Data Privacy and Security Sample Clauses: 1k Samples

Appears in 1 contract

Sources: Purchase and Sale Agreement (AltaGas Ltd.)

Data Privacy and Security. (a) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance with all (i) Each Acquired Company’s data, privacy and security practices conform, and at all times have conformed, in all material respects to all of the Company Privacy ~~Laws~~Commitments, Privacy Laws and Company Data Agreements. Each Acquired Company has at all times: (A) had the legal basis (including providing adequate notice and obtaining any necessary consents from individuals) required for the Processing of Personal Data as conducted by or for the Acquired Companies; (B) refrained from selling or sharing Personal Data with third parties for the third party’s benefit except as allowed under Applicable Law; and (C) abided by any privacy choices, (~~ii) privacy policies~~including opt-in and opt-out preferences, ~~notices~~as required), ~~statements and procedures applicable~~ of individuals relating to ~~the Conveyed Entities or the Business regarding~~ Personal ~~Information~~Data (such obligations along with those contained in Company Privacy Policies, ~~privacy or data security practices~~collectively, ~~and (iii) the requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as~~ “Company Privacy Commitments”)~~. (b) The Conveyed Subsidiary Entities~~. Neither the execution, ~~Vendor (in respect of the ENSTAR Assets)~~ delivery and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None of the execution and delivery performance of this Agreement or nor the ~~consummation~~ taking over by Parent of all of the ~~Transactions will: (i)~~ Company Databases, Company Data and other information relating to each Acquired Company’s end users, customers, contractors, vendors, contingent workers, job applicants or employees, will cause, ~~constitute,~~ constitute or result in a ~~material~~ breach or violation of any Privacy ~~Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule~~Laws, ~~require the consent of or notice to any Person under any~~ Company Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Company Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) Agreements or, to the ~~Knowledge of Vendor~~extent not included in the foregoing, any standard terms of services entered into by any Acquired Company with individuals whose Personal Data ~~Partners has (i) experienced any material Security Incidents~~is processed by each of the Acquired Companies and their Data Processors. Copies of all current and prior Company Privacy Policies have been Made Available to Parent and such copies are true, correct and complete. (ii) ~~been required pursuant to any Privacy Commitment to notify customers~~The Acquired Companies have established and maintain appropriate technical, ~~employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to~~ physical and organizational measures and security systems and technologies in compliance with all data security requirements under Privacy Laws, Company Data Agreements and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by each Acquired Company and its Data Processors. The Acquired Companies have and have contractually required their Data Processors to take commercially reasonable steps to train respective employees and contractors who have access to Company Data on all applicable aspects of any Privacy Law, obligations under Company Data Agreements and Company Privacy Commitments, and all employees, vendors and contractors with the authority and/or ability to access such data are under written obligations of confidentiality with respect to such data. (iii) No Acquired Company has received and there is no circumstance (including any circumstance arising as a result of an audit or inspection carried out by any Governmental Body), that would give rise to, any Action, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Body or any other Person (including an end user): (A) alleging or confirming non-compliance with a requirement of Privacy Laws, Company Data Agreements or Company Privacy Commitments; (B) requiring or requesting any Acquired Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data; (C) permitting or mandating Governmental Bodies to investigate, requisition information from, or enter the premises of, any Acquired Company; or (D) claiming compensation from any Acquired Company. Each Acquired Company has responded to, and continues to promptly respond to, requests from individuals or other third parties, and there are no unsatisfied requests from individuals or other third parties to the Acquired Companies seeking to exercise any data protection or privacy rights (such as rights to access, rectify, or delete Personal Data, to restrict or object to processing of Personal Data, or relating to data portability). No Acquired Company has been involved in any Actions involving non-compliance or alleged non-compliance with Privacy Laws, Company Data Agreements or Company Privacy Commitments. (iv) ~~received~~ Schedule 3.11(u)(iv) of the Disclosure Schedule contains the complete list of notifications and registrations made by each Acquired Company under Privacy Laws with relevant Governmental Bodies in connection with the Acquired Companies’ Processing of Personal Data. All such notifications and registrations are valid, accurate, complete and fully paid up, and the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended. Other than the notifications and registrations set forth on Schedule 3.11(u)(iv) of the Disclosure Schedule, no other registrations or notifications are required in connection with the Processing of Personal Data by the Acquired Companies. The Acquired Companies do not Process the Personal Data of any ~~written notices, written request, written claim, written complaint, written correspondence~~ natural Person considered a child or ~~other written communication from any Government Entity relating~~ minor under Applicable Law. The Acquired Companies do not target advertisements to any ~~Security Incident~~ natural person considered a child or ~~violation of any Privacy Commitment~~minor under Applicable Law. The Acquired Companies do not sell Personal Data to third parties. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (Bill.com Holdings, Inc.)

Data Privacy and Security. S&W complies in all material respects with Applicable Data Protection Laws, the Company Privacy Program, and all applicable contractual and fiduciary obligations with respect to the protection and security of Personal Information. S&W has in all material respects: (ai) ~~The Conveyed Subsidiary Entities~~implemented data privacy policies and procedures concerning the collection, ~~Vendor~~ use, storage, retention, and security of Personal Information as appropriate to the Business; (~~in respect~~ ii) complied with the Company Privacy Program as to collection, use, processing, storage, retention, and transfer of Personal Information; (iii) issued privacy notices to data subjects which comply with all applicable requirements of Applicable Data Protection Laws appropriate to the Business; (iv) implemented commercially reasonable technical and organizational measures that are appropriate to the Business and designed to protect against the accidental, unauthorized or unlawful processing of, or accidental loss or damage to, any Personal Information processed by S&W and contractually require any authorized service provider to ensure a level of security appropriate to the risk represented by the processing of Personal Information, and the nature of the ~~ENSTAR Assets~~Personal Information to be protected, by such authorized service provider; and (v) put in place a commercially reasonable data breach response plan that is designed to enable S&W and ~~APC~~ any service provider (to the extent relating to Personal Information processed by such service provider on behalf of S&W) to comply with any applicable breach notification requirements under Applicable Data Protection Law to a Governmental Authority and (if required by Applicable Data Protection Laws) the affected individuals. (vi) S&W has an agreement in ~~respect~~ place with each Data Processor which incorporates all applicable requirements of Applicable Data Protection Laws in all material respects. (vii) S&W has complied in all respects with all data subject requests as required by Applicable Data Protection Laws, including, as applicable, requests for access to Personal Information, the ~~APC Assets~~cessation of specified processing activities, do not Sell (as defined in the Applicable Data Protection Laws) ~~(and~~requests, ~~upon completion~~ or the rectification, deletion, or erasure of any Personal Information, in each case, in accordance with the ~~Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are~~requirements of Applicable Data Protection Laws, and ~~during~~ there are no such requests outstanding. (viii) Neither S&W nor any of its Data Processors has (to the extent relating to Personal Information processed by such service provider on behalf of S&W), in the period of three (3) years ~~before~~ preceding the ~~Signing~~ Execution Date ~~have been~~of this Agreement, suffered, discovered, or been notified of any accidental, unauthorized or unlawful use, disclosure, impairment, deletion, destruction, loss, alteration, breach, disclosure, or acquisition of, or access or intrusion to, any Personal Information in their possession and control and/or its Computer Systems that, in material compliance with all (i) Privacy Laws, (ii) privacy policies, notices, statements and procedures applicable to the Conveyed Entities or the Business regarding Personal Information, privacy or data security practices, and (iii) the requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “Privacy Commitments”). (b) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None of the execution and delivery of this Agreement or the consummation of the Transactions willcase: (i) ~~cause, constitute, or result in~~ constitutes a ~~material~~ breach or ~~violation of~~ a data security incident under any ~~Privacy Commitments~~Applicable Data Protection Laws; or (ii) ~~except as set forth~~ has resulted in ~~Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice to~~ any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, unauthorized acquisition, modification, disclosure, ~~destruction~~ corruption, destruction, or ~~loss (a “Security Incident”) involving all~~ other misuse of Personal Information in its possession or control that would require notification to individuals, third parties, law enforcement agencies, or any Governmental Authority under Contract or Applicable Data Protection Laws. S&W has passed all regulatory audits relating to privacy or data security to which they have been subject. (ix) Except as would not reasonably be expected to be material to S&W, S&W has not, in the period of two (2) years preceding the Execution Date of this Agreement, (i) received any notice, request, correspondence, inquiry or other communication, or been subject to any audit or Proceedings, from any Supervisory Authority (as defined by Applicable Data Protection Laws) or Governmental Authority, in each case, regarding privacy or data security with respect to its processing of Personal Information or (ii) received any claim, complaint, correspondence or other communication, in each case, in writing, from a data subject or any other Person claiming a right to compensation under Applicable Data Protection Laws, or alleging any breach of privacy by the Company or the unauthorized access to, or use, processing or disclosure of, Personal Information in the possession or control of the Company. (x) S&W has taken commercially reasonable actions designed to protect against the existence of any (i) unauthorized security or lock-out device that is designed to materially and adversely affect its software, solutions, applications, and/or Computer Systems, and (ii) computer virus, worm, trap or back door, Trojan horse, or any other ~~data owned~~instruction, ~~stored~~code, ~~used~~program, ~~maintained~~data, ~~controlled~~ or ~~processed~~ material that reasonably would be expected to materially and adversely interrupt, discontinue, interfere with, or otherwise affect the operation or use by ~~or on behalf~~ the S&W of ~~Vendor or~~ any of its ~~Affiliates with respect to~~ Personal Information (collectively, “Malicious Instructions”). To the ~~Business or~~ knowledge of S&W, the ~~Conveyed Entities~~software, solutions, applications, and ~~(y) implemented and maintained an information security program comprising reasonable and appropriate physical~~Computer Systems of the Company do not contain any virus, ~~technical and administrative security measures~~or harmful software routine or hardware component designed to permit unauthorized access to, ~~systems~~or to maliciously disable or otherwise harm, ~~safeguards and policies to protect all~~ any computer, system, software, or Personal Information ~~and other data owned, stored, used, maintained, controlled~~ or ~~processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities~~Company confidential information thereon. (exi) ~~None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre~~The Company honors any valid opt-~~Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any~~ outs from direct marketing as required by Applicable Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy CommitmentProtection Laws. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Contribution and Membership Interest Purchase Agreement (S&W Seed Co)

Data Privacy and Security. (a) ~~The Conveyed~~ When acting as a Business Associate of a Covered Entity or as a Subcontractor of a Business Associate (such terms as defined by HIPAA), the Company and each Company Subsidiary ~~Entities, Vendor (~~have in ~~respect~~ effect agreements with each such Covered Entity and Business Associate that satisfy all of the ~~ENSTAR Assets~~requirements of HIPAA (“BA Agreements”). The Company and each Company Subsidiary have in effect with each entity acting as a Business Associate or Subcontractor (as defined in HIPAA) ~~and APC (in respect~~ of the ~~APC Assets) (and~~Company and each Company Subsidiary, ~~upon completion~~ as applicable, an agreement that satisfies all of the ~~Pre-Closing Reorganization~~requirements of HIPAA (“Vendor BA Agreements”). To the Knowledge of the Company, ~~NewCo, New APC~~ the Company and ~~New ENSTAR)~~ each Company Subsidiary are, and ~~during the three (3) years before the Signing Date~~ have at all times been, in compliance in all material ~~compliance~~ respects with ~~all~~ (i) ~~Privacy Laws~~all contracts or other arrangements in effect between the Company and each Company Subsidiary and their respective customers, including BA Agreements, that apply to or restrict the use, disclosure or security of Personal Information; and (ii) ~~privacy policies~~all contracts or other arrangements between the Company or any Company Subsidiary and vendors and other business partners that apply to or restrict the use, ~~notices, statements and procedures applicable to the Conveyed Entities~~ disclosure or ~~the Business regarding~~ security of Personal Information, ~~privacy~~ including Vendor BA Agreements (such contracts or ~~data security practices, and (iii) the requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections~~ other arrangements referenced in clauses (i) to and (~~iii~~ii) collectively referred to as “Privacy ~~Commitments~~Agreements”). The Company and each Company Subsidiary have in place, and have complied and are in compliance in all material respects with, written policies to protect the security and privacy of Personal Information. The Company has made available to Parent copies of all privacy and security policies and notices governing the use and disclosure of Personal Information. The Company and each Company Subsidiary have the right pursuant to the Privacy Agreements and its privacy and security policies to use and disclose Personal Information for the purpose such information is and has been used and disclosed. (b) The ~~Conveyed~~ Company and each Company Subsidiary ~~Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None of the execution and delivery of this Agreement or the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of any Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising commercially reasonable ~~and appropriate~~ physical, technical and administrative security ~~measures, systems,~~ safeguards ~~and policies~~ in place to protect all Personal Information collected by the Company and each Company Subsidiary or on their behalf from and against unauthorized access, use and/or disclosure. For Personal Information subject to the Laws of countries outside the United States, including countries within the European Union, such Personal Information has only been transferred in compliance with applicable Laws. No person has withdrawn his or her consent to any use or processing of his or her Personal Information or requested erasure of their Personal Information by the Company since January 1, 2015, where the Company or the applicable Company Subsidiary has not complied with such request. (c) Neither the Company nor any Company Subsidiary has received any complaint from any Person or Governmental Entity regarding the Company’s or any Company Subsidiary’s failure to comply regarding the use or disclosure of Personal Information. Except as set forth on Schedule 3.23(c), to the Knowledge of the Company, since January 1, 2015, there have not been any non-permitted uses or disclosures, security incidents (other ~~data owned~~than immaterial and unsuccessful attempts to penetrate networks or servers that occur on a regular basis), ~~stored, used, maintained, controlled~~ or ~~processed~~ breaches involving Personal Information held or collected by or on behalf of ~~Vendor~~ the Company or any ~~of its Affiliates with respect to the Business or the Conveyed Entities~~Company Subsidiary. (ed) ~~None of the Conveyed Subsidiary Entities~~Since December 31, ~~Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or~~2014, to the Company’s Knowledge ~~of Vendor~~neither the Company nor any Company Subsidiary has notified, either voluntarily or as required by Law, any ~~Data Partners has (i) experienced~~ affected individual, any ~~material Security Incidents~~customer, ~~(ii) been required pursuant to~~ any ~~Privacy Commitment to notify customers, employees~~Governmental Entity, or ~~Government Entities~~ the media of any ~~Security Incident~~breach of Personal Information, ~~(iii) been~~ and neither the ~~subject of~~ Company nor any ~~inquiry, investigation~~ Company Subsidiary is currently planning to conduct any such notification or ~~enforcement action of~~ investigating whether any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy Commitmentsuch notification is required. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (Emdeon Inc.)

