Privacy and Data Security Sample Clauses
POPULAR SAMPLE Copied 163 times
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to a...
Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing.
(b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Since January 1, 2022, neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.
Privacy and Data Security. The Company is and has at all times been in compliance with all applicable Privacy Laws and the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, maintenance, storage, disclosure, transfer, or other processing of, Personal Information (including any such information of individuals, clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists that interact with the Company in connection with the operation of the Company’s business), except, in each case, for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. To the Knowledge of the Company, the Company (i) has implemented and maintains reasonable written policies and procedures that materially comply with applicable Privacy Laws and are designed to protect the privacy and security of Personal Information (the “Privacy Policies”) and (ii) has complied with such Privacy Policies, except for such noncompliance as has not had, and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. To the Knowledge of the Company, no Legal Proceeding has been asserted or threatened against the Company by any Person alleging a violation of Privacy Laws, Privacy Policies, or the applicable terms of any Company Contracts governing privacy, data protection, data security, trans-border data flow, data loss, data theft, or breach notification, data localization, sending solicited or unsolicited electronic mail or text messages, cookies or other tracking technology, with respect to, or the collection, handling, use, maintenance, storage, disclosure, transfer, or other processing of, Personal Information. To the Knowledge of the Company, there have been no data security incidents or data breaches or other adverse events or incidents that have resulted in any unauthorized access to, or collection, use, disclosure, modification or destruction of, Personal Information or other data in the possession or control of the Company or any service provider acting on behalf of the ...
Privacy and Data Security. (a) The parties will keep confidential any information regarding the Trust, the Company, Nationwide, the Variable Accounts and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Trust or Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”), and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company and the Trust will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available ...
Privacy and Data Security. The Company and each of its Subsidiaries have complied with all applicable Laws and all internal or publicly posted policies, notices, and statements concerning the collection, use, processing, storage, transfer, and security of personal information in the conduct of the Company’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. In the past three years, the Company and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving personal information in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning the Company’s or any of its Subsidiaries’ collection, use, processing, storage, transfer, or protection of personal information or actual, alleged, or suspected violation of any applicable Law concerning privacy, data security, or data breach notification, and to the Company’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect.
Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.
Privacy and Data Security. (a) The Company complies in all material respects with Applicable Privacy and Security Laws, and with such privacy and information security obligations to which it is subject under contract, privacy policy, or online terms of use. The Company maintains policies and procedures that comply in all material respects with (i) Applicable Privacy and Security Laws and (ii) privacy and information security obligations to its customers, data subjects, or others, under contract, privacy policy, or online terms of use. The Company has obtained all required consents to its collection, use, retention and disclosure of Personal Information in accordance with Applicable Privacy and Security Laws. The Company has, to the extent required by Applicable Privacy and Security Laws, obtained valid consents from individuals to whom it sends direct marketing communications or has the necessary implied consents for the individuals to whom it sends direct marketing communications. To the Knowledge of the Company, the Company has not disclosed or transferred any Personal Information outside the European Economic Area without a valid legal basis for such transfer under Chapter V of the GDPR. The Company has not, nor, to the Knowledge of the Company have any of the Processors suffered any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to any Personal Information that would, individually or in the aggregate, result in a material liability to the Company, and the Company and, to the Knowledge of the Company, the Processors have passed all regulatory audits, where relevant, to which they have been subject, and the Company has contractual data protection provisions and restrictions with its Processors with respect to any Personal Information transferred from the Company to its Processors, and, to the Knowledge of the Company, its Processors employ appropriate safeguards and provide notice to the Company of any actual or suspected unauthorized access to, use or disclosure of Personal Information. Since January 1, 2018, the Company has implemented and maintained backup and disaster recovery technology consistent with industry standards and practices and has policies and procedures in place designed to provide for the integrity and security of the Company IT Systems and Personal Information (including technical, organizational and administrative security measures) and has materially complied with such policies and...
