Privacy and Data Security Sample Clauses
POPULAR SAMPLE Copied 163 times
Privacy and Data Security. (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to a...
Privacy and Data Security. The Company and each of its Subsidiaries have complied with all applicable Laws and all internal or publicly posted policies, notices, and statements concerning the collection, use, processing, storage, transfer, and security of personal information in the conduct of the Company’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect. In the past three years, the Company and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving personal information in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning the Company’s or any of its Subsidiaries’ collection, use, processing, storage, transfer, or protection of personal information or actual, alleged, or suspected violation of any applicable Law concerning privacy, data security, or data breach notification, and to the Company’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect.
Privacy and Data Security. (a) The parties will keep confidential any information regarding the Trust, the Company, Nationwide, the Variable Accounts and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Trust or Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”), and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company and the Trust will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available ...
Privacy and Data Security. (a) Each Group Company that maintains a web site has posted on its web site a privacy policy regarding the collection, use and disclosure of Personal Information that it collects, is in its possession, or in its custody or control. Each Group Company has complied in all material respects with all Information Privacy and Security Laws and material agreements to which it is a party that contain, involve or deal with receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security (technical, physical and administrative), disposal, destruction, disclosure, or transfer (including cross-border) Personal Information. No Group Company has been notified in writing of any Action or any other claim related to data security or privacy or alleging a violation of any of its privacy policies, or any Information Privacy and Security Law, nor, to the Knowledge of the Company, has any such claim been threatened in writing. Each Group Company has taken commercially reasonable administrative, physical and technical measures designed to protect and maintain the confidentiality, security, integrity and accessibility (as applicable) of: (a) Systems and all data contained therein (including Company Data and Data Sets and other data subject to confidentiality obligations), (b) all Personal Information and other Sensitive Data collected by or on behalf of the Group Companies in connection with their business, including in each case, in accordance with all Information Privacy and Security Laws and Group Company’s published policies. Each Group Company has taken commercially reasonable steps to ensure that all material third party service providers, outsourcers, contractors, or other persons who access, process, store or otherwise handle Personal Information for or on behalf of a Group Company have agreed in writing to materially comply with applicable Information Privacy and Security Laws and taken reasonable steps to protect and secure Personal Information from loss, theft, misuse or unauthorized access, use, modification or disclosure.
(b) There are no unsatisfied written requests that any Group Company has received from individuals seeking to exercise their data protection rights under Information Privacy and Security Laws. Except as set forth on Schedule 3.13.9(b), there is not and has not been any (i) Action or (ii) written allegation that a Group Company has received by any private party, any data protection authority, or any other Governmental Auth...
Privacy and Data Security. (a) The Company: (i) has at all times since January 1, 2022 been in compliance in all material respects with the Data Privacy and Security Requirements; (ii) has implemented and maintained, since January 1, 2022, commercially reasonable measures designed to ensure the availability, security and integrity of the Company’s information technology systems, and to protect Personal Information in its possession or control against loss, damage and unauthorized access, use, modification or other misuse; and (iii) is and has been, at all times since January 1, 2022, processing Personal Information in compliance in all material respects with all consents obtained by the Company that apply to the Company’s processing of such Personal Information, including to the extent applicable, Data Privacy and Security Requirements. After consummation of the Transactions, the Company will continue to have materially the same rights to use, process, store and maintain Personal Information as the Company had to use, process, and store such Personal Information immediately prior to the Merger Closing.
(b) Since January 1, 2022, there have been no data breaches or other data incidents or intrusions: (i) resulting in the material loss, damage or material unauthorized access, use unauthorized transmission, modification or other material misuse of any Personal Information maintained by or on behalf of the Company, or (ii) that have caused a material disruption to the function of the Company’s information technology systems, in each case with respect to clauses (i) and (ii), that required notification to Governmental Entities, individuals, or other third party under applicable Data Privacy and Security Requirements. Neither the Company nor its subsidiaries have received any written complaints, notices of investigation or other written correspondence with respect to any investigation from any Governmental Entity or received written notice of any litigation currently pending or threatened against it, in each case, relating to the collection, use or processing of Personal Information by the Company or alleging any violation by the Company of Privacy Laws.