Data Privacy and Security. (a) The ~~Conveyed Subsidiary Entities~~Company and its Subsidiaries have developed, ~~Vendor~~ implemented and maintained a written data protection, data privacy and cybersecurity program (~~in respect of~~ the ~~ENSTAR Assets~~“Data Protection Program”) ~~and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been,~~ that is in material compliance with all ~~(i)~~ Privacy ~~Laws~~Requirements. The Company and its Subsidiaries have not experienced any material Security Incident. Since January 1, ~~(ii) privacy policies~~2018, ~~notices~~no Person has brought, ~~statements and procedures applicable~~ or threatened in writing to bring, any Action against the ~~Conveyed Entities~~ Company or ~~the Business regarding Personal Information, privacy~~ any of its Subsidiaries in relation to any actual or ~~data security practices, and (iii) the requirements~~ alleged Security Incident or violation or breach of any ~~Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “~~Privacy ~~Commitments”)~~Requirement. (b) Since January 1, 2018, the Company and its Subsidiaries have at all times complied in all material respects with all Privacy Requirements with respect to the Processing of Personally Identifiable Information and other data. The ~~Conveyed Subsidiary Entities~~Company and its Subsidiaries are not and since January 1, ~~Vendor (in respect~~ 2018, have not been subject to a Governmental Order of, or have received a notice from, a Governmental Authority regarding actual or alleged non-compliance with or violation of any Privacy Requirement. The Company and its Subsidiaries have taken commercially reasonable steps to ensure the ~~ENSTAR Assets)~~ reliability of their employees, representatives, consultants, contractors and ~~APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ agents that have ~~and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with~~ access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners areCompany PII, to train such individuals on all applicable Privacy Requirements and to ensure that all such employees, representatives, consultants, contractors and agents with the ~~Knowledge~~ right to access such Company PII are under written obligations of ~~Vendor, in compliance~~ confidentiality with respect to such ~~Privacy Commitments~~Company PII. (c) ~~None~~ To the knowledge of the ~~execution and delivery of this Agreement or the consummation~~ Company, each of the ~~Transactions will: (i) cause~~Company’s and its Subsidiaries’ third-party data suppliers, ~~constitute~~vendors, and partners that Process any Company PII or other Personally Identifiable Information on behalf of the Company or its Subsidiaries are in compliance in all material respects with the Privacy Requirements and there have been no unauthorized or illegal Processing, or ~~result in~~ other breach, violation or default (or event that, with or without the giving of notice or lapse of time, would constitute a ~~material breach~~ breach, violation or ~~violation~~ default) by any such supplier, vendor or other partner of any Privacy ~~Commitments; (ii) except as set forth~~ Requirements. No circumstances have arisen in ~~Section 4.23(c)~~ which the Privacy Requirements would require or recommend the Company or its Subsidiaries to notify any Governmental Authority of ~~the Vendor Disclosure Schedule, require the consent of or notice to~~ any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conductedSecurity Incident. (d) The ~~Conveyed Subsidiary Entities, Vendor (in respect~~ consummation of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed transactions contemplated by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to this Agreement will not breach any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy CommitmentRequirement. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (LIV Capital Acquisition Corp.)

Data Privacy and Security. (a) The ~~Conveyed Subsidiary Entities~~Company’s data privacy and security practices and processing of Personal Data comply, ~~Vendor (in respect~~ and at all times have complied with all of the ~~ENSTAR Assets)~~ Company Privacy Commitments, Privacy Laws and ~~APC (in respect of~~ Company Data Agreements. The Company has at all times, to the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance with all (i) Privacy Laws, (ii) privacy policies, notices, statements and procedures extent applicable to the ~~Conveyed Entities~~ Company: (A) had a valid legal basis (including providing adequate notice and obtaining any necessary consents from individuals) required for the Processing of Personal Data as conducted by or for the ~~Business regarding~~ Company, (B) refrained from selling or sharing Personal ~~Information, privacy or data security practices~~Data with third parties for the third party’s benefit except as permitted under Applicable Law and by any Person with the applicable rights in such Personal Data, and (~~iii~~C) ~~the requirements~~ abided by any privacy rights and choices (including privacy by default obligations under Applicable Law and data-subject opt-out preferences) of ~~any Contracts regarding~~ individuals relating to Personal ~~Information~~Data (such obligations along with all statements and obligations contained in Company Privacy Policies, ~~privacy or data security practices (subsections (i) to (iii) collectively referred to as~~ collectively, “Company Privacy Commitments”). The Company has not granted any options, rights of first refusal or negotiation or other similar rights of any kind relating to any Company Data, and the Company is not bound by or a party to any option, rights of first refusal or negotiation or other similar rights, license or agreement of any kind with respect to any of the Company Data. Neither the execution, delivery and performance of this Agreement, nor the continued use by the Company of all of the Company Data and other information relating to the Company’s end users, employees, vendors or clients, or any other category of individuals in a manner consistent with the Company’s past practice, will cause, constitute or result in a breach or violation of any Privacy Laws or Company Privacy Commitments, any Company Data Agreements or any standard terms of service entered into by the Company with individuals the Personal Data of whom is Processed by each of the Company and its Processors. Copies of all current and prior Company Privacy Policies have been made available to Acquirer and such copies are true, correct and complete. (b) The ~~Conveyed Subsidiary Entities~~Company has established and maintains appropriate and reasonable technical, ~~Vendor (~~physical and organizational measures and security systems and technologies in ~~respect of the ENSTAR Assets)~~ compliance with all data security and ~~APC (in respect of the APC Assets) (and~~other applicable requirements under Privacy Laws, ~~upon completion of the Pre-Closing Reorganization~~Company Data Agreements, ~~NewCo, New APC~~ and ~~New ENSTAR) have and during the past three (3) years have had agreements in place with~~ Company Privacy Commitments that are designed to protect Company Data against: (i) ~~all Persons processing~~ accidental or ~~otherwise with access to Personal Information~~ unlawful Processing or ~~other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and~~ disclosure; (ii) breaches of confidentiality; (iii) unavailability of Company Data; or (iv) other events which affect the integrity of Company Data, in each case, in a manner appropriate to the risks represented by the Processing of such data by the Company, its data processors and any other third party with whom Company has shared such Company Data (such processors and foregoing third parties, collectively, “Processors”). The Company and Processors have taken commercially reasonable steps to ensure the compliance of their respective employees and contractors who have access to Company Data, to train such employees on all applicable aspects of any Privacy Law and Company Privacy Commitments and to ensure that all employees with the authority and/or ability to access such data are under written obligations of confidentiality with respect to such data. The Company has processes in place to identify Personal Data in the materials it offers to its users on its websites and takes appropriate and reasonable steps to ensure it is able legally to use such Personal Data as part of its commercial offering. (c) The Company has not received or experienced and, to the knowledge of the Company, there is no circumstance (including any circumstance arising as a result of an audit or inspection carried out by any Governmental Entity) that would reasonably be expected to give rise to, any Legal Proceeding, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Entity or any other Person ~~for~~ (including an end user): (A) alleging or ~~on behalf~~ confirming non-compliance with a relevant requirement of ~~which the Conveyed Entities~~ Privacy Laws, Company Data Agreement or ~~the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with~~ Company Privacy Commitments, ~~and all Data Partners are~~(B) requiring or requesting the Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating relevant Governmental Entities to investigate, requisition information from, or enter the premises of, the Company or (D) claiming compensation from the Company. There are no unsatisfied requests from individuals or other third parties to the Company seeking to exercise any data protection or privacy rights (such as rights to access, rectify, or delete Personal Data, to ~~the Knowledge~~ restrict or object to processing of ~~Vendor~~Personal Data, or relating to data portability). The Company has not been involved in any Legal Proceedings involving non-compliance or alleged non-compliance with ~~such~~ Privacy Laws or Company Privacy Commitments. (cd) ~~None~~ Schedule 2.11(d) of the ~~execution~~ Company Disclosure Letter contains the complete list of notifications and ~~delivery~~ registrations made by the Company under Privacy Laws with relevant Governmental Entities in connection with the Company’s Processing of ~~this Agreement or~~ Personal Data. All such notifications and registrations are valid, accurate, complete and fully paid up and, to the knowledge of the Company, the consummation of the Transactions ~~will: (i) cause, constitute,~~ will not invalidate such notification or ~~result in a material breach~~ registration or ~~violation of any Privacy Commitments; (ii) except as~~ require such notification or registration to be amended. Other than the notifications and registrations set forth ~~in Section 4.23(c~~on Schedule 2.11(d) of the ~~Vendor~~ Company Disclosure ~~Schedule~~Letter, ~~require~~ no other registrations or notifications are required in connection with the ~~consent~~ Processing of ~~or notice to~~ Personal Data by Company. The Company does not Process the Personal Data of any natural Person under the age of 13 or is otherwise considered a child under Applicable Law, and has complied with all Privacy Laws (including providing adequate notice and obtaining any ~~Privacy Commitments; or (iii) give rise to any right of termination~~ necessary parental or other ~~right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary~~ individual consent) for the ~~operation~~ Processing of Personal Data of any natural person under the ~~Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect~~ age of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities18. (e) ~~None~~ Where the Company uses a Processor to Process Personal Data, the Processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, integrity, availability, security measures and agreed to compliance with those obligations that are sufficient for the Company’s compliance with Privacy Laws and Company Privacy Commitments (including for the evaluation of the ~~Conveyed Subsidiary Entities~~Processor, ~~Vendor (in respect of the ENSTAR Assets~~including its technical and organizational measures), ~~APC (~~and there is in ~~respect~~ existence a written Contract between the Company and each such Processor that complies with the requirements of ~~the APC Assets) (~~all Privacy Laws and Company Privacy Commitments. The Company has made available to Acquirer true, correct and complete copies of all such Contracts and~~, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or~~, to the ~~Knowledge~~ knowledge of ~~Vendor~~the Company, such Processors have not breached any such Contracts pertaining to Personal Data ~~Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities~~ Processed by such Persons on behalf of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy CommitmentCompany. (f) ~~None~~ The Company has not transferred or permitted the transfer of Personal Data originating in the ~~Conveyed Entities are currently within~~ EEA outside the ~~scope~~ EEA, except where such transfers have complied with the requirements of ~~TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01;~~ Privacy Laws and ~~Executive Order 14028 on Improving~~ Company Privacy Commitments. (g) The Company has complied with Privacy Laws in relation to conducting direct marketing, including electronic marketing, telemarketing, organic growth marketing, and text message marketing. (h) The Company maintains complete, accurate and up to date records of (i) all Processing activities of Personal Data and their lawful bases and (ii) all data protection impact assessments, in each case as required by the ~~Nation’s Cybersecurity~~applicable Privacy Laws.

