3.27Anti-Bribery and Anti-Money Laundering Laws; Sanctions. Each of the Company, its Subsidiaries and, to the knowledge of the Company, any of their respective officers, directors, supervisors, managers, agents, or employees are and have at all times been in compliance with and its participation in the offering will not violate: (A) anti-bribery laws, including but not limited to, any applicable law, rule, or regulation of any locality, including but not limited to any law, rule, or regulation promulgated to implement the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, signed December 17, 1997, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.K. Bribery Act 2010, or any other law, rule or regulation of similar purposes and scope, (B) anti-money laundering laws, including, but not limited to, applicable federal, state, international, foreign or other laws, regulations or government guidance regarding anti-money laundering, including, without limitation, Title 18 US. Code sections 1956 and 1957, the Patriot Act, the Bank Secrecy Act, and international anti-money laundering principles or procedures by an intergovernmental group or organization, such as the Financial Action Task Force on Money Laundering, of which the United States is a member and with which designation the United States representative to the group or organization continues to concur, all as amended, and any executive order, directive, or regulation pursuant to the authority of any of the foregoing, or any orders or licenses issued thereunder, or (C) except as would not reasonably be expected, individually or in the aggregate, to result in a Material Adverse Effect, any laws with respect to import and export control and economic sanctions, including the U.S. Export Administration Regulations, the U.S. International Traffic in Arms Regulations, and economic sanctions regulations and executive orders administered by the U.S. Department of the Treasury Office of Foreign Asset Control.
3.28Cybersecurity. The Company and its Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its Subsidiaries as currently conducted, and are free and clear of all material Trojan horses, time bombs, malware and other malicious code. The Company and its Subsidiaries have implemented and maintained commercially reasonable physical, technical and administrative controls designed to maintain and protect the confidentiality, integrity, availability, privacy and security of all sensitive, confidential or regulated data (“Confidential Data”) used or maintained in connection with their businesses and Personal Data (defined below), and the integrity, availability continuous operation, redundancy and security of all IT Systems. “Personal Data” means the following data used in connection with the Company’s and its Subsidiaries’ businesses and in their possession or control:(i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or other tax identification number, driver’s license number, passport number, credit card number or bank information; (ii) information that identifies or may reasonably be used to identify an individual; (iii) any information that would qualify as “protected health information” under the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, “HIPAA”); and (iv) any information that would qualify as “personal data,” “personal information” (or similar term) under the Privacy Laws. To the Company’s knowledge, there have been no breaches, outages or unauthorized uses of or accesses to the Company’s IT Systems, Confidential Data, or Personal Data that would require notification under Privacy Laws (as defined below).
3.29Compliance with Data Privacy Laws. The Company and its Subsidiaries are, and at all prior times were, in material compliance with all applicable state, federal and foreign data privacy and security laws and regulations regarding the collection, use, storage, retention, disclosure, transfer, disposal, or any other processing (collectively “Process” or “Processing”) of Personal Data, including without limitation HIPAA, the EU General Data Protection Regulation (“GDPR”) (Regulation (EU) No. 2016/679), all other local, state, federal, national, supranational and foreign laws relating to the regulation of the Company or its Subsidiaries, and the regulations promulgated pursuant to such statutes and any state or non-U.S. counterpart thereof (collectively, the “Privacy Laws”). To ensure material compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take all appropriate steps necessary to ensure compliance in all material respects with their policies and procedures relating to data privacy and security, and the Processing of Personal Data and Confidential Data (the “Privacy Statements”). The Company and its Subsidiaries have, except as would not reasonably be expected, individually or in the aggregate, to result in a Material Adverse Effect, at all times since inception provided accurate notice of its Privacy Statements then in effect to its customers, employees, third party vendors and representatives. None of such disclosures made or contained in any Privacy Statements have been materially inaccurate, misleading, incomplete, or in material violation of any Privacy Laws.
3.30Transactions with Affiliates and Employees. No relationship, direct or indirect, exists between or among the Company, on the one hand, and any director, officer, stockholder, customer or supplier of the Company, on the other hand, that is required to be described in any forms, statements, certifications, reports and documents required to be filed or furnished with the SEC under the Exchange Act or the Securities Act that will not be so described in accordance with the Exchange Act following the Closing.
3.31Information Provided. The information to be supplied by or on behalf of the Company for inclusion or incorporation by reference in the Registration Statement (as defined in the Merger Agreement), or supplied by or on behalf of the Company for
