, warrant, regulatory opinion, audit result Order or allegation other notice from a Governmental Entity or any other Person (including an end user): Person: (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company or any Subsidiary to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or (CD) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company DataCompany. The No Group Company has not been involved in any Legal Proceedings Disputes involving a breach or alleged breach violation of Privacy Laws or Laws, Company Privacy Commitments.
(vi, or Privacy Policies. Schedule 3.11(p)(iv) Schedule 2.10(q)(vi) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company and any Subsidiary under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of Personal Data. All such notifications and registrations (including the Company’s certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viiiv) Where the Company uses Group Companies use a data processor third party to Process Personal Data on behalf of any one of the CompanyGroup Companies, there is in existence a written Contract between the third party has agreed to comply with applicable Company Privacy Commitments, Privacy Laws, and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such ContractsPrivacy Policies. To the knowledge Knowledge of the Company, such data processors third parties have not breached any such Contracts obligations pertaining to Personal Data Processed by such Persons on behalf of CompanyCompany or any Subsidiary. The Company has made available to Modern Media true, correct and complete copies of all Privacy Contracts that are currently in force.
(ixvi) The Company has not transferred Group Companies have a valid and legal right (whether contractually, by law or permitted the transfer of otherwise) to access or use all Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements and any other information of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner any Person that it is Processed by or for on behalf of the Group Companies in connection with the use and/or operation of its products, services and business.
(vii) All data that the Company or any Subsidiary obtains from a third party pursuant to a data license Contract with a third party (all such data, “Company-Licensed Data”) is used pursuant to and in conformity with the terms and conditions of such data license Contract. A complete and accurate list of all such data license Contracts is attached as Schedule 3.11(p)(vii). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including All Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the that is not Company-Licensed Owned Data as necessary for the operation of the Business as presently conducted. The Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and . All data used in the consummation business of the Transactions will not conflict with, Group Companies is either Company-Owned Data or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer)Data.
(xiviii) The Company is Group Companies are the owner owners of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business their business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter3.11(p)(viii), the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to AcquirerModern Media).
(xiiix) Except as described on Schedule 2.10(q)(xii) of the No Group Company Disclosure, the Company does not Process intentionally Processes the Personal Data of any natural Person under the age of 13.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Samples: Business Transaction Agreement (Modern Media Acquisition Corp.)
Privacy and Personal Data. (i) The CompanyJiff’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Jiff Privacy Commitments, Privacy Laws and Company Jiff Data Agreements. The Company Jiff has at all times: (i) provided adequate notice and obtained any necessary consents from end users required for the Processing of Personal Data as conducted by or for the Company Jiff and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users relating to Personal Data Data, in each case to the extent required by Applicable Law (such obligations along with those contained in Company Jiff Privacy Policies, collectively, “Company Jiff Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all consummation of the Company databases, Company Data and other information relating to the Company’s end users Transactions will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Jiff Privacy Commitments, any Company Jiff Data Agreements or Company User Agreementsstandard terms of service entered into by users of Jiff Products. Copies of all current and prior Jiff Privacy Policies have been made available to Castlight and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company Jiff has established and maintains industry standard (or better) appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Jiff Privacy Commitments that are designed to protect Company Jiff Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company Jiff and its data processors. Jiff has taken commercially reasonable steps (a) to ensure the reliability of its employees and data processors (and their employees) that have access to Jiff Data, (b) to train such employees and data processors on applicable aspects of Privacy Laws and Jiff Privacy Commitments and (c) to ensure that all employees and data processors with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Jiff Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Jiff Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company Jiff to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend Jiff to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the Company Jiff has not received or experienced or received notice of and, to the knowledge of the CompanyJiff, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, written notice, written communication, warrant, regulatory opinion, audit result or written allegation from a Governmental Entity or any other Person (including an end user): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Jiff Privacy Commitments, (B) requiring or requesting Jiff to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Jiff Data (except where Jiff has complied with such requirement or request), (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the CompanyJiff in connection with Jiff’s breach or alleged breach of Privacy Laws, Jiff Privacy Commitments or any other security incident or (CD) claiming compensation from the Company Jiff with respect to Jiff’s breach or (D) requiring alleged breach of Privacy Laws, Jiff Privacy Commitments or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Dataother security incident. The Company Jiff has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Jiff Privacy Commitments.