Appears in 1 contract

Sources: Merger Agreement (Sentinel Labs, Inc.)

Data Privacy and Security. (ai) The ~~Conveyed Subsidiary Entities, Vendor (in respect~~ Company and each of ~~the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are~~its Subsidiaries complies, and during the ~~three~~ past two (32) years ~~before the Signing Date have been~~has complied, ~~in material compliance~~ with all ~~(i)~~ Privacy ~~Laws~~and Information Security Requirements. Neither the Company nor any of its Subsidiaries have been notified in writing of, or is the subject of, any complaint, regulatory investigation or proceeding related to Processing of Personal Data by any third party, Governmental Entity, regarding any violations of any Privacy and Information Security Requirement by or with respect to the Company or any of its Subsidiaries. (ii) ~~privacy policies~~The Company and each of its Subsidiaries employs commercially reasonable organizational, ~~notices~~administrative, ~~statements~~ physical and ~~procedures applicable~~ technical safeguards that comply in all respects with all Privacy and Information Security Requirements to protect Company Data within its custody or control and requires the ~~Conveyed Entities or~~ same of all vendors under Contract with the ~~Business regarding Personal Information, privacy or data security practices~~Company that Process Company Data on its behalf. The Company and each of its Subsidiaries have provided all requisite notices and obtained all required consents, and satisfied all other requirements (~~iii~~including but not limited to notification to applicable Governmental Entities), necessary for the Processing (including international and onward transfer) of all Personal Data in connection with the requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “Privacy Commitments”). (b) The Conveyed Subsidiary Entities, Vendor (in respect conduct of the ~~ENSTAR Assets)~~ business as currently conducted and ~~APC (~~in ~~respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place~~ connection with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None of the execution and delivery of this Agreement or the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of any Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or transactions contemplated hereunder. (iii) ~~give rise to any right of termination or other right to impair~~ Neither the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or Company nor any of its ~~Affiliates~~ Subsidiaries, to the Company's knowledge, has suffered a security breach with respect to any of the ~~Business~~ Company Data and, to the Company's knowledge, there has been no unauthorized or illegal use of, access or disclosure to, or unavailability of any Company Data. Neither the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or Company nor any of its ~~Affiliates with respect~~ Subsidiaries has notified, or been required to notify, any Person of any information security breach or other incident involving Personal Data. To the ~~Business~~ Company's knowledge, the Company Systems have had no material errors or defects that have not been fully remedied and contain no code designed to disrupt, disable, harm, distort, or otherwise impede in any manner the legitimate operation of such Company Systems (including what are sometimes referred to as "viruses," "worms," "time bombs," or "back doors") that have not been removed or fully remedied. Neither it nor any of its Subsidiaries, have experienced any disruption to, or interruption in, the conduct of its business that effected the business for more than one calendar week, and attributable to a defect, bug, breakdown, unauthorized access, introduction of a virus or other malicious programming, or other failure or deficiency on the part of any computer Software or the ~~Conveyed Entities~~Company Systems. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy Commitment. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Arrangement Agreement

Data Privacy and Security. (a) The ~~Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets)~~ Company and ~~APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are~~its Subsidiaries comply, and during the ~~three~~ past four (34) years ~~before the Signing Date~~ have ~~been, in material compliance~~ complied with ~~all~~ (i) all Privacy ~~Laws~~and Information Security Requirements, (ii) ~~privacy policies, notices, statements and procedures applicable to the Conveyed Entities or the Business regarding Personal Information, privacy or data security practices~~their respective Privacy Notices, and (iii) their respective Contracts relating to Processing of Personal Data (including any Personal Data transfer agreements) or cybersecurity (such as in relation to Data Breaches). Neither the ~~requirements~~ Company nor any of its Subsidiaries, nor, to the Company’s Knowledge, any other Person, has received any notice, allegation, complaint, or other communication, and, to the Company’s Knowledge, there is no pending investigation or Action by any Governmental Authority or payment card association, regarding, in each case of the above, any actual or possible violation of any ~~Contracts regarding Personal Information, privacy~~ Privacy and Information Security Requirement by or ~~data security practices (subsections (i)~~ with respect to ~~(iii) collectively referred to as “Privacy Commitments”)~~the Company or its Subsidiaries. (b) Neither the Company nor its Subsidiaries, nor, to the Company’s knowledge, any of its or their respective Service Providers or others acting on their behalf, have had, or have, a Data Breach. Neither the Company nor its Subsidiaries have notified, or, to the Company’s Knowledge, been required to notify, any Person of any Data Breach. The ~~Conveyed Subsidiary Entities~~Company and its Subsidiaries employs and has employed commercially reasonable physical, ~~Vendor (in respect of~~ technical, and organizational safeguards that comply with all Privacy and Information Security Requirements to protect, or advise on the ~~ENSTAR Assets) and APC (in respect of the APC Assets) (and~~protection of, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal ~~Information~~ Data or other ~~data collected~~ Data within its custody or ~~processed by, for~~ control against a Data Breach and requires the same of all Service Providers that Process Data on its behalf or advise on ~~behalf of~~ the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal ~~Information consistent with Privacy Commitments, and all~~ Data ~~Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments~~or other Data. (c) ~~None~~ The Company and its Subsidiaries have provided all notices and opt-in or opt-out choices (and honored such choices), and obtained all consents, and satisfied all other requirements (including but not limited to notification to, or registration with, any Governmental Authority), in each case, in compliance with Privacy and Information Security Requirements and as necessary for the Company and its Subsidiaries’ respective Processing (including international and onward transfer) of data in connection with the conduct of the ~~execution~~ business as currently conducted and ~~delivery of this Agreement or~~ in connection with the consummation of the ~~Transactions will:~~ transactions contemplated hereunder. The Company and its Subsidiaries are not subject to any contractual requirements, Privacy Notices, or other legal obligations that, following the Closing, would prohibit the Company or any of its Subsidiaries from receiving or using Data or Personal Data in the manner in which the Company or any of its Subsidiaries receive or use such Data or Personal Data prior to the Closing. (d) Each of the Company and its Subsidiaries owns or has license to use the IT Systems as necessary to operate its business as currently conducted. The Company and its Subsidiaries have taken reasonable precautions designed to protect the confidentiality, integrity, and security of the IT Systems and all information stored or contained therein or transmitted thereby from any loss, theft, or unauthorized disclosure, use, access, interruption or modification by any Person. To Company’s knowledge, all IT Systems are (i) ~~cause~~free from any Malicious Code, ~~constitute~~material defect, bug or ~~result in a material breach~~ programming, design or ~~violation of any Privacy Commitments;~~ documentation error and (ii) ~~except as set forth~~ in ~~Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice~~ sufficiently good working condition to ~~any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or~~ effectively perform all material information technology operations necessary for the operation of the ~~Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect~~ business of the ~~ENSTAR Assets)~~ Company and ~~APC~~ its Subsidiaries (~~in respect~~ except for ordinary wear and tear). There have not been any material failures, breakdowns, or continued substandard performance of any IT Systems that have caused a material failure or disruption of the ~~APC Assets) (and~~IT Systems. The Company and its Subsidiaries have implemented, ~~upon completion~~ maintained and tested commercially reasonable disaster recovery procedures and facilities for the business of the ~~Pre-Closing Reorganization, NewCo, New APC~~ Company and ~~New ENSTAR) have: (x) implemented~~ its Subsidiaries and ~~maintained, and have required~~ all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect material to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None respective businesses of the ~~Conveyed Subsidiary Entities, Vendor (~~Company and its Subsidiaries has been regularly backed up in ~~respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC~~ an encrypted manner and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy Commitmenttested for restoration. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (LGL Systems Acquisition Corp.)

Data Privacy and Security. Except as disclosed in the Commission Documents, the Company and its Subsidiaries have at all times since the Business Combination Closing complied in all material respects with all applicable Privacy Laws, Privacy and Data Security Policies (~~a) The Conveyed Subsidiary Entities~~as defined below), ~~Vendor~~ and contractual commitments concerning the Payment Card Industry Data Security Standards (~~in respect of the ENSTAR Assets) and APC (in respect of the APC Assets~~if any) (~~and~~collectively, ~~upon completion~~ the “Privacy Requirements”). Except as disclosed in the Commission Documents, the Company and its Subsidiaries have implemented adequate written policies relating to the Processing of Personal Data as and to the ~~Pre-~~extent required by applicable Law (“Privacy and Data Security Policies”). Except as disclosed in the Commission Documents, there is no pending, nor has there been since the Business Combination Closing ~~Reorganization, NewCo, New APC and New ENSTAR) are, and during~~ Date any material Actions against the ~~three (3) years before the Signing Date have been, in material compliance with all~~ Company or any of its Subsidiaries initiated by (i) ~~Privacy Laws,~~ any Person; (ii) ~~privacy policies~~the United States Federal Trade Commission, ~~notices, statements and procedures applicable to the Conveyed Entities~~ any state attorney general or ~~the Business regarding Personal Information, privacy or data security practices, and~~ similar state official; (iii) ~~the requirements~~ any other Governmental Authority, foreign or domestic; or (iv) any regulatory or self-regulatory entity alleging that any Processing of ~~any Contracts regarding~~ Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “Privacy Commitments”). (b) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for Data by or on behalf of the ~~Conveyed Entities~~ Company or ~~the Business (“Data Partners”) and (ii) each Person for or on behalf~~ any of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, its Subsidiaries is in compliance with such Privacy Commitments. (c) None of the execution and delivery of this Agreement or the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of any Privacy ~~Commitments; (ii) except~~ Requirements. Except as ~~set forth~~ disclosed in ~~Section 4.23(c)~~ the Commission Documents, since the Business Combination Closing Date, there has been no material breach of security resulting in unauthorized access, use or disclosure of Personal Data in the possession or control of the Vendor Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor Company or any of its ~~Affiliates with respect to the Business or the Conveyed Entities, and~~ Subsidiaries (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTARas applicable) or, to the ~~Knowledge of Vendor~~Company’s Knowledge, any of their respective contractors with regard to any Personal Data ~~Partners~~ obtained from or on behalf of the Company or any of its Subsidiaries (as applicable), or any material unauthorized intrusions or breaches of security into the systems of the Company or any of its Subsidiaries (as applicable). Except as disclosed in the Commission Documents, the Company or one of its Subsidiaries owns or has license to use the IT Systems as necessary to operate the Business of the Company and its Subsidiaries as currently conducted. To the Company’s Knowledge, except as disclosed in the Commission Documents, none of the IT Systems contain any worm, bomb, backdoor, clock, timer or other disabling device, code, design or routine that causes the software of any portion thereof to be erased, inoperable or otherwise incapable of being used, either automatically, with the passage of time or upon command by any unauthorized Person, except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except as disclosed in the Commission Documents, the Company and its Subsidiaries have taken organizational, physical, administrative and technical measures required by Privacy Requirements consistent with standards prudent in the industry in which the Company and its Subsidiaries operate to protect (i) ~~experienced any material Security Incidents~~the integrity, security and operations of their information technology systems, and (ii) the confidential data owned by the Company or any of its Subsidiaries or provided by the Company’s or any Subsidiary’s customers, and Personal Data against data security incidents or other misuse, except where the failure to take such organizational, physical, administrative or technical measures would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except as disclosed in the Commission Documents, the Company and its Subsidiaries have implemented reasonable procedures, satisfying the requirements of applicable Privacy Laws in all material respects, to detect data security incidents and to protect Personal Data against loss and against unauthorized access, use, modification, disclosure or other misuse, except where the failure to implement such reasonable procedures would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except as disclosed in the Commission Documents, in connection with each third-party service provider whose services are material to the Company or one of its Subsidiaries and involve the Processing of Personal Data on behalf of the Company or any of its Subsidiaries, the Company or one of its Subsidiaries has in accordance with Privacy Laws, since the Business Combination Closing Date, entered into valid data processing agreements with any such third party in accordance with applicable Privacy Laws, except where the failure to enter into such valid data processing agreements with any such third party would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except as disclosed in the Commission Documents, there have not been ~~required pursuant~~ any Actions related to any ~~Privacy Commitment to notify customers, employees,~~ data security incidents or ~~Government Entities~~ any violations of any ~~Security Incident~~Privacy Requirements that have been asserted in writing against the Company or any of its Subsidiaries, ~~(iii) been~~ and, to the ~~subject~~ Company’s Knowledge, none of the Company or any ~~inquiry, investigation or enforcement action~~ of ~~any Government Entity with respect to compliance with any Privacy Law, or (iv)~~ its Subsidiaries has received any written ~~notices~~correspondence relating to, or written ~~request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation~~ notice of any Actions with respect to, alleged violations by the Company or any of its Subsidiaries of, Privacy ~~Commitment. (f~~Requirements, in each case which Actions, if adjudicated adversely to the Company or any of its Subsidiaries, would, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Except as disclosed in the Commission Documents, neither the Company nor any of its Subsidiaries has transferred any Personal Data from the European Union or United Kingdom to a jurisdiction outside the European Economic Area or United Kingdom, other than in accordance with Articles 45 and 46(2) ~~None~~ of the ~~Conveyed Entities are currently within~~ GDPR, except as would not, individually or in the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurityaggregate, reasonably be expected to have a Material Adverse Effect.

