Data Privacy and Security. 104 (a) Holdings and its Subsidiaries have implemented commercially reasonable procedures, including firewall protections and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings and its Subsidiaries. (b) Each of Holdings and its Subsidiaries (i) is, and has at all times been, in compliance in all material respects with all applicable requirements of law and Contractual Obligations regarding the collection, protection, storage, use, processing, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect Personal Information in their possession or control from unauthorized access by other Persons. (c) There have not been, to the knowledge of the Credit Parties, any material unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed thereby, or any material compromise of the confidentiality, integrity, or availability of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries that relate to the protection of Personal Information. No Person has, to the knowledge of the Credit Parties, made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is in the possession or control of Holdings or any of its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise. (d) Neither Holdings nor any of its Subsidiaries has received any, and there has not been any written complaint delivered to any regulatory or other governmental body or official, foreign or domestic, or any audit, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse Effect.
Appears in 2 contracts
Sources: Credit and Guaranty Agreement (ONE Group Hospitality, Inc.), Credit and Guaranty Agreement (ONE Group Hospitality, Inc.)
Data Privacy and Security. 104
(a) Holdings Each of the Company and its Subsidiaries have implemented commercially reasonable proceduresis compliant in all material respects, including firewall protections and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to past three (or intended to): (i3) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient years has complied in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no with, all (xi) failure or other substandard performance of any such information technology system or database that has caused any material disruption Data Protection Laws applicable to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings Company and its Subsidiaries, (ii) the Company Privacy and Data Security Policies, and (iii) all contracts to which the Company is a party or otherwise bound as of the date hereof concerning the privacy, security or Processing of Personal Data.
(b) Each of Holdings the Company and its Subsidiaries maintains and implements, and has in the last three years implemented and maintained, commercially reasonable technical and organizational security measures, plans, procedures, controls, and programs, including a written information security program to (i) isidentify and address internal and external risks to the privacy and security of Personal Data in its possession or control; (ii) implement, monitor, and has at all times beenimprove adequate and effective administrative, technical, and physical safeguards to protect such Personal Data and the operation, integrity, and security of Company IT Systems involved in the Processing of Personal Data; and (iii) provide notification in compliance in all material respects with applicable Data Protection Laws or Company Privacy and Data Security Policies in the case of any Security Incident. The Company has a written contract in place with all applicable vendors, processors, or other third parties that Process any Personal Data for or on behalf of the Company or its Subsidiaries, and such contract complies with the requirements of law and Contractual Obligations regarding the collectionapplicable Data Security Laws, protection, storage, use, processing, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect Personal Information in their possession or control from unauthorized access by other Personsall material respects.
(c) There The Company and its Subsidiaries have not beentransferred or permitted the transfer of Personal Data originating in the European Economic Area (“EEA”) or United Kingdom (“UK”) outside the EEA or UK, to except where such transfers have materially complied with the knowledge requirements of the Credit Partiesapplicable Data Protection Laws.
(d) To the Company’s Knowledge, any material unauthorized intrusions or breaches the execution, delivery, and performance of this Agreement and the consummation of the security transactions contemplated hereby do not and will not result in a material violation or breach of any of the information technology systems Data Protection Laws or Company Privacy and databases, Data Security Policies (as currently existing or as existing at any material unauthorized access or use of time during which any Personal Information Data was collected or other information stored Processed by or contained therein or accessed or processed thereby, or any material compromise of for the confidentiality, integrity, or availability of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings Company or any of its Subsidiaries).
(e) Since January 1, 2019, the Company and its Subsidiaries that relate have not experienced any material data or security breach leading to the protection unlawful use, loss, denial or loss of use, alteration, destruction, compromise, unauthorized access or disclosure (a “Security Incident”) of Personal Information. No Person hasData transmitted, to the knowledge of the Credit Parties, made any illegal stored or unauthorized use of Personal Information that was controlled otherwise Processed by or on behalf of Holdings the Company. The Company has not notified and, to the Company’s Knowledge, since January 1, 2020 there have been no facts or circumstances that would require the Company to notify individuals, other affected parties, law enforcement, or any Governmental Entity of any Security Incident. The Company and its Subsidiaries and is have not received any notices, correspondence, subpoenas, demands or other communication in writing from any Governmental Entity, or any material written complaint from any other Person in connection with any alleged violation of any Data Protection Law, and, to the possession Company’s Knowledge, there has not been any audit, investigation or control enforcement action (including any fines or other sanctions), in each case relating to, any actual, alleged, or suspected Security Incident or violation of Holdings any Data Protection Laws involving the Company or any of its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise.