(viv) Schedule 2.10(q)(vi2.10(p)(v) of the Company Jiff Disclosure Letter contains the complete list of notifications and registrations made by the Company Jiff under Privacy Laws with relevant Governmental Entities in connection with the CompanyJiff’s Processing of Personal Data. All such notifications and registrations (including the CompanyJiff’s certification under the U.S.-EU/US-Switzerland Safe HarborHarbor and the US-EU Privacy Shield Framework) are valid, accurate, complete and fully paid up and, to the knowledge of the CompanyJiff, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended. Other than the notifications and registrations set forth on Schedule 2.10(p)(v) of the Jiff Disclosure Letter, no other registrations or notifications under Privacy Laws with any Governmental Entity are required in connection with the Processing of Personal Data by Jiff.
(vii) Schedule 2.10(q)(vii) of the Company Disclosure Letter identifies and describes each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company at any time (the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viiivi) Where the Company Jiff uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of the CompanyPersonal Data, confidentiality, security measures and compliance with those obligations that are sufficient for Jiff’s compliance with Privacy Laws and Jiff Privacy Commitments, and there is in existence a written Contract between the Company Jiff and each such data processorprocessor that is sufficient for Jiff’s compliance with Privacy Laws and Jiff Privacy Commitments. The Company Jiff has made available to Acquirer Castlight true, correct and complete copies of all such Contracts. To the knowledge of the CompanyJiff, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of CompanyJiff.
(ixvii) The Company Jiff has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of placed on Jiff by Privacy Laws and Company Jiff Privacy Commitments, including Jiff’s certification under the US-Switzerland Safe Harbor and US-EU Privacy Shield Framework.
(xviii) The Company Schedule 2.10(p)(viii) of the Jiff Disclosure Letter identifies and provides a high-level description of the repositories or databases containing (in whole or in part) materially all Jiff Data maintained by or for Jiff at any time (the “Jiff Databases”).
(ix) Jiff has valid and subsisting contractual rights to Process or to have Processed (in the manner that it is Processed by or for Jiff) all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company Jiff (all such data, “CompanyJiff-Licensed Data”). The Company Jiff has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Jiff Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the CompanyJiff-Licensed Data as necessary for the operation of the Jiff Business as presently conducted. The Company Jiff has been and is in compliance with all Contracts pursuant to which the Company Jiff Processes or has Processed CompanyJiff-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.10(p)(ix) of the Company Jiff Disclosure Letter identifies each Contract governing any CompanyJiff-Licensed Data to which the Company Jiff is a party or is bound by, except the Contracts substantially on standard terms of use entered into by users of the Company Jiff Products (copies of which standard terms have been provided made available to AcquirerCastlight).
(xix) The Company Jiff is the owner of all right, title and interest in and to each element of Company Jiff Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company Jiff purports to own (collectively, “CompanyJiff-Owned Data”). The Company Jiff has the right to Process all CompanyJiff-Owned Data as currently or previously conducted and as necessary to carry on for the business conduct of the Company Jiff Business as currently conducted, without obtaining any additional permission or authorization of any Person. Other Person (other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company permissions or authorizations that Jiff has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirerobtained).
(xiixi) Except as described on Schedule 2.10(q)(xii) To the knowledge of the Company DisclosureJiff, the Company Jiff does not Process the Personal Data of any natural Person under the age of 1313 in violation of any Applicable Law.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Privacy and Personal Data. (i) The Company’s each Company Subsidiary’s data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy Commitments, Privacy Laws and Company Data Agreements. The Company and each Company Subsidiary has at all times: (iA) provided had the legal bases (including providing adequate notice and obtained any necessary consents from end users individuals) required for the Processing of Personal Data as conducted by or for the Company or any Company Subsidiary, and (iiB) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users individuals relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer of all of the Company databasesDatabases, Company Data and other information relating to the Company’s or any Company Subsidiary’s end users users, employees, vendors or clients or any other category of individuals, will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by the Company User Agreementsor any Company Subsidiary with individuals the Personal Data of whom is collected, processed or maintained by each of the Company and its data processors. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of the The Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company Subsidiary has established and maintains industry standard (or better) appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company, each Company Subsidiary and their data processors have taken commercially reasonable steps to ensure the reliability of its employees and contractors who have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of Neither the Company Disclosure, no breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of nor any Company Data. No circumstance Subsidiary has arisen in which Privacy Laws would require the Company to notify a Governmental Entity of a data security breach received or security incident relating to Company Data.