Appears in 1 contract

Sources: Common Stock Purchase Agreement (Alpha Healthcare Acquisition Corp Iii)

Data Privacy and Security. (a) The ~~Conveyed Subsidiary Entities~~Seller is, ~~Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (~~and, ~~upon completion of the Pre-Closing Reorganization~~with respect to all Contracts at all times since December 31, ~~NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been,~~ 2015 has been in ~~material~~ compliance with all ~~(i) Privacy Laws, (ii) privacy policies, notices, statements and procedures~~ applicable Laws relating to the ~~Conveyed Entities or the Business regarding~~ safeguarding of and access to Personal Information, ~~privacy~~ including all Privacy and Security Laws, except to the extent that any noncompliance, individually or ~~data security practices~~in the aggregate, ~~and (iii) the requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections (i)~~ would not be reasonably likely to ~~(iii) collectively referred to as “Privacy Commitments”)~~result in a Seller Material Adverse Effect. (b) The ~~Conveyed Subsidiary Entities~~Seller is, ~~Vendor (~~and at all times since December 31, 2015 has been, in ~~respect~~ all material respects in compliance with their written privacy policies including any privacy policies distributed to employees of ~~the ENSTAR Assets)~~ customers and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for privacy policies contained on any websites maintained by or on behalf of the ~~Conveyed Entities or~~ Seller. The Seller’s written privacy policies and its practices concerning the ~~Business (“Data Partners”)~~ collection, use, storage, registration and ~~(ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection~~ disclosure of Personal Information ~~consistent with Privacy Commitments~~are accurate, comprehensive and fully implemented, and conform, and at all ~~Data Partners are~~times since December 31, 2015 have conformed, in all material respects, to the ~~Knowledge~~ Seller’s contractual commitments (including to its customers and their employees or other users whose Personal Information Seller collects, uses, or stores in the course of ~~Vendor~~the Business). Neither the Transaction Documents nor the Transactions contemplated thereby will violate any applicable Laws or any of the Seller’s written privacy policies. All necessary filings, registrations and/or notifications have been made to Governmental Entities in ~~compliance with such Privacy Commitments~~relation to the processing activities including export of personal data undertaken the by the Seller. (c) ~~None~~ The Seller contractually requires all third parties, including vendors, marketing partners and other Persons providing services to the Seller who, to any material degree, have access to or receive Personal Information from the Seller to comply with all applicable Laws regarding the use of ~~the execution~~ such Personal Information and ~~delivery~~ to use commercially reasonable efforts to protect such Personal Information against unauthorized access or use. To Seller’s Knowledge, no third party is in breach of this Agreement or the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of any Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent its contractual obligations regarding such third party’s use of or ~~notice~~ access to ~~any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any~~ Personal ~~Information used in or necessary for the operation of the Business as it is currently being conducted~~Information. (d) The ~~Conveyed Subsidiary Entities~~Seller has used commercially reasonable efforts consistent with all applicable Laws, ~~Vendor (in respect~~ prevailing industry practices and the Seller’s written privacy policies to protect the integrity, security and confidentiality of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information ~~and other data owned, stored, used, maintained, controlled or processed~~ maintained by ~~or on behalf of Vendor or any of its Affiliates with respect to~~ the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed EntitiesSeller. (e) ~~None~~ To the Knowledge of Seller, there has been no material loss, unauthorized or illegal use, processing or disclosure of, or access to, any Personal Information stored or secured by or for the ~~Conveyed Subsidiary Entities, Vendor~~ Seller. (~~in respect of the ENSTAR Assets), APC (in respect of the APC Assets~~f) ~~(and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ No claims or proceedings have been asserted or, to the Knowledge of ~~Vendor~~Seller, are threatened against the Seller by any ~~Data Partners~~ Person alleging a violation of any Person’s privacy, personal or confidentiality rights including rights under any of the Seller’s written privacy policies. The Seller is not currently and has not been under investigation by any Governmental Entity or received any oral, written or other claim, complaint, inquiry or notice from any third party or any Governmental Entity related to whether the Seller’s collection, processing, use, storage, maintenance, access, receipt, security and/or disclosure of Personal Information (i) ~~experienced~~ is in violation of any ~~material Security Incidents~~applicable Laws, privacy policies or security policies or (ii) ~~been required pursuant to any Privacy Commitment to notify customers~~otherwise constitutes an unfair, ~~employees,~~ deceptive or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy Commitmentmisleading trade practice. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Asset Purchase Agreement (Appfolio Inc)

Data Privacy and Security. (a) ~~The Conveyed Subsidiary Entities~~To Seller’s Knowledge, ~~Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are~~Seller is operating, and ~~during the three (3) years before the Signing Date have been~~has at all times operated, in material compliance with all Data Protection Requirements. Seller has adopted and published Privacy Policies that accurately describe the privacy practices of Seller, to any website and other applicable electronic platforms and no such disclosure or representation made or contained in any such Privacy Policy has been inaccurate, misleading, or deceptive (~~i) Privacy Laws~~including by omission). To Seller’s Knowledge, ~~(ii) privacy policies, notices, statements and procedures applicable to the Conveyed Entities~~ Seller has obtained written agreements from all Third Parties that Process Personal Information or ~~the~~ Business ~~regarding Personal Information, privacy~~ Data for or ~~data security practices, and (iii)~~ on behalf of Seller that satisfy the requirements of the Data Protection Requirements, and to Seller’s Knowledge, no such Third Party is in material breach of any ~~Contracts regarding~~ such agreement. To the extent applicable, Seller has all necessary authority, rights, consents, and authorizations to process any Personal ~~Information, privacy~~ Information or ~~data security practices (subsections (i)~~ other Business Data maintained by or for Seller to ~~(iii) collectively referred~~ the extent required in connection with the operation of the Business as currently and as proposed to ~~as “Privacy Commitments”)~~be conducted. (b) ~~The Conveyed Subsidiary Entities~~To Seller’s Knowledge, ~~Vendor (~~the IT Systems are adequate for and perform in ~~respect~~ all material respects as required in connection with the operation of the ~~ENSTAR Assets)~~ Business as currently conducted and ~~APC (in respect~~ as proposed to be conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. To Seller’s Knowledge, Seller has implemented and maintained all necessary and appropriate controls, policies, procedures, and safeguards to maintain and protect the confidentiality, integrity and security of the ~~APC Assets) (and~~IT Systems, ~~upon completion~~ Personal Information and other Business Data used in connection with the Business and there has been no breaches, violations, outages, or unauthorized Processing of the ~~Pre-Closing Reorganization~~same (each, ~~NewCo~~a “Security Incident”), ~~New APC and New ENSTAR) have and during~~ nor any incidents under internal review or investigations relating to the ~~past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to~~ same. To Seller’s Knowledge, no Third Party Processing Personal Information or ~~other data collected or processed by, for or~~ Business Data on behalf of ~~the Conveyed Entities or~~ Seller in connection with the Business (“has experienced or made or has been required to make any notifications under any Data ~~Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data~~Protection Requirements in connection with, ~~such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments~~any Security Incident. (c) ~~None~~ No written notices have been received from, and no Proceedings have been commenced or threatened in writing against Seller by, any Person alleging a violation of ~~the execution and delivery of this Agreement or~~ any Data Protection Requirements. To Seller’s Knowledge, the consummation of the ~~Transactions~~ transactions contemplated hereunder will: (i) ~~cause~~comply in all material respects with the Data Protection Requirements, ~~constitute, or result in a material breach or violation of any Privacy Commitments;~~ (ii) ~~except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule,~~ not require the consent of or provision of notice to any Person ~~under any Privacy Commitments~~concerning such Person’s Personal Information; or (iii) not give rise to any right of termination or other right to impair ~~the Conveyed Entities’~~ or limit Seller’s rights to ~~own and process~~ Process any Personal Information or Business Data used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, Business; or (iv) ~~received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating~~ otherwise prohibit the transfer of Personal Information to ~~any Security Incident or violation of any Privacy Commitment~~Buyer. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Asset Purchase Agreement (Perspective Therapeutics, Inc.)

Data Privacy and Security. (a) ~~The Conveyed Subsidiary Entities~~Since January 1, ~~Vendor (~~2021, the ANAC Companies have at all times complied and are currently in ~~respect of the ENSTAR Assets)~~ compliance in all material respects with any and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance with all (i) ~~Privacy Laws,~~ Applicable Laws and )(ii) ~~privacy policies~~internal and external policies and procedures, ~~notices, statements and procedures applicable to the Conveyed Entities or the Business regarding Personal Information, privacy or data security practices~~binding industry standards, and ~~(iii)~~ contractual and other legal requirements and restrictions to which the ~~requirements~~ ANAC Companies are subject, in each case of ~~any Contracts regarding Personal Information, privacy or data security practices (subsections~~ (i) and (ii), relating to data privacy, data protection, cybersecurity or the collection, use or other processing of Personally Identifiable Information (~~iii) collectively referred to as~~ such Applicable Laws described in clause (i), the “~~Privacy Commitments~~Applicable Data Protection Laws”, and the Applicable Data Protection Laws together with the requirements described in clause (ii), the “Applicable Data Protection Requirements”). (b) ~~The Conveyed Subsidiary Entities~~With respect to all Personally Identifiable Information held or otherwise processed by the ANAC Companies, ~~Vendor (in respect of~~ the ~~ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ ANAC Companies have ~~and during the past three (3) years have had agreements in place with~~ at all times (i) ~~all Persons processing or otherwise~~ taken commercially reasonable steps (including with ~~access~~ respect to ~~Personal Information~~ technical and physical security) designed to ensure that such information is protected against the unauthorized access, use, modification, disclosure, loss, exfiltration, destruction, alteration, theft, interruption, corruption or other ~~data collected~~ misuse, or ~~processed by~~breach thereof (each, ~~for or on behalf of the Conveyed Entities or the Business (~~a “Data ~~Partners~~Breach”) and (ii) ~~each Person for or~~ used commercially reasonable efforts to ensure that all service providers, data processors and other third parties that process any Personally Identifiable Information on behalf of ~~which~~ the ~~Conveyed Entities~~ ANAC Companies are bound by valid, written and enforceable agreements that include any and all terms required by Applicable Data Protection Laws and require such third parties to comply with Application Data Protection Laws and to maintain the privacy, security and confidentiality of such Personally Identifiable Information. There has been no material Data Breach with respect to any IT Assets (or any information, data or transactions stored or contained therein or transmitted thereby) or any Personally Identifiable Information in the ~~Business process Personal Information~~ ANAC Companies’ possession or ~~other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments~~control, and ~~all~~ the ANAC Companies have not been required under any Applicable Data ~~Partners are,~~ Protection Requirement to the Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None of the execution and delivery of this Agreement or the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of provide any ~~Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or~~ notice to any ~~Person under any Privacy Commitments; or (iii) give rise to any right of termination~~ Governmental Authority or other ~~right to impair the Conveyed Entities’ rights to own and process~~ Person in connection with any ~~Personal Information used in or necessary for the operation~~ Data Breach. As of the ~~Business as it~~ date of this Agreement, there is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) no Action pending or, to the Knowledge of ~~Vendor~~the Company, threatened against any ~~Data Partners has (i) experienced~~ of the ANAC Companies by any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other ~~written communication from any Government Entity relating to any Security Incident or~~ Person alleging a violation of any ~~Privacy Commitment. (f) None~~ Applicable Data Protection Requirement, except as has not had, and would not reasonably be expected to have, a Company Material Adverse Effect. The consummation of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s CybersecurityTransactions will not breach any Applicable Data Protection Requirement, except as would not reasonably be expected to have a Company Material Adverse Effect.