(d) Neither Holdings nor any of its Subsidiaries has received any, and there has not been any written complaint delivered to any regulatory or other governmental body or official, foreign or domestic, or any audit, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse Effect.
Appears in 1 contract
Data Privacy and Security. 104
(a) Holdings The Company and each of its Subsidiaries have implemented commercially reasonable procedures, including firewall protections and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings and its Subsidiaries.
(b) Each of Holdings and its Subsidiaries (i) is, and during the three (3) years immediately prior to the date hereof has at all times been, in compliance in all material respects with (i) all applicable requirements Information Privacy and Security Laws, (ii) all Contracts or terms of law use to which it is a party or otherwise apply to the Company or a Subsidiary relating to data privacy, data use, data protection and Contractual Obligations regarding data security, including with respect to the collection, protectionstorage, storagetransmission, transfer (including cross-border transfers), disclosure, destruction, amendment and use of, and individual access to, Personal Information, and (iii) the Payment Card Industry Data Security Standard (PCI-DSS). Each of the Company and its Subsidiaries has adopted and published privacy notices and policies to any website, mobile application or other electronic platform and complied with those notices and policies. Each of the Company and its Subsidiaries has all necessary authority, consents and authorizations to receive, access, use and disclose the Personal Information in each of the Company’s or any Subsidiary’s possession or under its control in connection with the operation of the Business. Each of the Company and its Subsidiaries has implemented and maintains reasonable administrative, technical and physical safeguards to ensure that Personal Information is protected against loss, damage and unauthorized access, use, processingmodification, or other misuse. During the three (3) years immediately prior to the date hereof, there has been no loss, damage or unauthorized access, use, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect Personal Information in their possession modification, or control from unauthorized access by other Persons.
(c) There have not been, to the knowledge of the Credit Parties, any material unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use misuse of any Personal Information maintained by or other information stored or contained therein or accessed or processed thereby, on behalf of the Company or any material compromise of its Subsidiaries, including any loss, damage or unauthorized access, use or disclosure for which the confidentiality, integrity, or availability of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings Company or any of its Subsidiaries that relate is required under applicable Laws to the protection of Personal Informationnotify a Person. No Person has(including any Governmental Authority) has provided any notice, made any Claim or, to the knowledge of the Credit PartiesCompany’s knowledge, made commenced any illegal investigation, litigation or proceeding with respect to loss, damage or unauthorized use access, use, disclosure, modification, or other misuse of any Personal Information that was controlled maintained by or on behalf of Holdings the Company or any of its Subsidiaries and, to the Company’s knowledge, there is no reasonable basis for any such notice, Claim or investigation, litigation or proceeding. The (A) collection, storage, processing, transfer, sharing and is destruction of Personal Information in connection with the possession transactions contemplated by this Agreement and (B) execution, delivery and performance of this Agreement and the other agreements and instruments contemplated hereby and the consummation of the transactions contemplated hereby and thereby complies with the Company’s applicable privacy notices and policies and with all applicable Information Privacy and Security Laws. The Company or control of Holdings or any one of its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breachas applicable, unauthorized access or use, or compromise.
(d) Neither Holdings nor any of its Subsidiaries has received anyat all times made all disclosures to, and there obtained any necessary consents and authorizations from, users, customers, employees, contractors and other applicable Persons required by applicable Information Privacy and Security Laws and has not been filed any written complaint delivered required registrations with the applicable data protection authority, including any consents or authorizations necessary to any regulatory or other governmental body or official, foreign or domestic, or any audit, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding operate the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse EffectBusiness.
Appears in 1 contract
Data Privacy and Security. 104
(a) Holdings and its Subsidiaries have implemented commercially reasonable procedures, including firewall protections and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings and its Subsidiaries.