(v) Except as described at Schedule 2.10(q)(v) of the Company Disclosure Letter, the Company has not experienced or received notice of and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end user): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company or any Company Subsidiary to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or any Company Subsidiary or (CD) claiming compensation from the Company or (D) requiring or requesting any Company Subsidiary. Neither the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete nor any Company Data. The Company Subsidiary has not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viiv) Schedule 2.10(q)(vi2.10(q)(iv) of the Company Disclosure Letter contains the complete list of notifications and registrations made by the Company or any Company Subsidiary under Privacy Laws with relevant Governmental Entities in connection with the Company’s or any Company Subsidiary’s Processing of Personal Data. All such notifications and registrations (including the Company’s and each Company Subsidiary’s certification under the U.S.-EU/Switzerland Safe HarborEU-U.S. and Swiss-U.S. Privacy Shield Frameworks) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended.
(vii) . Other than the notifications and registrations set forth on Schedule 2.10(q)(vii2.10(q)(iv) of the Company Disclosure Letter identifies and describes each distinct electronic Letter, no other registrations or other repository or database containing (notifications are required in whole or in part) Company connection with the Processing of Personal Data maintained by or for Company. Neither the Company at nor any time (Company Subsidiary Processes the “Company Databases”), Personal Data of any natural Person under the types age of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database13.
(viiiv) Where the Company or any Company Subsidiary uses a data processor to Process Personal Data on behalf Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s or such Company Subsidiary’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company or any Company Subsidiary and each such data processorprocessor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of CompanyCompany or any Company Subsidiary.
(ixvi) The Except as set forth on Schedule 2.10(q)(vi) of the Company Disclosure Letter, neither the Company nor any Company Subsidiary has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company (all such data, “Company-Licensed Data”). The Company has all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The ’s and each Company has been and is in compliance with all Contracts pursuant to which the Company Processes or has Processed Company-Licensed Data, and the consummation of the Transactions will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is a party or is bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xi) The Company is the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports to own (collectively, “Company-Owned Data”). The Company has the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi) of the Company Disclosure Letter, the Company has not entered into any Contract governing any Company-Owned Data or to which the Company is a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xii) Except as described on Schedule 2.10(q)(xii) of the Company Disclosure, the Company does not Process the Personal Data of any natural Person Subsidiary’s certification under the age of 13EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
(xiii) Except as described on Schedule 2.10(q)(xiii) of the Company Disclosure, the Company is, and has at all times from and after July 1, 2014 been, in compliance with CASL and any and all other applicable anti-spam legislation in respect of commercial electronic messages sent by, and on behalf of, the Company or sent by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it has, in the course of commercial activity, installed or caused to be installed on any other Person’s computer system, within the meaning of CASL.
Appears in 1 contract
Samples: Merger Agreement (Farfetch LTD)
Privacy and Personal Data. (i) The Company’s and Company Subsidiaries’ data, privacy and security practices materially conform, and at all times have materially conformed, to all of the Company Privacy CommitmentsCommitments (defined below), Privacy Laws and Company Data Agreements. The Company has and Company Subsidiaries have at all times: (i) provided adequate notice and obtained any necessary consents from end users data subjects required for the Processing of Personal Data as conducted by or for the Company or Company Subsidiaries and (ii) abided by the notice received by the Company of any privacy choices (including opt-out preferences) of end users data subjects relating to Personal Data (such obligations along with those contained in Company Privacy Policies, collectively, “Company Privacy Commitments”). Neither the execution, delivery and performance of this Agreement nor the taking over by Acquirer Purchaser of all of the Company databasesDatabases, Company Data and other information relating to the Company’s end users or Company Subsidiaries’ customers will cause, constitute, or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or standard terms of service entered into by users of the Company User AgreementsProducts. Copies of all current and prior Company Privacy Policies have been made available to Purchaser and such copies are true, correct and complete.