Appears in 1 contract

Sources: Transaction Agreement (Summit Materials, LLC)

Data Privacy and Security. (a) ~~The Conveyed Subsidiary Entities~~To the Company’s knowledge, ~~Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and~~each Group Company has, ~~upon completion of the Pre-Closing Reorganization~~at all times, ~~NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance~~ complied with ~~all~~ (i) all applicable Privacy Laws, (ii) ~~privacy policies~~all Contracts, notices, ~~statements~~ policies, statements, and ~~procedures~~ Consents and other obligations and commitments applicable to the ~~Conveyed Entities or~~ Processing of Personal Information by the ~~Business regarding Personal Information, privacy or data security practices~~Company in connection with the business, and (iii) any applicable Privacy and Data Security Policies (as defined in Section 5.22(e) below) (collectively, the ~~requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as~~ “Privacy ~~Commitments~~and Data Security Requirements”). (b) ~~The Conveyed Subsidiary~~ All Personal Information provided to the Acquisition Entities in connection with the transactions contemplated by this Agreement, and the manner in which such Personal Information has been obtained and provided to the Acquisition Entities, ~~Vendor (in respect of the ENSTAR Assets)~~ has been provided and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, obtained in compliance with ~~such~~ the Privacy ~~Commitments~~and Data Security Requirements. (c) ~~None~~ To the Company’s knowledge, all notices and Consents required by Privacy Laws or Contracts related to each Group Company’s Processing of Personal Information in connection with the conduct of the ~~execution and delivery of this Agreement or the consummation~~ business (including disclosure to Affiliates of the ~~Transactions will: (i~~Company) ~~cause, constitute,~~ have been given or ~~result~~ obtained in ~~a material breach or violation of any~~ accordance with all applicable Privacy ~~Commitments; (ii) except as set forth in Section 4.23(c)~~ Laws and are sufficient for the continued conduct of the ~~Vendor Disclosure Schedule, require~~ business in substantially the ~~consent of or notice~~ same manner as conducted prior to ~~any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair~~ the ~~Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted~~Closing. (d) ~~The Conveyed Subsidiary Entities~~Each Group Company has and at all times has had a publicly posted, ~~Vendor (in respect~~ written privacy policy, which accurately describes the Processing of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information ~~and other data owned, stored, used, maintained, controlled or processed by or on behalf~~ in connection with the business in compliance with Privacy Laws. Copies of ~~Vendor or any of its Affiliates with respect~~ all such privacy policies have been provided to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Acquisition Entities. (e) ~~None~~ Each Group Company has developed, implemented and complied at all times with written policies and procedures, including training, auditing and monitoring, designed to enable the Company to comply with the Privacy and Data Security Requirements, and demonstrate and evidence compliance with Privacy and Data Security Requirements relating to the Processing of Personal Information in connection with the business (collectively, the “Privacy and Data Security Policies”). The Privacy and Data Security Policies are sufficient to enable the continued conduct of the ~~Conveyed Subsidiary Entities, Vendor (~~business after the Closing in ~~respect of~~ substantially the ~~ENSTAR Assets), APC (in respect of~~ same manner as the ~~APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or,~~ business was conducted prior to the ~~Knowledge~~ Closing. Copies of ~~Vendor, any~~ all Privacy and Data ~~Partners has (i) experienced any material~~ Security ~~Incidents, (ii)~~ Policies have been ~~required pursuant~~ provided to ~~any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been~~ the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy CommitmentAcquisition Entities. (f) Each Group Company has implemented and adhered to technical, administrative, physical, operational, and organizational data security safeguards, appropriate to the sensitivity of the Personal Information Processed by the Company as required to comply with applicable Privacy Laws and with industry best practice, and such safeguards are sufficient to protect and maintain the security, confidentiality, and integrity of its Company IT Systems and any Personal Information Processed or other Business Data and prevent Security Incidents and the introduction of Disabling Devices. (g) None of the ~~Conveyed Entities~~ Group Companies have received notice of any pending Proceedings, nor have there been any material Proceedings against any Group Company initiated by any Person (including (i) the United States Federal Trade Commission, any state attorney general or similar state official, (ii) the Office of the Privacy Commissioner of Canada or any provincial privacy commissioner, or (iii) any other Governmental Entity, including by any privacy regulator) alleging that any Processing of Personal Information by or on behalf of a Group Company is in violation of any Privacy and Data Security Requirements. To the Company’s knowledge, there are ~~currently within~~ no facts or circumstances that could reasonably be expected to give rise to any of the ~~scope~~ foregoing. (h) There has been no unauthorized access to or Processing of ~~TSA~~ Personal Information in the possession or control of any Group Company, and to the Company’s knowledge, there have been no Security ~~Directive Pipeline-2021~~Incidents with respect to any Company IT Systems or Personal Information, whether or not such incident required notice thereof to any Person under any applicable Law. No Group Company has inserted, and no other Person has inserted or alleged to have inserted, any Disabling Device in any of the Company IT Systems or Company Product. (i) To the extent any Group Company relies on any third party to Process Personal Information on the Group Company’s behalf, such Group Company has executed agreements that comply with all applicable Privacy Laws and the Group Company has exercised reasonable oversight in reviewing any such third party’s compliance with its obligations under such agreements, given the nature of the Processing and the sensitivity of the Personal Information thereunder. The Company is not aware of any material non-~~01; TSA Security Directive Pipeline-2021~~compliance with applicable Privacy Laws by third parties that Process Personal Information on behalf of the Group Company’s in connection with the business, nor is the Company aware of any material non-~~02; TSA~~ compliance by such third parties with their contractual obligations to any of the Group Company’s in connection with the business. A copy of each contract entered into by a Group Company that includes a material Processing of Personal Information ~~Circular IC Pipeline-2022~~has been provided to the Acquisition Entities. (j) To the Company’s knowledge, the Personal Information is accurate and complete, and each Group Company has corrected all inaccurate Personal Information of which it has been notified by the individual to whom the Personal Information relates upon receipt of proof of such inaccuracy. (k) Each of the Group Companies is, and has at all times been, in compliance with Anti-~~01;~~ Spam Laws. Each of the Group Companies has implemented and ~~Executive Order 14028~~ maintains all necessary policies and practices to comply with Anti-Spam Laws and retains sufficient documentation to evidence such compliance. Each of the Group Companies maintains databases that record the contact information of all Persons to whom the Group Company sends commercial electronic messages, and for each recipient, has recorded sufficient details to evidence the basis on ~~Improving~~ which communications with that recipient by the ~~Nation~~Group Company are permitted under Anti-Spam Laws and, if applicable, any unsubscribe or similar requests from any recipient. No Proceeding has been asserted or threatened against any of the Group Companies alleging or finding a violation of Anti-Spam Law. To the Company’s ~~Cybersecurity~~knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Proceeding. No order, decision or judgment has been made against any Group Company by any Governmental Entity, no administrative monetary penalties have been assessed against any Group Company, and no undertaking or other agreement has been entered into by any Group Company with any Governmental Entity, based on or related to any finding or allegation of noncompliance with any Anti-Spam Laws.

Appears in 1 contract

Sources: Business Combination Agreement (Arogo Capital Acquisition Corp.)

Data Privacy and Security. (a) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) areThere is not, and ~~during the three (3) years before the Signing Date have~~ there has never been, ~~in material compliance with all~~ any Proceeding pending or, to the Company’s knowledge, threatened, against or involving any Group Company initiated by any Person (including (i) ~~Privacy Laws~~the United States Federal Trade Commission or any state attorney general or similar state official, (ii) ~~privacy policies~~any other Governmental Entity, ~~notices~~foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Protected Data by or on behalf of any Group Company is or was in violation of any Privacy Requirements, ~~statements and procedures applicable~~ nor are there or have there been valid grounds for any such Proceeding. (b) Except as set forth on Section 3.20(b) of the Company Disclosure Schedules, (i) there has not been any Data Breach involving any Group Company, or any of its contractors with regard to ~~the Conveyed Entities~~ any Protected Data obtained from or ~~the Business regarding Personal Information~~on behalf of any Group Company, ~~privacy~~ (ii) there have been no unauthorized intrusions or ~~data~~ breaches of security ~~practices~~into any Company IT Systems, and (iii) none of the ~~requirements~~ Group Companies have been notified or been required to notify any Person of any Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “Privacy Commitments”). (b) The Conveyed Subsidiary Entities, Vendor (in respect of the ~~ENSTAR Assets) and APC (in respect~~ foregoing or any loss, theft or damage of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy CommitmentsProtected Data. (c) ~~None~~ Each Group Company (i) has published and is in compliance with its public-facing privacy policies and its internal privacy policies and guidelines, (ii) has implemented and maintains commercially reasonable administrative, technical and physical measures, policies, procedures, and rules to ensure that Personal Data is protected against Data Breaches and other loss, damage, and unauthorized access, use, modification or other misuse, including a comprehensive written information security plan that complies with all applicable Privacy Requirements, (iii) has made all required disclosures to, and obtained any necessary consents from, users, customers, employees, contractors, governmental authorities and other applicable Persons required by applicable Privacy Requirements related to data privacy, data collection, data protection and data security and has filed any required registrations with the applicable data protection authority, and (iv) maintains systems and procedures to receive and effectively respond to complaints and, to the extent required by applicable Privacy Requirements, individual rights requests, in connection with each Group Company’s Processing of Personal Data, and each has complied with all such complaints and individual rights requests. To the ~~execution~~ Company’s knowledge, at all times (A) each Group Company has complied in all material respects with applicable Privacy Requirements, and (B) each Group Company has had valid and legal rights to Process all Protected Data that is Processed by or on behalf of such Group Company in connection with the use and/or operation of its products, services and business (including Company Products), and neither the execution, delivery or performance of this Agreement ~~or the consummation~~ nor any of the ~~Transactions will:~~ other agreements contemplated by this Agreement will violate in any material respects any applicable Privacy Requirements. (id) ~~cause, constitute,~~ Each Group Company owns or ~~result in~~ has a material breach or violation of any Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or (iii) give rise to any right of termination license or other right to ~~impair~~ use the ~~Conveyed Entities’ rights~~ Company IT Systems as necessary to ~~own~~ operate the business of each Group Company as currently conducted. To the Company’s knowledge, all Company IT Systems (i) are free from any defect, bug, virus or programming, design or documentation error and ~~process~~ do not contain any ~~Personal Information used~~ disabling software, code or instructions, spyware, Trojan horses, worms, viruses or other software routines that permit or cause unauthorized access to, or disruption, impairment, disablement, or destruction of, any software, data or other information (“Malicious Code”), (ii) are in or sufficiently good working condition to effectively perform all information technology operations necessary for the operation of the ~~Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect~~ business of the ~~ENSTAR Assets~~Group Companies (except for ordinary wear and tear), and (iii) include safeguards consistent with industry standards and ~~APC (in respect~~ are designed to protect the security, confidentiality, availability, and integrity of the ~~APC Assets) (and~~Group Companies’ Protected Data and includes appropriate backup, ~~upon completion of the Pre-Closing Reorganization~~disaster recovery, ~~NewCo, New APC~~ and ~~New ENSTAR) have:~~ software and hardware support arrangements. Each Group Company has taken reasonable precautions to (x) ~~implemented~~ protect the confidentiality, integrity and ~~maintained~~security of the Company IT Systems and all information and data stored or contained therein or transmitted thereby from any theft, ~~and have required all Data Partners to implement and maintain~~corruption, ~~cyber insurance that would offer coverage in the event of unauthorized~~loss or unauthorized use, ~~unlawful or improper~~ access, ~~use, acquisition, modification, disclosure, destruction~~ interruption or ~~loss~~ modification by any Person and (x) ensure that all Company IT Systems and Company Products are (A) fully functional and operate and run in a ~~“Security Incident”) involving~~ reasonable and efficient business manner in all ~~Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities~~material respects, and (yB) ~~implemented and maintained an information security program comprising reasonable and appropriate physical~~free from any bug, ~~technical and administrative security measures~~virus, ~~systems~~malware, ~~safeguards and policies to protect all Personal Information and other data owned~~programming, ~~stored~~design or documentation error, ~~used~~corruption, ~~maintained~~material defect, ~~controlled~~ or ~~processed by~~ Malicious Code. There have not been any material failures, breakdowns or ~~on behalf~~ continued substandard performance of ~~Vendor~~ any Company IT Systems that have caused a material failure or ~~any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None~~ disruption of the ~~Conveyed Subsidiary Entities, Vendor (~~Company IT Systems other than routine failures or disruptions that have been fully remediated in ~~respect~~ the ordinary course of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy Commitmentbusiness. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Business Combination Agreement (Cascadia Acquisition Corp.)