(b) Each of Holdings and its Subsidiaries (i) is, and has at all times been, in compliance in all material respects with all applicable requirements of law and Contractual Obligations regarding the collection, protection, storage, use, processing, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect Personal Information in their possession or control from unauthorized access by other Persons.
(c) There have not been, to the knowledge of the Credit Parties, any material unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed thereby, or any material compromise of the confidentiality, integrity, or availability of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries that relate to the protection of Personal Information. No Person has, to the knowledge of the Credit Parties, made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is in the possession or control of Holdings or any of its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise.
(d) Neither Holdings nor any of its Subsidiaries has received any, and there has not been any written complaint delivered to any regulatory or other governmental body or official, foreign or domestic, or any audit, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse Effect.
Appears in 1 contract
Sources: Credit and Guaranty Agreement (ONE Group Hospitality, Inc.)
Data Privacy and Security. 104
(ai) Holdings Since the Date of Inception, the Processing of any Personal Data by any Seller and its Subsidiaries have implemented commercially reasonable procedureshas not materially violated, including firewall protections and regular virus scansdoes not materially violate, designed to ensure that software used any applicable Privacy and Data Security Requirements. There is no Action pending, asserted in the operation writing or threatened in writing against any Seller or any of their business is materially free Subsidiaries alleging a violation of any code designed Privacy and Data Security Requirement or any Person’s right of privacy or publicity, and, to (or intended to): the Knowledge of the Sellers, no valid basis exists for any such Action. Neither the Sellers nor its Subsidiaries have (i) disrupt, disable, harm, or otherwise impede in received any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, written communications from or (ii) compromise to the privacy or data security Knowledge of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient in all material respects for Sellers, been the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance subject of any such information technology system investigation by a data protection authority or database that has caused any material disruption to the business other Governmental Entity, in each of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings and its Subsidiaries.
(b) Each of Holdings and its Subsidiaries clause (i) is, and has at all times been, in compliance in all material respects with all applicable requirements of law and Contractual Obligations regarding the collection, protection, storage, use, processing, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect ), regarding data security or the Processing of Personal Information in their possession Data. The execution and performance of this Agreement by the Sellers will not materially breach or control from unauthorized access by other Persons.
(c) There have not been, to the knowledge of the Credit Parties, otherwise cause any material unauthorized intrusions or breaches of violation on the security part of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed thereby, or any material compromise of the confidentiality, integrity, or availability of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings Seller or any of its Subsidiaries that relate to of any applicable Privacy and Data Security Requirements.
(ii) To the protection of Personal Information. No Person hasextent required by the Privacy and Data Security Requirements, to the knowledge each of the Credit Parties, made any illegal or unauthorized use of Sellers and their Subsidiaries have contractually obligated all data processors that Process Personal Information that was controlled by Data for or on behalf of Holdings the Sellers or any of its their Subsidiaries to contractual terms relating to the protection and is in the possession use of IT Assets, or control of Holdings Personal Data or any of its Subsidiariesconfidential information thereon, that obligate such data processors to comply with all applicable Privacy and Data Security Requirements and to take reasonable steps to protect and secure Personal Data or confidential information from loss, theft, misuse or unauthorized use, access, modification or disclosure. To the knowledge Knowledge of the Credit PartiesSellers, there have not been any material violations of such contractual obligations.
(iii) To the Knowledge of the Sellers, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, Person has gained unauthorized access to, engaged in unauthorized Processing, disclosure or use, or compromise.
accidentally or unlawfully destroyed, lost or altered (di) Neither Holdings nor any Personal Data or confidential information related to the business of the Sellers or their Subsidiaries or (ii) any IT Assets that Process Personal Data related to the business of the Sellers or their Subsidiaries, its Subsidiaries has received anyrespective Personal Data processors, and there has not been any written complaint delivered to any regulatory customers, subcontractors or other governmental body or official, foreign or domesticvendors, or any auditother Persons on its behalf. Neither the Sellers nor their Subsidiaries has notified or, proceedingas of date of this Agreement, investigation (whether formal plans to notify, either voluntarily or informal)as required by applicable Privacy and Data Security Requirements, any affected individual, any third party, any Governmental Entity or claim against the media of any breach or relating to Holdings non-permitted use or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation Data of the Sellers or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse Effecttheir Subsidiaries.