Privacy and Data Security. (a) The Company and its Subsidiaries have complied in all material respects with all applicable (i) Privacy Laws, (ii) contractual terms to which the Company or any of its Subsidiaries is a party or is otherwise bound that impose obligations on the Company or its Subsidiaries with respect to Personal Information, privacy, information security and marketing and (iii) the Company’s internal and external (including publicly posted) policies, notices, representations or guidelines relating to Personal Information, privacy and/or security of Personal Information (“Privacy Policies”) (collectively, “Privacy and Data Security Requirements”). The Company nor its Subsidiaries have received any complaint, inquiry or request for information or documents, and no Legal Proceeding is pending or to the knowledge of the Company, threatened against the Company or its Subsidiaries alleging that the Processing of Personal Information by the Company or its Subsidiaries violates any applicable Privacy and Data Security Requirements. None of the representations or disclosures made or contained in any Privacy Policy are or have been inaccurate, misleading or deceptive or in violation of any applicable Privacy and Data Security Requirements.
(b) Neither the (i) the execution, delivery or performance of this Agreement or any other agreements referred to in this Agreement, nor (ii) the consummation of any of the transactions contemplated hereby will result in violation of any applicable Privacy and Data Security Requirements. The Company and its Subsidiaries have at all times made all required disclosures to, and obtained all consents from, users, customers, employees, contractors, governmental bodies and other applicable third parties required by all applicable Privacy and Data Security Requirements and as necessary for the Company’s and its Subsidiaries’ Processing of Personal Information in connection with the conduct of its business as it has been conducted.
(c) The Company and its Subsidiaries have at all times implemented and maintained in place reasonable and appropriate physical, technical and administrative security programs, policies, procedures and such other measures required by applicable Privacy and Data Security Requirements, to protect Personal Information that the Company or its Subsidiaries Processes in connection with the operation of its business from destruction, loss, alteration, damage, unauthorized access or disclosure or illegal or unauthorized Processing (...
Privacy and Data Security. The Loan Parties and their Subsidiaries shall, at all times, remain in compliance in all material respects with all applicable United States and international privacy and data security laws and regulations including GDPR (to the extent applicable).
Privacy and Data Security. (a) The Company and, to the Company’s Knowledge, all vendors, processors, or other third parties acting for or on behalf of the Company in connection with the Processing of Personal Information or that otherwise have been authorized to have access to Personal Information in the possession or control of the Company, comply, and for the past three (3) years have complied, in all material respects with all of the following: (A) Privacy Laws; (B) rules of self-regulatory organizations that are legally binding on the Company, including the Payment Card Industry Data Security Standard; (C) the Company Privacy and Data Security Policies; and (D) any contractual requirements or terms of use concerning the processing of Personal Information by the Company to which the Company is a party or otherwise bound as of the date hereof (collectively, “Privacy Obligations”).
(b) To the Knowledge of the Company, during the past three (3) years, no disclosure or representation made or contained in any Company Privacy and Data Security Policy has been materially inaccurate, misleading, deceptive, or in violation of any Privacy Laws (including by containing any material omission). The Company and to the Company’s Knowledge any vendor, processor, or other third party Processing Personal Information for or on behalf of the Company are and have been in compliance with the Company Privacy and Data Security Policies.
(c) Except as set forth in Section 3.13(c) of the Company Disclosure Schedule, during the past three (3) years, (A) no Personal Information in the possession or control of the Company, or to the Knowledge of the Company, Processed by any vendor, processor, or other third party for or on behalf of the Company (each, a “Data Partner”), has been subject to any material data breach or other security incident that has resulted in material unauthorized access, disclosure, use, denial of use, alteration, corruption, destruction, compromise, or loss of such Personal Information or that has caused a material disruption to the conduct of the Company’s business (a “Security Incident”), and (B) the Company has not notified and there have been no facts or circumstances that would require the Company to notify, any Governmental Entity or other Person of any Security Incident.
(d) During the past three (3) years, the Company has not received any notice, request, claim, complaint, correspondence, or other communication in writing from any Governmental Entity or other Person, nor, to the...