Data Privacy and Security. (a) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance with all (i) Each Acquired Company’s and the Foundation’s data, privacy and security practices conform, and at all times have conformed, to all of the Company Privacy ~~Laws~~Commitments, Privacy Laws and Company Data Agreements. Each Acquired Company and the Foundation has at all times: (A) had the legal basis (including providing adequate notice and obtaining any necessary consents from individuals) required for the Processing of Personal Data as conducted by or for the Acquired Companies or the Foundation, (iiB) refrained from selling or sharing Personal Data with third parties for the third party’s benefit except as allowed under Applicable Law and Company Data Agreements, (C) abided by any privacy ~~policies~~choices, ~~notices~~(including opt-in and opt-out preferences, ~~statements and procedures applicable~~ as required), of individuals relating to ~~the Conveyed Entities or the Business regarding~~ Personal ~~Information, privacy or data security practices,~~ Data and (~~iii~~D) ~~the requirements of any Contracts regarding Personal Information~~had Privacy Laws compliant records in place (such obligations along with those contained in Company Privacy Policies, ~~privacy or data security practices (subsections (i) to (iii) collectively referred to as~~ collectively, “Company Privacy Commitments”)~~. (b) The Conveyed Subsidiary Entities~~. Neither the execution, ~~Vendor (in respect of the ENSTAR Assets)~~ delivery and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None of the execution and delivery performance of this Agreement or nor the ~~consummation~~ taking over by Parent of all of the ~~Transactions will: (i)~~ Company Databases, Company Data and other information relating to each Acquired Company’s end users, employees, vendors or clients, or any other category of individuals, will cause, ~~constitute,~~ constitute or result in a ~~material~~ breach or violation of any Privacy ~~Commitments;~~ Laws, Company Privacy Commitments or Company Data Agreements or any standard terms of service entered into by any Acquired Company with individuals the Personal Data of whom is Processed by each of the Acquired Companies and the Foundation and their Data Processors. Copies of all current and prior Company Privacy Policies have been Made Available to Parent and such copies are true, correct and complete. The Company’s privacy and security practices comply in all material respects with Applicable Law. (ii) ~~except~~ The Acquired Companies and, to the extent required by Applicable Law, the Foundation have established and maintain appropriate technical, physical and organizational measures and security systems and technologies in material compliance with applicable data security requirements under Privacy Laws, Company Data Agreements and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing in a manner appropriate to the risks represented by the Processing of such data by each Acquired Company and the Foundation and their respective Data Processors. The Acquired Companies and the Foundation, and to the Company’s knowledge, the Company’s Data Processors have taken commercially reasonable steps to ensure the reliability of their respective employees, vendors and contractors who have access to Company Data and to ensure that all employees, contractors and vendors with the authority and/or ability to access such data are under written obligations of confidentiality (or are bound by an appropriate statutory obligation of confidentiality) and data processing with respect to such data in accordance with the Company Privacy Commitments. (iii) No Acquired Company nor the Foundation has received or experienced and, there is no circumstance (including any circumstance arising as a result of an audit or inspection carried out by any Governmental Body), that would give rise to, any Action, Order, notice, communication, requests from data subjects, warrant, regulatory opinion, audit result or allegation from a Governmental Body or any other Person (including an end user): (A) alleging or confirming non-compliance with a requirement of Privacy Laws, Company Data Agreements or Company Privacy Commitments, (B) requiring or requesting any Acquired Company or the Foundation to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data, (C) permitting or mandating Governmental Bodies to investigate, requisition information from, or enter the premises of, any Acquired Company or the Foundation or (D) claiming compensation from any Acquired Company or the Foundation. Each of the Acquired Companies and the Foundation has responded to, and continues to promptly respond to requests from individuals or other third parties on their behalf, and there are no requests from individuals or other third parties to the Acquired Companies seeking to exercise any data protection or privacy rights (such as rights to access, rectify, or delete Personal Data, to restrict or object to processing of Personal Data, or relating to data portability) that have not been addressed or responded to. No Acquired Company nor the Foundation has been involved in any Actions involving non-compliance or alleged non-compliance with Privacy Laws, Company Data Agreements or Company Privacy Commitments. (iv) Schedule 3.11(u)(iv) of the Disclosure Schedule contains the complete list of notifications and registrations made by each Acquired Company and the Foundation under Privacy Laws with relevant Governmental Bodies in connection with the Acquired Companies’ and the Foundations’ Processing of Personal Data. All such notifications and registrations are valid, accurate, complete and fully paid up, and the consummation of the Transactions will not invalidate such notification or registration or require such notification or registration to be amended. Other than the notifications and registrations set forth on Schedule 3.11(u)(iv) of the Disclosure Schedule, no other registrations or notifications are required in connection with the Processing of Personal Data by the Acquired Companies and the Foundation. The Acquired Companies and the Foundation do not Process the Personal Data of or target advertisements to any natural Person considered a child or minor under Applicable Law. Except as set forth ~~in Section 4.23(c~~on Schedule 3.11(u)(iv) of the ~~Vendor~~ Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation none of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business Acquired Companies or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies Foundation sells Personal Data or disclose Sensitive Data or Tracking Data to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entitiesthird parties. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy Commitment. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (Remitly Global, Inc.)

Data Privacy and Security. (a) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance with all (i) ~~Privacy Laws~~The Company, ~~(ii) privacy policies~~each of its subsidiaries and each Licensed Entity complies, notices, statements and procedures applicable to the Conveyed Entities or the Business regarding Personal Information, privacy or data security practices, and (iii) the requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “Privacy Commitments”). (b) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three ~~(3)~~ years ~~have had agreements~~ has complied, in ~~place~~ all material respects, with ~~(i)~~ all ~~Persons processing or otherwise with access to Personal~~ Privacy and Information ~~or other data collected or processed by, for or on behalf~~ Security Requirements. None of the ~~Conveyed Entities~~ Company, any of its subsidiaries, nor any Licensed Entity has been notified in writing of, or is the ~~Business (“~~subject of, any complaint or proceeding or to the Company’s knowledge, any, regulatory investigation related to Processing of Personal Data ~~Partners”)~~ by any Governmental Authority or payment card association, regarding any actual or possible violations of any Privacy and Information Security Requirement by or with respect to the Company, any of its subsidiaries or any Licensed Entity. (ii) The Company, each ~~Person for~~ of its subsidiaries and each Licensed Entity employs commercially reasonable organizational, administrative, physical and technical safeguards that comply in all material respects with all Privacy and Information Security Requirements to protect Company Data within its custody or control and requires the same of all vendors under contract with the Company that Process Company Data on ~~behalf~~ its behalf. The Company, each of ~~which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments~~its subsidiaries and each Licensed Entity has provided all requisite notices and obtained all required consents, and satisfied all other requirements (including but not limited to notification to Governmental Authorities), necessary for the Processing (including international and onward transfer) of all Personal Data ~~Partners are, to~~ in connection with the ~~Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None~~ conduct of the ~~execution~~ business as currently conducted and ~~delivery of this Agreement or~~ in connection with the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of any Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or transactions contemplated hereunder. (iii) ~~give rise to any right of termination or other right to impair~~ To the ~~Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation~~ knowledge of the ~~Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities~~Company, ~~Vendor (in respect~~ none of the ~~ENSTAR Assets) and APC (in respect of the APC Assets) (and~~Company, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its ~~Affiliates~~ subsidiaries nor any Licensed Entity has suffered a security breach with respect to any of the ~~Business~~ Company Data and to the Company’s knowledge, there has been no unauthorized or illegal use of or access to any Company Data. None of the ~~Conveyed Entities~~Company, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its ~~Affiliates with respect~~ subsidiaries nor any Licensed Entity has notified, or been required to notify, any person of any information security breach involving Personal Data. To the ~~Business~~ Company’s knowledge, the Company Systems have had no material errors or defects that have not been fully remedied and contain no code designed to disrupt, disable, harm, distort or otherwise impede in any manner the ~~Conveyed Entities.~~ legitimate operation of such Company Systems (eincluding what are sometimes referred to as “viruses”, “worms”, “time bombs” or “back doors”) that have not been removed or fully remedied. None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of VendorCompany, any ~~Data Partners~~ of its subsidiaries nor any Licensed Entity has ~~(i)~~ experienced any material ~~Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees~~disruption to, or ~~Government Entities~~ material interruption in, the conduct of its business that affected the business for more than one calendar week, and attributable to a defect, bug, breakdown, unauthorized access, introduction of a virus or other malicious programming, or other failure or deficiency on the part of any ~~Security Incident, (iii) been~~ computer software or the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy CommitmentCompany Systems. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Arrangement Agreement

Data Privacy and Security. (a) ~~The Conveyed Subsidiary Entities~~Seller complies and since January 1, ~~Vendor (~~2021, has complied in ~~respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and~~all material respects with, ~~upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance with all~~ all: (i) applicable Privacy Laws, ; (ii) ~~privacy policies, notices, statements~~ Seller’s published policies and ~~procedures applicable to the Conveyed Entities or the Business regarding Personal Information, privacy or data security practices,~~ contractual obligations; and (iii) all required industry standards including, to the extent applicable, the Payment Card Industry Data Security Standard and all other applicable requirements of the payment card brands, in each case as related to (A) the privacy of all individuals including all users of any ~~Contracts regarding~~ web properties, applications, products and/or services of Seller, all Seller employees and all other individuals about whom Seller collects or processes Personal Information, ~~privacy~~ (B) the collection, use, storage, retention, disclosure, transfer, disposal, or ~~data security practices~~ any other processing of any Personal Information collected or used by Seller; and (~~subsections~~ C) the recording or any interception of any communications (~~i) to (iii) collectively referred to as~~ collectively, the “Privacy ~~Commitments~~Requirements”). (b) ~~The Conveyed Subsidiary Entities~~Seller displays a privacy policy on each website owned, ~~Vendor (in respect~~ controlled or operated by Seller to the extent required by Privacy Laws, and each such privacy policy incorporates all disclosures to data subjects required by the Privacy Laws. None of the ~~ENSTAR Assets) and APC (~~disclosures made or contained in ~~respect~~ any such privacy policy has been inaccurate, misleading or deceptive, or in violation of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy ~~Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments~~Laws. (c) ~~None~~ Seller regularly conducts vulnerability testing or audits of ~~the execution~~ its systems and ~~delivery of this Agreement~~ products, and uses commercially reasonable efforts to remediate or ~~the consummation of the Transactions will: (i) cause, constitute, or result~~ document exceptions for any material vulnerabilities identified in ~~a material breach or violation of any Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice~~ such tests and audits. Seller uses commercially reasonable efforts to ~~any Person under any Privacy Commitments; or (iii) give rise~~ timely install software security patches and other fixes to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conductedidentified technical information security vulnerabilities. (d) ~~The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre~~In connection with each third-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all party processing Personal Information ~~and other data owned, stored, used, maintained, controlled or processed by or~~ on behalf of ~~Vendor or any of its Affiliates~~ Seller, ▇▇▇▇▇▇ has entered into written data processing agreements with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed terms as required by ~~or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities~~applicable Privacy Laws. (e) ~~None~~ Since January 1, 2021, there have not been any Actions against Seller related to any data security incidents, ransomware incidents, or any violations of any Privacy Requirements, and there are no facts or circumstances which would reasonably be expected to serve as the ~~Conveyed Subsidiary Entities~~basis for any such allegations or claims. Since January 1, ~~Vendor (in respect of the ENSTAR Assets)~~2021, ~~APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ Seller has not received any written or, to the Knowledge of ~~Vendor~~Seller, ~~any Data Partners has (i) experienced any material Security Incidents~~oral, ~~(ii) been required pursuant to any Privacy Commitment to notify customers, employees~~correspondence relating to, or ~~Government Entities~~ notice of any ~~Security Incident, (iii) been~~ Actions or alleged violations of the ~~subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any~~ Privacy ~~Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication~~ Requirements from any ~~Government Entity relating to any Security Incident~~ person or ~~violation of any Privacy Commitment~~Governmental Authority, and there is no such ongoing Action or allegation. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Asset Purchase Agreement (Nektar Therapeutics)