Appears in 1 contract
Data Privacy and Security. 104Except as would not reasonably be expected to have, individually or in the aggregate, an FSI Material Adverse Effect:
(a) Holdings FSI and its Subsidiaries have implemented commercially reasonable procedures, including firewall protections written policies relating to the Processing of Personal Data as and regular virus scans, designed to ensure that software used in the operation extent required by applicable Law (“FSI Privacy and Data Security Policies”). Each of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings FSI and its Subsidiaries are sufficient in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings and its Subsidiaries.
(b) Each of Holdings and its Subsidiaries (i) is, and has at all times been, in compliance complied in all material respects with all applicable requirements of law Privacy Laws, the FSI Privacy and Contractual Obligations regarding Data Security Policies and contractual obligations entered into by FSI or its Subsidiaries relating to the receipt, collection, protectioncompilation, use, storage, useprocessing, processingsharing, safeguarding, security, disposal, destruction, disclosure, retention and or transfer of Personal Information and Data (collectively, the “FSI Privacy Requirements”).
(b) As of the date hereof, FSI has not received notice of any pending Legal Proceedings, nor has there been any material Legal Proceedings against FSI or its Subsidiaries initiated by (i) any Person; (ii) has commercially reasonable safeguards the United States Federal Trade Commission, any state attorney general or similar state official; or (iii) any other Governmental Authority, in place to protect each case, alleging that any Processing of Personal Information Data by or on behalf of FSI or its Subsidiaries is in their possession or control from unauthorized access by other Personsviolation of any FSI Privacy Requirements.
(c) There have not beenSince the incorporation of FSI, to the knowledge of the Credit Parties, any (i) there has been no material unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed thereby, or any material compromise of the confidentiality, integrity, or availability Processing of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries that relate to the protection of Personal Information. No Person has, to the knowledge of the Credit Parties, made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is Data in the possession or control of Holdings FSI or its Subsidiaries and/or any of the service providers of FSI or its Subsidiaries and (ii) to FSI’s Knowledge, there have been no unauthorized intrusions or breaches of security into any FSI IT Systems under the control of FSI or its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise.
(d) Neither Holdings nor any FSI and its Subsidiaries own or have a binding Contract in place to use the FSI IT Systems as necessary to operate the business of FSI as currently conducted in all material respects.
(e) Each of FSI and its Subsidiaries has received anyestablished data safeguards against the destruction, and there has not been any written complaint delivered to any regulatory loss, damage, corruption, alteration, loss of integrity, commingling or other governmental body or officialunauthorized access, foreign or domestic, or any audit, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collectionacquisition, use, retention, storage, transfer, disposal, disclosure or other processing Processing of Personal Information, Data that are consistent with industry standards and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any the requirements of applicable Law. Each of FSI and its Subsidiaries that could reasonably be expected maintains backups of all data used to result in conduct the business of FSI and its Subsidiaries at a Material Adverse Effectreasonable frequency.
Appears in 1 contract
Sources: Merger Agreement (Flexible Solutions International Inc)
Data Privacy and Security. 104
(a) Holdings The Company has implemented written policies relating to the Processing of Personal Data as and its Subsidiaries have implemented commercially reasonable procedures, including firewall protections to the extent required by applicable Law (“Privacy and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consentData Security Policies”). The information technology systems and databases used by Holdings and its Subsidiaries are sufficient in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings and its Subsidiaries.
(b) Each of Holdings and its Subsidiaries (i) is, and Company has at all times been, in compliance complied in all material respects with all applicable requirements of law Privacy Laws, the Privacy and Contractual Obligations regarding Data Security Policies and contractual obligations entered into by the Company relating to the receipt, collection, protectioncompilation, use, storage, useprocessing, processingsharing, safeguarding, security, disposal, destruction, disclosure, retention and or transfer of Personal Information Data (collectively, the “Privacy Requirements”). The Company owns or has a binding Contract in place to use the Company IT Systems as necessary to operate the business of the Company as currently conducted in all material respects. The Company has established data safeguards against the destruction, loss, damage, corruption, alteration, loss of integrity, commingling or unauthorized access, acquisition, use, disclosure or other Processing of Personal Data that are consistent with industry standards and the requirements of applicable Law. The Company maintains backups of all data used to conduct the business of the Company at a reasonable frequency.