(ii) Schedule 2.10(q)(ii) of To the Company’s knowledge, the Company Disclosure Letter contains a true, correct and complete copy of each Company Privacy Policy in effect at any time and identifies, with respect to each Company Privacy Policy: (A) the period of time during which such privacy policy was or has been in effect; (B) whether the terms of a later Company Privacy Policy apply to the data or information collected under such privacy policy; and (C) if applicable, the mechanism (such as opt-in, opt-out or notice only) used to apply a later Company Privacy Policy to data or information previously collected under such privacy policy. Each Company Privacy Policy: (w) is incorporated into the applicable Company User Agreement; (x) states that user data and User Personal Data may be transferred in a merger, acquisition, reorganization, or sale of assets; and (y) states how user data and User Personal Data is collected by the Company Websites or any Company Products.
(iii) The Company has Subsidiaries have established and maintains industry standard (or better) maintain appropriate technical, physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by the Company and its data processors. The Company and Company Subsidiaries and their data processors have taken commercially reasonable steps to ensure the reliability of its employees that have access to Company Data, to train such employees on all applicable aspects of Privacy Laws and Company Privacy Commitments and to ensure that all employees with the right to access such data are under written obligations of confidentiality with respect to such data.
(iviii) Except as described in Schedule 2.10(q)(iv) of the Company Disclosure, no No breach, security incident or violation of any data security policy in relation to Company Data has occurred or is threatened, and there has been no unauthorized or illegal Processing of any Company Data. No circumstance has arisen in which which: (i) Privacy Laws would require the Company or a Company Subsidiary to notify a Governmental Entity of a data security breach or security incident relating or (ii) applicable guidance or codes of practice promulgated under Privacy Laws would recommend the Company or Company Subsidiary to Company Datanotify a Governmental Entity of a data security breach.
(viv) Except as described at Schedule 2.10(q)(v) of the The Company Disclosure Letterand Company Subsidiaries have not received or experienced, the Company has not experienced or received notice of and, to the knowledge of the Company, and there is no circumstance (including any circumstance arising as the result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person (including an end usera data subject): (A) alleging or confirming non-compliance with, or demanding compliance with, with a relevant requirement of Privacy Laws or Company Privacy Commitments, (B) requiring or requesting the Company or Company Subsidiaries to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company, Company or Company Subsidiaries or (CD) claiming compensation from the Company or (D) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company DataSubsidiaries. The Company has and Company Subsidiaries have not been involved in any Legal Proceedings involving a breach or alleged breach of Privacy Laws or Company Privacy Commitments.
(viv) Schedule 2.10(q)(vi) of the Company Disclosure Letter contains the complete list of All notifications and registrations made by the Company and Company Subsidiaries under Privacy Laws with relevant Governmental Entities in connection with the Company’s and Company Subsidiaries’ Processing of Personal Data. All such notifications and registrations Data (including the Company’s and Company Subsidiaries’ certification under the U.S.-EU/Switzerland Safe Harbor) are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions Merger will not invalidate such notification or registration or require such notification or registration to be amended. No other registrations or notifications are required in connection with the Processing of Personal Data by Company.
(vi) Where the Company and Company Subsidiaries use a data processor to Process Personal Data, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and compliance with those obligations that are sufficient for the Company’s and Company Subsidiaries’ compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between the Company or Company Subsidiaries and each such data processor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The Company and Company Subsidiaries have made available to Acquirer true, correct and complete copies of all such Contracts. Such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company or Company Subsidiaries.
(vii) Schedule 2.10(q)(viiThe Company and Company Subsidiaries have not transferred Personal Data originating in the European Economic Area outside the European Economic Area, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments, including the Company’s or Company Subsidiaries’’ certification under the U.S.-EU/Switzerland Safe Harbor.
(viii) of the Company Disclosure Letter identifies and describes each Each distinct electronic or other repository or database containing (in whole or in part) Company Data maintained by or for the Company and Company Subsidiaries at any time (is called the “Company Databases”), the types of Company Data in each such database (including by Company Licensed Data and Company Owned Data), the means by which the Company Data was collected or received and the security policies in place to protect each such Company Database.
(viii) Where the Company uses a data processor to Process Personal Data on behalf of the Company, there is in existence a written Contract between the Company and each such data processor. The Company has made available to Acquirer true, correct and complete copies of all such Contracts. To the knowledge of the Company, such data processors have not breached any such Contracts pertaining to Personal Data Processed by such Persons on behalf of Company.