Data Privacy and Security. (a) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been, in material compliance with all (i) Each Acquired Company’s data, privacy and security practices conform, and at all times have conformed, to all of the Company Privacy ~~Laws~~Commitments, Privacy Laws and Company Data Agreements. Each Acquired Company has at all times (A) had the legal basis (including providing adequate notice and obtaining any necessary consents from individuals) required for the Processing of Personal Data as conducted by or for the Acquired Companies, (iiB) ~~privacy policies, notices, statements and procedures applicable to~~ refrained from selling or sharing Personal Data with third parties for the ~~Conveyed Entities or the Business regarding Personal Information, privacy or data security practices,~~ third party’s benefit except as allowed under Applicable Law and (~~iii~~C) ~~the requirements~~ abided by any privacy choices (including opt-in and opt-out preferences, as required) of ~~any Contracts regarding~~ individuals relating to Personal ~~Information~~Data (such obligations along with those contained in Company Privacy Policies, ~~privacy or data security practices (subsections (i) to (iii) collectively referred to as~~ collectively, “Company Privacy Commitments”). Copies of all current and prior Company Privacy Policies have been Made Available to Parent and such copies are true, correct and complete. (bii) The ~~Conveyed Subsidiary Entities~~Acquired Companies have established and maintained adequate technical, ~~Vendor~~ physical and organizational measures and security systems and technologies in compliance with data security requirements under Privacy Laws, Company Data Agreement and Company Privacy Commitments that are designed to protect Company Data against accidental or unlawful Processing, in a manner appropriate to the risks represented by the Processing of such data by each Acquired Company and its Data Processors. The Acquired Companies and their Data Processors have taken commercially reasonable steps to train vendors, employees and contractors who Process Company Data on applicable material aspects of Privacy Law and Company Privacy Commitments and to ensure that all such vendors, employees and contractors with the authority and/or ability to Process Company Data are under written obligations of confidentiality with respect to Company Data. (~~in respect~~ iii) No Acquired Company has received or experienced and there is no circumstance (including any circumstance arising as a result of ~~the ENSTAR Assets~~an audit or inspection carried out by any Governmental Body) ~~and APC~~ that would give rise to any Action, Order, notice, communication, warrant, regulatory opinion, audit result or allegation from a Governmental Body or any other Person (~~in respect~~ including an end user): (A) alleging or confirming non-compliance with a relevant requirement of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing Privacy Laws or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Company Privacy Commitments, (B) requiring or requesting any Acquired Company to amend, rectify, cease Processing, de-combine, permanently anonymize, block or delete any Company Data; (C) permitting or mandating relevant Governmental Bodies to investigate, requisition information from, or enter the premises or any Acquired Company; or (D) claiming compensation from any Acquired Company. Each Acquired Company has responded to, and ~~all Data Partners are~~continues to promptly respond to, requests from individuals or other third parties, and there are no unsatisfied requests from individuals or other third parties to the Acquired Companies seeking to exercise any data protection or privacy rights (such as rights to access, rectify, or delete Personal Data, to ~~the Knowledge~~ restrict or object to processing of ~~Vendor~~Personal Data, or relating to data portability.) No Acquired Company has been involved in any Actions, involving non-compliance or alleged non-compliance with ~~such~~ Privacy Laws or Company Privacy Commitments. (civ) ~~None~~ Schedule 3.11(s)(iv) of the ~~execution~~ Disclosure Schedule contains the complete list of notifications and ~~delivery~~ registrations made by each Acquired Company under Privacy Laws with relevant Governmental Bodies in connection with the Acquired Companies’ Processing of ~~this Agreement or~~ Personal Data. All such notifications and registrations are valid, accurate, complete and fully paid-up and, to the knowledge of the Company, the consummation of the Transactions ~~will: (i) cause, constitute,~~ will not invalidate such notification or ~~result in a material breach~~ registration or ~~violation of any Privacy Commitments; (ii) except as~~ require such notification to be amended. Other than the notifications and registrations set forth ~~in Section 4.23(c~~on Schedule 3.11(s)(iv) of the ~~Vendor~~ Disclosure Schedule, ~~require~~ no other registrations or notifications are required in connection with the ~~consent~~ Processing of Personal Data by the Acquired Companies. The Acquired Companies do not Process the Personal Data of any natural Person considered a child or ~~notice~~ minor under Applicable Law. The Acquired Companies do not target advertisements to any ~~Person~~ natural person considered a child or minor under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conductedApplicable Law. (dv) Where any Acquired Company has used a Data Processor to Process Personal Data in the last three years, the processor has provided guarantees, warranties or covenants in relation to Processing of Personal Data, confidentiality, security measures and agreed to compliance with those obligations that are sufficient for such Acquired Company’s compliance with Privacy Laws and Company Privacy Commitments, and there is in existence a written Contract between such Acquired Company and each such Data Processor that complies with the requirements of all Privacy Laws and Company Privacy Commitments. The ~~Conveyed Subsidiary Entities~~Company has Made Available to Parent true, ~~Vendor (in respect~~ correct and complete copies of all such Contracts. To the knowledge of the ~~ENSTAR Assets) and APC (in respect of the APC Assets) (and~~Company, ~~upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and~~ such Data Processors have ~~required all~~ not breached any such Contracts pertaining to Personal Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed Processed by or such Persons on behalf of ~~Vendor or any of its Affiliates with respect to~~ the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed EntitiesAcquired Companies. (evi) ~~None~~ No Acquired Company has transferred or permitted the transfer of Personal Data originating in the ~~Conveyed Subsidiary Entities~~EEA outside the EEA, ~~Vendor (in respect~~ except where such transfers have complied with the requirements of ~~the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC~~ Privacy Laws and ~~New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any~~ Company Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy CommitmentCommitments. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (Bill.com Holdings, Inc.)

Data Privacy and Security. (a) ~~The Conveyed Subsidiary Entities~~Except where any non-compliance would not, ~~Vendor (in respect~~ individually or the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and each of ~~the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are~~its Subsidiaries comply, and during the three (3) years before the Signing Date have been, in material compliance with all (i) Privacy Laws, (ii) privacy policies, notices, statements and procedures applicable to the Conveyed Entities or the Business regarding Personal Information, privacy or data security practices, and (iii) the requirements of any Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “Privacy Commitments”). (b) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during within the past three (3) years have ~~had agreements in place~~ complied, with all applicable (i) ~~all Persons processing~~ Privacy and Security Laws, (ii) written contractual commitments to which they are legally bound governing Personal Data protection, privacy, security, and confidentiality, and (iii) Privacy Policies. (b) Except where the failure to do so would not, individually or ~~otherwise~~ the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and each of its Subsidiaries have taken commercially reasonable steps consistent with ~~access to Personal Information or other data collected or processed by, for or on behalf~~ their size and resources as well as the nature and purpose of the ~~Conveyed Entities or~~ Processing and the types of Personal Data) and, where appliable, Privacy and Security Laws, that are designed to: (i) protect their Business (“Systems and Personal Data ~~Partners”)~~ from a Security Incident and (ii) ~~each Person for or~~ maintain, as applicable, the confidentiality, integrity and availability of such Business Systems and Company Data. All material deficiencies on ~~behalf of~~ cybersecurity assessments which have been conducted within the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners arepast three (3) years have, to the ~~Knowledge~~ knowledge of ~~Vendor~~the Company, been remediated in ~~compliance with such Privacy Commitments~~a commercially reasonable manner. (c) ~~None~~ In the past three (3) years, to the knowledge of the ~~execution and delivery of this Agreement or~~ Company, neither the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of any Privacy Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or Company nor any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has Subsidiaries has: (i) experienced any material Security ~~Incidents~~Incident involving any Business System or Company Data in their respective possession, custody, or control or otherwise held or Processed on its behalf, (ii) been required to send a notification or report to any Person pursuant to ~~any~~ applicable Privacy ~~Commitment to notify customers, employees, or Government Entities~~ and Security Laws as a result of any material Security Incident, or (iii) ~~been~~ failed to comply with any notification or reporting requirement to any Person in connection with any material Security Incident under applicable Privacy and Security Laws. (d) To the ~~subject~~ knowledge of the Company, there is no formal or written complaint, audit, proceeding, investigation, claim, or other Action currently pending or that has been, within the past three (3) years, brought or initiated against the Company or any ~~inquiry, investigation or enforcement action~~ of its Subsidiaries by any ~~Government~~ Person before a Governmental Entity with respect to ~~compliance with~~ any ~~Privacy Law,~~ actual or alleged (ivi) ~~received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any~~ material Security Incident or (ii) material violation of any applicable Privacy ~~Commitment~~and Security Laws by the Company or any of its Subsidiaries. (fe) ~~None~~ Except as would not, individually or the aggregate, reasonably be expected to have a Material Adverse Effect, the execution, delivery, and performance of this Agreement, and the consummation of the ~~Conveyed Entities are currently within the scope~~ transactions contemplated hereby, do not and will not conflict with or otherwise result in a violation or breach of ~~TSA~~ any applicable Privacy and Security ~~Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity~~Laws.

Appears in 1 contract

Sources: Merger Agreement (Lumos Pharma, Inc.)

Data Privacy and Security. (a) The ~~Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets)~~ Company and ~~APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ its Subsidiaries are, and ~~during the three (3) years before the Signing Date~~ have at all times been, in ~~material~~ compliance with ~~all~~ (i) Privacy Laws, (ii) ~~privacy policies~~Contracts (or portions thereof) between the Company or its Subsidiaries and distributors of the Company products, ~~notices, statements and procedures applicable~~ visitors to the ~~Conveyed Entities or the Business regarding~~ Company’s websites, vendors and other Persons relating to Personal ~~Information, privacy or data security practices,~~ Data and (iii) the ~~requirements of~~ Company’s and its Subsidiaries’ internal and external privacy policies and any ~~Contracts regarding Personal Information, privacy~~ other public statements or ~~data security practices~~ representations made by the Company or its Subsidiaries (~~subsections~~ (i), (ii) to and (iii) ~~collectively referred to as~~ together, the “Privacy Commitments”). . The Company and its Subsidiaries currently make, and have at all times made, available to individuals privacy policies and such policies are, and have at all times been accurate, complete, not misrepresentative (bincluding by omission) ~~The Conveyed Subsidiary Entities, Vendor (in respect~~ of the ~~ENSTAR Assets) and APC (~~Company’s or its Subsidiaries’ practices, as applicable, in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access relation to Personal ~~Information~~ Data. The execution, delivery, or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners are, to the Knowledge of Vendor, in compliance with such Privacy Commitments. (c) None of the execution and delivery performance of this Agreement or the consummation of any of the ~~Transactions will:~~ transactions contemplated by this Agreement (i) ~~cause~~do not require the delivery of any notice to or consent from any Person relating to Personal Data and (ii) will not conflict with or violate any Privacy Commitments and (iii) will not prohibit the transfer of Personal Data to Buyer. For the avoidance of doubt, ~~constitute~~to the extent Personal Data held or controlled by the Company is “personal information” under the CCPA, such data is an asset as contemplated by Section 1798.140(t)(2)(D). (b) To the extent required by applicable Privacy Laws, the Company has a record of Personal Data processing activities under the Company’s or its Subsidiaries’ responsibility. The Company and its Subsidiaries have, and at all times have had, processes in place to ensure their products and processing of Personal Data comply in all material respects with data protection by design and default and data minimization including data retention schedules as required by Privacy Laws. (c) The Company and its Subsidiaries have maintained administrative, physical and technical safeguards to protect the confidentiality, integrity and security of Personal Data against any unauthorized control, use, access, interruption, modification, deletion or corruption, including disaster recovery plans, data backup, data storage and system redundancy procedures and facilities that are consistent with the practices of similarly situated companies in the industry of the Company, and takes and has taken commercially reasonable steps to safeguard and back- up the Personal Data at secure off-site locations. The Company and its Subsidiaries have, and at all times have had, Contracts in place with all vendors or other Persons whose relationship with the Company or its Subsidiaries involves such Person processing Personal Data for or on behalf of the Company or its Subsidiaries, which Contracts require such Persons and their subcontractors to, at minimum (i) implement and maintain administrative, physical and technical safeguards to protect the confidentiality, integrity and security of Personal Data and computer systems on or through which any Personal Data are stored, transmitted or otherwise processed by such Person(ii) protect and process such Personal Data consistent with the Company’s or its Subsidiaries’ Privacy Commitments, as applicable, and (iii) notify Company or a Subsidiary of the Company of any data security breaches relating to such Personal Data. To the knowledge of the Company at the date of this Agreement, such Persons have not breached any such privacy-related obligations in their Contracts. (d) To the knowledge of the Company and its Subsidiaries, there has been no data security breach or any other unauthorized access, use or disclosure of any Personal Data owned, used, stored, or ~~result in~~ controlled by or on behalf of the Company or any of its Subsidiaries, including any such incident that would constitute a ~~material~~ breach for which notification to individuals or any Governmental Authority is required under Privacy Commitments and no such breach is threatened or suspected. (e) Except as disclosed on Schedule 4.29(e), neither the Company nor any of its Subsidiaries have received any notice of, or been charged with, the violation of any Privacy Commitments~~; (ii) except as set forth in Section 4.23(c)~~ , and there are no pending notices or Actions, of the Vendor Disclosure Schedule, require the consent of or notice to any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conducted. (d) The Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor Company or any of its ~~Affiliates with respect~~ Subsidiaries by any Governmental Authority relating to Privacy Commitments, or civil actions against the ~~Business~~ Company alleging any violation of Privacy Commitments. To the knowledge of the Company at the date of this Agreement, there are no facts, circumstances or conditions that would reasonably be expected to form the ~~Conveyed Entities~~basis for any notice or Action against or affecting the Company, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor its Subsidiaries or any of ~~its Affiliates with respect to the Business~~ their respective officers, directors, managers, managing directors or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity employees relating to ~~any Security Incident~~ or ~~violation of any~~ arising under Privacy ~~Commitment~~Commitments. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (Amgen Inc)