(b) The Company has not received written notice of any pending Proceedings, nor to the knowledge of the Company has there been any Proceedings against the Company initiated by (i) any Person; (ii) has commercially reasonable safeguards the United States Federal Trade Commission, any state attorney general or similar state official; or (iii) any other Governmental Entity, in place to protect each case, alleging that any Processing of Personal Information Data by or on behalf of the Company is in their possession or control from unauthorized access by other Personsviolation of any Privacy Requirements.
(c) There have not been, to To the knowledge of the Credit PartiesCompany, any material during the past seven (7) years, (i) there has been no unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed thereby, or any material compromise of the confidentiality, integrity, or availability Processing of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries that relate to the protection of Personal Information. No Person has, to the knowledge of the Credit Parties, made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is Data in the possession or control of Holdings or the Company and/or any of its Subsidiaries. To the knowledge service providers of the Credit Parties, Company and (ii) there have been no facts unauthorized intrusions or circumstances exist that could reasonably be expected to give rise to breaches of security into any such unauthorized intrusion or breach, unauthorized access or use, or compromiseCompany IT Systems under the control of the Company.
(d) Neither Holdings nor any of its Subsidiaries has received any, and there has not been any written complaint delivered to any regulatory or other governmental body or official, foreign or domestic, or any audit, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse Effect.
Appears in 1 contract
Data Privacy and Security. 104
(a) Holdings The Company and its Subsidiaries have implemented commercially reasonable procedures, including firewall protections and regular virus scans, designed to ensure that software used in for the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient past four years complied in all material respects for with all applicable Information Privacy and Security Laws, all of the needs Company Privacy Policies, and all their obligations set forth in a Contract to any Person regarding data privacy data security, or the Processing of their business Personal Data.
(b) The Company uses commercially reasonable effort to require third parties that Process Personal Data on behalf of the Company or its Subsidiaries to (i) comply with applicable Information Privacy and in accordance with customary industry standards Security Laws; and practices. There has been no (xii) failure take reasonable steps to protect and secure Personal Data from unauthorized access, use, disclosure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings Processing.
(c) The Company and its Subsidiaries have not received any notice of any claims, audits, investigations (including investigations by regulatory authorities or (y) to any data protection authorities), or allegations of violations of Information Privacy and Security Laws by the knowledge of the Credit Parties, unauthorized intrusions Company or breaches of security any Subsidiary or with respect to Personal Data Processed by, or under the control of, the Company or any information technology systems of its Subsidiaries. The Company, any of its Subsidiaries and databases used their respective customers have not received any complaints or claims from any Person with respect to the Processing of Personal Data by Holdings the Company and any of its Subsidiaries.
(bd) Each The Company and each of Holdings and its Subsidiaries (i) is, has established and has at all times been, is in compliance in all material respects with a written information security program that complies with all applicable requirements of law Information Privacy and Contractual Obligations regarding Security Laws that: (i) includes reasonable and appropriate administrative, technical and physical safeguards designed to safeguard the collectionsecurity, protectionconfidentiality, storage, use, processing, disclosure, retention and transfer integrity of Personal Information and Data; (ii) has commercially reasonable safeguards in place to protect Personal Information in their possession or control from protects against unauthorized access by other Persons.
(c) There have not beento Personal Data. For the past four years, to neither the knowledge of the Credit Parties, any material unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed thereby, or any material compromise of the confidentiality, integrity, or availability of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries that relate to the protection of Personal Information. No Person has, to the knowledge of the Credit Parties, made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is in the possession or control of Holdings or any of Company nor its Subsidiaries, nor any third party acting on their behalf by Processing Personal Data, has suffered or incurred a material Data Security Incident. To For the knowledge of past four years, neither the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise.
