bargaining agreement with any union and, to the knowledge of the Company, no organization efforts are underway with respect to Company employees. As used in this Agreement,“Code”means the Internal Revenue Code of 1986, as amended;“Employee Benefit Plan”means any “employee benefit plan” within the meaning of Section 3(3) of ERISA, including, without limitation, all stock purchase, stock option, stock-based severance, employment, change-in-control, medical, disability, fringe benefit, bonus, incentive, deferred compensation, employee loan and all other employee benefit plans, agreements, programs, policies or other arrangements, whether or not subject to ERISA, under which (1) any current or former employee, director or independent contractor of the Company has any present or future right to benefits and which are contributed to, sponsored by or maintained by the Company or (2) the Company has had or has any present or future obligation or liability;“ERISA”means the Employee Retirement Income Security Act of 1974, as amended;“ERISA Affiliate”means any member of the company’s controlled group as defined in Code Section 414(b), (c), (m) or (o).
(xxxiii) Cybersecurity. The Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable physical, technical and administrative controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data, including all “Personal Data” (defined below) and all sensitive, confidential or regulated data (“Confidential Data”) used in connection with their businesses. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) “personal data” as defined by GDPR; (iv) any information which would qualify as “protected health information” under the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, “HIPAA”); (v) any “personal information” as defined by the California Consumer Privacy Act (“CCPA”); and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. There have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems, Confidential Data, and Personal Data and to the protection of such IT Systems, Confidential Data, and Personal Data from unauthorized use, access, misappropriation or modification.
-15-