Privacy and Data Security. Parent and each of its Subsidiaries have complied with all Data Protection Requirements in the conduct of Parent’s and its Subsidiaries’ businesses, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and each of its Subsidiaries have all necessary authority, rights, consents and authorizations to engage in the Data Activities of Personal Data maintained by or for Parent and its Subsidiaries to the extent required in connection with the operation of Parent’s and its Subsidiaries’ business as currently conducted. Since January 1, 2019, Parent and its Subsidiaries have not: (i) experienced any actual, alleged, or suspected data breach or other security incident involving Personal Data in their possession or control; or (ii) been subject to or received any notice of any audit, investigation, complaint, or other Legal Action by any Governmental Entity or other Person concerning Parent’s or any of its Subsidiaries’ Data Activities in relation to Personal Data or actual, alleged, or suspected violation of any Data Protection Requirement concerning privacy, data security, or data breach notification, and to Parent’s Knowledge, there are no facts or circumstances that could reasonably be expected to give rise to any such Legal Action, in each case except as would not reasonably be expected to have, individually or in the aggregate, a Parent Material Adverse Effect. Parent and its Subsidiaries (i) have executed current and valid “Business Associate Agreements” (as described by HIPAA and the corresponding regulations) with each (A) “business associate” (as described by HIPAA and the corresponding regulations), (B) “covered entity” (as described by HIPAA and the corresponding regulations), and (C) “subcontractor” (as described by HIPAA and the corresponding regulations); and (ii) materially comply with such Business Associate Agreements. The Company and each of its Subsidiaries have obtained, as applicable, all rights necessary to undertake de-identification of user data and has de-identified such user data in accordance with the requirements of HIPAA and other Data Protection Requirements.
Privacy and Data Security. (a) Otic Pharma and each of its Subsidiaries, the products and all internet websites owned, maintained or operated by or on behalf of Otic Pharma or any of its Subsidiaries (the “Otic Pharma Sites”), and all third parties, solely in connection with their performance of activities on Otic Pharma’s or any of Otic Pharma’s Subsidiaries’ behalf or in connection with their use of Personal Information collected by or on behalf of Otic Pharma or any of its Subsidiaries, comply, and have at all times complied with all applicable data security, and Privacy Laws. Copies of all current internal and public-facing privacy policies of Otic Pharma, if any, that apply to the Otic Pharma Sites and products have been made available to the Public Company, and none of the disclosures in such policies have been in violation of any Privacy Laws. Any consents required under applicable laws for the collection, processing, transfer and other use of Personal Information by Otic Pharma or any of its Subsidiaries for the conduct of the business of Otic Pharma or any of its Subsidiaries have been obtained. There is no complaint to, or any proceeding, or to the knowledge of Otic Pharma, an investigation (formal or informal) or claim or audit currently pending against, Otic Pharma or any of Otic Pharma’s Subsidiaries by any Person with respect to Personal Information and, to the knowledge of Otic Pharma, there is no threatened complaint, proceeding, investigation (formal or informal) or claim against Otic Pharma or any of its Subsidiaries with respect thereto. With respect to all Personal Information collected, stored, used, or maintained by or for Otic Pharma or any of its Subsidiaries, Otic Pharma and its Subsidiaries have at all times implemented reasonable security measures aiming to ensure that such Personal Information is protected against loss and against unauthorized access, use, modification and disclosure. To the knowledge of Otic Pharma, there has been no loss, unauthorized access to or other misuse of such Personal Information. All databases owned, controlled, held or used by Otic Pharma or any of its Subsidiaries and required to be registered under applicable laws have been properly registered, and the data therein has been used by Otic Pharma or any of its Subsidiaries solely as permitted pursuant to such registrations. The consummation of the contemplated transactions shall not violate Otic Pharma’s internal and public-facing privacy policies as they currently exist or an...