(d) Neither Holdings Company nor any of its Subsidiaries has received any, and there has not been any written complaint delivered to any regulatory or other governmental body or official, foreign or domesticnotified, or been required to notify under any auditapplicable Information Privacy or Security Laws, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any Person of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse EffectData Security Incident.
Appears in 1 contract
Sources: Stock Purchase Agreement (Progress Software Corp /Ma)
Data Privacy and Security. 104
(a) Holdings The Company and its Subsidiaries have at all times for the past two (2) years complied with, and are currently in compliance with, all applicable Privacy Laws, Privacy and Data Security Policies (as defined below) and contractual commitments relating to the Processing of Personal Data (collectively, the “Privacy Requirements”). The Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the extent required by applicable Law (“Privacy and Data Security Policies”).
(b) There is no pending, nor has there been for the past two (2) years, any Proceeding against the Company or any of its Subsidiaries initiated by (i) any Person, (ii)the United States Federal Trade Commission, any state attorney general or similar state official, (iii) any other Governmental Entity, foreign or domestic, or (iv) any regulatory or self-regulatory entity, alleging that any violation of any Privacy Requirement by the Company or its Subsidiaries with respect to any Processing of Personal Data by or on behalf of the Company or any of its Subsidiaries.
(c) There has been no breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Company or any of its Subsidiaries or, to the Company’s knowledge, any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or any of its Subsidiaries, or any unauthorized intrusions, breaches of security or other data security incidents with respect to the Company IT Systems.
(d) The Company and its Subsidiaries own or have license to use the Company IT Systems as necessary to operate the Business as currently conducted and the Company IT Systems operate and perform in a manner that permits the Company and its Subsidiaries to conduct the Business as currently conducted. To the Company’s knowledge, none of the Company IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the Software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized person.
(e) The Company has taken commercially reasonable organizational, physical, administrative and technical measures required by Privacy Requirements, and consistent with standards prudent in the industry in which the Company operates, designed to protect the integrity, security and operations of the Company IT Systems. The Company and its Subsidiaries have implemented commercially reasonable procedures, including firewall protections implementing data backup, disaster avoidance, recovery and regular virus scansbusiness continuity procedures, and have satisfied the requirements of applicable Privacy Laws designed to ensure that software used in the operation of their business is materially free of any code designed detect data security incidents and to (or intended to): (i) disruptprotect Personal Data against loss and against unauthorized access, disableuse, harmmodification, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network disclosure or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption to the business of Holdings and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems and databases used by Holdings and its Subsidiariesmisuse.
(bf) Each The consummation of Holdings and its Subsidiaries (i) is, and has at all times been, in compliance in all material respects with all any of the transactions contemplated hereby or pursuant to any Ancillary Document will not violate any applicable requirements of law and Contractual Obligations regarding the collection, protection, storage, use, processing, disclosure, retention and transfer of Personal Information and (ii) has commercially reasonable safeguards in place to protect Personal Information in their possession or control from unauthorized access by other PersonsPrivacy Requirements.
(cg) There have not beenbeen any Proceedings related to any unauthorized intrusions, to the knowledge of the Credit Parties, any material unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed therebydata security incidents, or any material compromise violations of any Privacy Requirements, that have been asserted against the confidentiality, integrity, or availability of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings Company or any of its Subsidiaries that relate to the protection of Personal Information. No Person hasand, to the knowledge of Company’s knowledge, neither the Credit Parties, made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is in the possession or control of Holdings or any of its Subsidiaries. To the knowledge of the Credit Parties, no facts or circumstances exist that could reasonably be expected to give rise to any such unauthorized intrusion or breach, unauthorized access or use, or compromise.
(d) Neither Holdings Company nor any of its Subsidiaries has received any, and there has not been any written complaint delivered to any regulatory or other governmental body or official, foreign or domesticinformation relating to, or notice of any auditProceedings with respect to, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings any alleged violations by the Company or any of its Subsidiaries by of any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collection, use, retention, storage, transfer, disposal, disclosure or other processing of Personal Information, and no such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in a Material Adverse EffectPrivacy Requirements.
Appears in 1 contract
Sources: Business Combination Agreement (Redwoods Acquisition Corp.)