Data Privacy and Security. (a) The ~~Conveyed Subsidiary Entities~~Company and its Subsidiaries have materially complied with all applicable Laws relating to patient, ~~Vendor (in respect~~ medical or individual health information, including HIPAA, as amended from time to time. The Company and each of ~~the ENSTAR Assets) and APC (in respect of the APC Assets) (and~~its Subsidiaries has entered into, ~~upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are~~where materially required, and ~~during~~ are in compliance in all material respects with the ~~three (3) years before~~ terms of all Business Associate Agreements at 45 C.F.R 164.504(e), which the ~~Signing Date~~ Company or its Subsidiaries is a party or otherwise bound. The Company and its Subsidiaries, where required, have ~~been, in material compliance with all~~ (i) ~~Privacy Laws~~created and maintained written policies and procedures to protect the privacy of Protected Health Information in its possession or control, (ii) ~~privacy policies, notices, statements and procedures~~ provided training to all applicable ~~to the Conveyed Entities or the Business regarding Personal Information, privacy or data security practices~~employees, and (iii) materially implemented security procedures, including physical, technical and administrative safeguards, to protect all Protected Health Information stored or transmitted in electronic form. Since [**], the ~~requirements~~ Company has not received written notice from the Office for Civil Rights for HHS or any other Healthcare Regulatory Authority alleging a failure to comply with HIPAA or any other Law applicable to the protection of ~~any Contracts regarding Personal~~ Protected Health Information. To the Knowledge of the Company, there has been no “breach” of unsecured Protected Health Information, ~~privacy~~ as defined by HIPAA, with respect to information maintained or ~~data security practices (subsections (i)~~ transmitted to ~~(iii) collectively referred~~ the Company or its Subsidiaries that would require notice to ~~as “Privacy Commitments”)~~any Healthcare Regulatory Authority. (b) ~~The Conveyed Subsidiary Entities~~Since [**], ~~Vendor (~~the Company and its Subsidiaries have at all times complied in ~~respect~~ all material respects with all applicable Information Privacy and Security Laws, all of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Company Privacy ~~Commitments~~Policies, and all ~~Data Partners are~~their contractual obligations to any Person regarding privacy data security, or the Processing of Personal Data. As of the date hereof, the Company and its Subsidiaries have made available all legally required Privacy Policies, notices, and disclosures, and obtained all legally required consents in relation to the ~~Knowledge~~ Processing of ~~Vendor~~Personal Data. The Company and its Subsidiaries have at all times complied with all data subject rights requests they have received under applicable Information Privacy and Security Laws, ~~in compliance with~~ and no such ~~Privacy Commitments~~requests are outstanding. (c) ~~None~~ As of the ~~execution~~ date hereof, the Company has made available to the Buyer a true, correct and ~~delivery~~ complete copy of ~~this Agreement or the consummation of the Transactions will: (i) cause, constitute, or result in a material breach or violation of any~~ each Data Processing Contract. Each Data Processing Contract complies with applicable Information Privacy ~~Commitments; (ii) except as set forth in Section 4.23(c) of the Vendor Disclosure Schedule, require the consent of or notice~~ and Security Laws. The Company has taken reasonable measures to any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conductedensure that all counterparties have complied with their contractual obligations. (d) The ~~Conveyed Subsidiary Entities~~Company and its Subsidiaries have not received any notice of any claims, ~~Vendor~~ audits, investigations (in including investigations by regulatory authorities or any data protection authorities), or allegations of violations of Information Privacy and Security Laws by the Company or its Subsidiaries or with respect to Personal Data Processed by, or under the control of, the Company or its Subsidiaries, and, to the Knowledge of the ~~ENSTAR Assets) and APC (in respect~~ Company, there are no facts or circumstances that could reasonably form the basis for any such claims, audits, investigations, or allegations. The Company, its Subsidiaries, or to the Knowledge of the ~~APC Assets) (and~~Company, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of ~~its Affiliates~~ their respective customers, have not received any written complaints or claims from any Person with respect to the ~~Business~~ Processing of Personal Data by the Company or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its ~~Affiliates with respect to the Business or the Conveyed Entities~~Subsidiaries. (e) ~~None~~ The Company and its Subsidiaries have established and are in compliance in all material respects with a written information security program designed to comply with all applicable Information Privacy and Security Laws that: (i) includes reasonable and appropriate administrative, technical and physical safeguards designed to safeguard the security, confidentiality, and integrity of Company Data; (ii) protects against unauthorized access to the Internal Systems and Company Data (including on the systems of third parties with access to such Internal Systems or Company Data); and (iii) provides for the back-up and recovery of the ~~Conveyed Subsidiary Entities, Vendor (in respect~~ Company Data Processed using Internal Systems without material disruption or interruption to the conduct of the ~~ENSTAR Assets)~~Company’s and its Subsidiaries’ respective businesses. The Company and its Subsidiaries has complied in all respects with such information security program. Since [**], ~~APC (in respect~~ neither the Company nor its Subsidiaries, nor, to the Knowledge of the ~~APC Assets) (and~~Company, ~~upon completion~~ any third party acting on their behalf, has suffered or incurred a Data Security Incident. Since [**], no breach or violation of ~~the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ any security program described above has occurred or, to the Knowledge of ~~Vendor~~the Company, ~~any Data Partners~~ is threatened, and there has ~~(i) experienced any material Security Incidents, (ii)~~ been ~~required pursuant~~ no unauthorized or illegal use or acquisition of or access to any ~~Privacy Commitment~~ Internal System or Company Data, except as would not reasonably be expected to ~~notify customers~~be material to the Company and its Subsidiaries, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy Commitmenttaken as a whole. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Stock Purchase Agreement (Telix Pharmaceuticals LTD)

Data Privacy and Security. (a) The ~~Conveyed Subsidiary Entities~~Company and its Subsidiaries have developed, ~~Vendor~~ implemented and maintained a written data protection, data privacy and cybersecurity program (~~in respect of~~ the ~~ENSTAR Assets~~“Data Protection Program”) ~~and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) are, and during the three (3) years before the Signing Date have been,~~ that is in material compliance with all ~~(i)~~ Privacy ~~Laws~~Requirements. The Company and its Subsidiaries have not experienced any material Security Incident. Since January 1, ~~(ii) privacy policies~~2017, ~~notices~~no Person has brought, ~~statements and procedures applicable~~ or threatened in writing to bring, any Action against the ~~Conveyed Entities~~ Company or ~~the Business regarding Personal Information, privacy~~ any of its Subsidiaries in relation to any actual or ~~data security practices, and (iii) the requirements~~ alleged Security Incident or violation or breach of any ~~Contracts regarding Personal Information, privacy or data security practices (subsections (i) to (iii) collectively referred to as “~~Privacy ~~Commitments”)~~Requirement. (b) Since January 1, 2017, the Company and its Subsidiaries have at all times complied in all material respects with all Privacy Requirements with respect to the Processing of Personally Identifiable Information and other data. The ~~Conveyed Subsidiary Entities~~Company and its Subsidiaries are not and since January 1, ~~Vendor (in respect~~ 2017, have not been subject to a Governmental Order of, or have received a notice from, a Governmental Authority regarding actual or alleged non-compliance with or violation of any Privacy Requirement. The Company and its Subsidiaries have taken commercially reasonable steps to ensure the ~~ENSTAR Assets)~~ reliability of their employees, representatives, consultants, contractors and ~~APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR)~~ agents that have ~~and during the past three (3) years have had agreements in place with (i) all Persons processing or otherwise with~~ access to Personal Information or other data collected or processed by, for or on behalf of the Conveyed Entities or the Business (“Data Partners”) and (ii) each Person for or on behalf of which the Conveyed Entities or the Business process Personal Information or other data, such agreements requiring protection of Personal Information consistent with Privacy Commitments, and all Data Partners areCompany PII, to train such individuals on all applicable Privacy Requirements and to ensure that all such employees, representatives, consultants, contractors and agents with the ~~Knowledge~~ right to access such Company PII are under written obligations of ~~Vendor, in compliance~~ confidentiality with respect to such ~~Privacy Commitments~~Company PII. (c) ~~None~~ To the knowledge of the ~~execution and delivery of this Agreement or the consummation~~ Company, each of the ~~Transactions will: (i) cause~~Company’s and its Subsidiaries’ third-party data suppliers, ~~constitute~~vendors, and partners that Process any Company PII or other Personally Identifiable Information on behalf of the Company or its Subsidiaries are in compliance in all material respects with the Privacy Requirements and there have been no unauthorized or illegal Processing, or ~~result in~~ other breach, violation or default (or event that, with or without the giving of notice or lapse of time, would constitute a ~~material breach~~ breach, violation or ~~violation~~ default) by any such supplier, vendor or other partner of any Privacy ~~Commitments; (ii) except as set forth~~ Requirements. No circumstances have arisen in ~~Section 4.23(c)~~ which the Privacy Requirements would require or recommend the Company or its Subsidiaries to notify any Governmental Authority of ~~the Vendor Disclosure Schedule, require the consent of or notice to~~ any Person under any Privacy Commitments; or (iii) give rise to any right of termination or other right to impair the Conveyed Entities’ rights to own and process any Personal Information used in or necessary for the operation of the Business as it is currently being conductedSecurity Incident. (d) The ~~Conveyed Subsidiary Entities, Vendor (in respect~~ consummation of the ENSTAR Assets) and APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) have: (x) implemented and maintained, and have required all Data Partners to implement and maintain, cyber insurance that would offer coverage in the event of unauthorized, unlawful or improper access, use, acquisition, modification, disclosure, destruction or loss (a “Security Incident”) involving all Personal Information and other data owned, stored, used, maintained, controlled or processed transactions contemplated by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities, and (y) implemented and maintained an information security program comprising reasonable and appropriate physical, technical and administrative security measures, systems, safeguards and policies to protect all Personal Information and other data owned, stored, used, maintained, controlled or processed by or on behalf of Vendor or any of its Affiliates with respect to the Business or the Conveyed Entities. (e) None of the Conveyed Subsidiary Entities, Vendor (in respect of the ENSTAR Assets), APC (in respect of the APC Assets) (and, upon completion of the Pre-Closing Reorganization, NewCo, New APC and New ENSTAR) or, to the Knowledge of Vendor, any Data Partners has (i) experienced any material Security Incidents, (ii) been required pursuant to this Agreement will not breach any Privacy Commitment to notify customers, employees, or Government Entities of any Security Incident, (iii) been the subject of any inquiry, investigation or enforcement action of any Government Entity with respect to compliance with any Privacy Law, or (iv) received any written notices, written request, written claim, written complaint, written correspondence or other written communication from any Government Entity relating to any Security Incident or violation of any Privacy CommitmentRequirement. (f) None of the Conveyed Entities are currently within the scope of TSA Security Directive Pipeline-2021-01; TSA Security Directive Pipeline-2021-02; TSA Information Circular IC Pipeline-2022-01; and Executive Order 14028 on Improving the Nation’s Cybersecurity.

Appears in 1 contract

Sources: Merger Agreement (Silver Spike Acquisition Corp.)

Common use of Data Privacy and Security Clause in Contracts