Privacy and Data Security. (a) The Target Company is, and at all times has been, in material compliance with (A) all federal, state, local and foreign Laws pertaining to (i) data security, cyber security, and e-commerce; (ii) the collection, storage, use, access, disclosure, processing, security, and transfer of Personal Data (referred to collectively in this Agreement as “Data Activities”) ((i) and (ii) together, and together with the Data Protection Laws, “Privacy Laws”); and (B) all Contracts (or portions thereof) to which the Target Company is a party that are applicable to Data Activities (collectively, “Privacy Agreements”). The Target Company is, and at all times has been, in compliance with the PCI Security Standards Council’s Payment Card Industry Data Security Standard and all other applicable rules and requirements by the PCI Security Standards Council, by any member thereof, or by any entity that functions as a card brand, card association, payment processor, acquiring bank, merchant bank or issuing bank, including, without limitation, the Payment Application Data Security Standards and all audit and filing requirements (collectively, “PCI Requirements”).
(b) The Target Company has implemented written policies relating to Data Activities, including, without limitation, a publicly posted website privacy policy, mobile app privacy policy, and a comprehensive information security program that includes appropriate written information security policies (“Privacy and Data Security Policies”). At all times, the Target Company has been and is in compliance with all such Privacy and Data Security Policies. Neither the execution, delivery, or performance of this Agreement, nor the consummation of any of the transactions contemplated under this Agreement will violate any of the Privacy Agreements, Privacy and Data Security Policies or any applicable, Privacy Laws.
(c) The Target Company has collected, used, and disclosed all Personal Data in accordance with applicable Privacy Laws, Privacy and Data Security Policies in effect at the time of the collection of such Personal Data, and Privacy Agreements. Neither applicable Privacy Laws, Privacy and Data Security Policies, nor Privacy Agreements restrict the transfer of any Personal Data to the Acquirer. Assuming Acquirer is not otherwise prohibited by Law or contractually obligated otherwise, Acquirer may use such Personal Data in at least the same manner as the Target Company.
(d) To the Knowledge of the Owners, there is no pending, ...
Privacy and Data Security. The Loan Parties and their Subsidiaries shall, at all times, remain in compliance in all material respects with all applicable United States and international privacy and data security laws and regulations including GDPR (to the extent applicable).
Privacy and Data Security. (a) Sellers’ Processing of Personal Data conform to and comply with, and have, at all times, conformed to and complied with, in each case in all material respects, (i) all Privacy and Data Security Laws; (ii) self-regulatory standards, rules or codes of practice relating to the privacy, data security or Processing of Personal Data and binding on Sellers or the Business (including but not limited to the Payment Card Industry Data Security Standard); (iii) internal or external written privacy policies, data security policies or notices pertaining to the Processing of Personal Data by Sellers or the Business; (iv) all privacy choices made by individuals (including opt-in affirmative consents, opt-outs or other forms of authorization as required by Privacy and Data Security Laws); and (v) contractual obligations to which Sellers or the Business are bound, including applicable terms of use or other contractual terms pertaining to the protection, privacy, security, collection, storage, use, disclosure, disposal, Processing or transmission of Personal Data (collectively, “Privacy and Data Security Commitments”). Sellers have provided notice and obtained any necessary consents from individuals as required by Privacy and Data Security Commitments for the Processing of Personal Data as conducted by or for Sellers, its Affiliates, or the Business. Except as set forth on Section 5.6(a) of the Seller Disclosure Schedule, neither the execution, delivery, and performance of this Agreement nor the taking over by Purchaser of all of Sellers’ Data will cause, constitute, or result in a breach or violation of any Privacy and Data Security Commitment in any material respect.
(b) Sellers have implemented and maintain a written information security program with commercially reasonable and appropriate administrative, technical, and organizational safeguards designed to protect the (i) Business Systems against any breach of security, material failure, unauthorized access to or use, or any other adverse event; and (ii) Sellers’ Data against any loss, theft, misuse, unauthorized access to or use, disclosure, destruction, modification, alteration or other Processing (“Security Event”); and have taken reasonable steps to ensure that any Persons with access to any Sellers’ Data (including any subcontractors Processing Sellers’ Data on Sellers’ or Business’ behalf) have implemented and maintain the same. To the Knowledge of Sellers, within the past five (5) years, neither Sellers nor t...