Data Privacy and Security. 104
(a) Holdings and its Subsidiaries have Each Group Company has implemented commercially reasonable procedures, including firewall protections and regular virus scans, designed to ensure that software used in the operation of their business is materially free of any code designed to (or intended to): (i) disrupt, disable, harm, or otherwise impede in any manner the operation of, or provide unauthorized access to, a computer system or network or other device on which such code is stored or installed, or (ii) compromise the privacy or data security of a user or damage or destroy any data or file without the user’s consent. The information technology systems and databases used by Holdings and its Subsidiaries are sufficient in all material respects for the needs of their business and in accordance with customary industry standards and practices. There has been no (x) failure or other substandard performance of any such information technology system or database that has caused any material disruption written policies relating to the business Processing of Holdings Personal Data as and its Subsidiaries or (y) to the knowledge of the Credit Parties, unauthorized intrusions or breaches of security with respect to any information technology systems extent required by applicable Law (“Privacy and databases used by Holdings and its Subsidiaries.
(b) Data Security Policies”). Each of Holdings and its Subsidiaries (i) is, and Group Company has at all times been, in compliance complied in all material respects with all applicable requirements of law Privacy Laws, the Privacy and Contractual Obligations regarding Data Security Policies and contractual obligations entered into by a Group Company relating to the receipt, collection, protectioncompilation, use, storage, useprocessing, processingsharing, safeguarding, security, disposal, destruction, disclosure, retention and or transfer of Personal Information and Data (collectively, the “Privacy Requirements”).
(b) As of the date hereof, the Company has not received notice of any pending Proceedings, nor has there been any material Proceedings against any Group Company initiated by (i) any Person; (ii) has commercially reasonable safeguards the United States Federal Trade Commission, any state attorney general or similar state official; or (iii) any other Governmental Entity, in place to protect each case, alleging that any Processing of Personal Information Data by or on behalf of a Group Company is in their possession or control from unauthorized access by other Personsviolation of any Privacy Requirements.
(c) There have not been, to Since the knowledge incorporation of the Credit PartiesCompany, any except as set forth on Section 3.20(c) of the Company Disclosure Schedules, (i) there has been no material unauthorized intrusions or breaches of the security of any of the information technology systems and databases, any material unauthorized access or use of any Personal Information or other information stored or contained therein or accessed or processed thereby, or any material compromise of the confidentiality, integrity, or availability Processing of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by Holdings or any of its Subsidiaries that relate to the protection of Personal Information. No Person has, to the knowledge of the Credit Parties, made any illegal or unauthorized use of Personal Information that was controlled by or on behalf of Holdings or any of its Subsidiaries and is Data in the possession or control of Holdings or any Group Company and/or any of its Subsidiaries. To the knowledge service providers of any Group Company and (ii) to the Credit PartiesCompany’s knowledge, there have been no facts unauthorized intrusions or circumstances exist that could reasonably be expected to give rise to breaches of security into any such unauthorized intrusion or breach, unauthorized access or use, or compromiseCompany IT Systems under the control of any Group Company.
(d) Neither Holdings nor any Each Group Company owns or has a binding Contract in place to use the Company IT Systems as necessary to operate the business of its Subsidiaries each Group Company as currently conducted in all material respects.
(e) Each Group Company has received anyestablished data safeguards against the destruction, and there has not been any written complaint delivered to any regulatory loss, damage, corruption, alteration, loss of integrity, commingling or other governmental body or officialunauthorized access, foreign or domestic, or any audit, proceeding, investigation (whether formal or informal), or claim against or relating to Holdings or any of its Subsidiaries by any private party or any regulatory or other governmental body or official, foreign or domestic, regarding the collectionacquisition, use, retention, storage, transfer, disposal, disclosure or other processing Processing of Personal Information, Data that are consistent with industry standards and no the requirements of applicable Law. Each Group Company maintains backups of all data used to conduct the business of such complaint, audit, proceeding, investigation or claim has been threatened in writing against Holdings or any of its Subsidiaries that could reasonably be expected to result in Group Company at a Material Adverse Effectreasonable frequency.
Appears in 1 contract
Sources: Business Combination Agreement (Amplitude Healthcare Acquisition Corp)