(ix) The Company has not transferred or permitted the transfer of Personal Data originating in the EEA outside the EEA, except where such transfers have complied with the requirements of Privacy Laws and Company Privacy Commitments.
(x) The Company has Subsidiaries have valid and subsisting contractual rights to Process or to have Processed all third-party-owned data howsoever obtained or collected by or for the Company in the manner that it is Processed by or for the Company and Company Subsidiaries (all such data, “Company-Licensed Data”). The Company has and Company Subsidiaries have all rights, and all permissions or authorizations required under Privacy Laws and relevant Contracts (including Company Data Agreements), to retain, produce copies, prepare derivative works, disclose, combine with other data, and grant third parties rights, as the case may be, to each of the Company-Licensed Data as necessary for the operation of the Business as presently conducted. The Company has and Company Subsidiaries have been and is are in compliance with all Contracts pursuant to which the Company and Company Subsidiaries Processes or has have Processed Company-Licensed Data, and the consummation of the Transactions Merger will not conflict with, or result in any violation or breach of, or default under, any such Contract. Schedule 2.10(q)(x2.10(aa)(viii) of the Company Disclosure Letter identifies each Contract governing any Company-Licensed Data to which the Company is and Company Subsidiaries are a party or is are bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiix) The Company is and Company Subsidiaries are a licensee of or the owner of all right, title and interest in and to each element of Company Data that (i) is used or held for use in the Business that is not Personal Data or Company-Licensed Data or (ii) the Company purports and Company Subsidiaries purport to own (collectively, “Company-Owned Data”). The Company has and Company Subsidiaries have the right to Process all Company-Owned Data as currently or previously conducted and as necessary to carry on the business of the Company without obtaining any additional permission or authorization of any Person. Other than as set forth on Schedule 2.10(q)(xi2.10(aa)(ix) of the Company Disclosure Letter, the Company has and Company Subsidiaries have not entered into any Contract governing any Company-Owned Data or to which the Company is or Company Subsidiaries are a party or bound by, except the standard terms of use entered into by users of the Company Products (copies of which have been provided to Acquirer).
(xiix) Except as described on Schedule 2.10(q)(xii) of the The Company Disclosure, the and Company does Subsidiaries do not Process the Personal Data of any natural Person under the age of 13.
(xiiixi) Except as described on Schedule 2.10(q)(xiiiThe Company and Company Subsidiaries have never directly stated that Company Products enhance the security of data (including Personal Data) accessed, provided or sent by end users.
(xii) The Company and each Subsidiary has implemented and maintains a comprehensive security plan which (i) identifies internal and external risks to the security of the Company DisclosureConfidential Information, the Company isincluding personally identifiable information; (ii) implements, monitors and has at all times from improves adequate and after July 1effective administrative, 2014 been, electronic and physical safeguards to control those risks; and (ii) maintains notification procedures in compliance with CASL and applicable Legal Requirements in the case of any and all other applicable anti-spam legislation in respect breach of commercial electronic messages sent by, and on behalf of, security compromising unencrypted data containing personally identifiable information. Neither the Company nor any Subsidiary has experienced any breach of security or sent otherwise unauthorized access by the Company on behalf of third parties.
(xiv) The Company has received no complaints from any Person pertaining to CASL compliance, and has received no inquiries, requests for information or other correspondence from the Canadian Radio-televisions and Telecommunications Commission relating to CASL compliance.
(xv) The Company possesses the records necessary to demonstrate the existence of the necessary consent, or its eligibility to rely on one of the exceptions/exemptions available under CASL and its associated Regulations, that enables that company to send “commercial electronic messages”, within the meaning of CASL, to all electronic addresses on its marketing distribution list, or on the marketing distribution list of third parties on whose behalf the Company has obtained consent for the purpose of sending commercial electronic messages.
(xvi) From and after January 15, 2015, the Company has obtained all necessary consents with respect to the computer programs it hasConfidential Information, including personally identifiable information in the course of commercial activityCompany’s possession, installed custody or caused to be installed on any other Person’s computer system, within the meaning of CASLcontrol.
Appears in 1 contract
