4.22 Compliance with Privacy, Security and Data Protection Requirements.
(a) For purposes of this Section 4.22:
(i) “Breach” means any unauthorized access to, acquisition of, use of or disclosure of any Personal Information or any Confidential Information or any unauthorized access to or use of any systems of networks of Company or any vendor or partner of Company.
(ii) “Confidential Information” shall mean any confidential information with respect to the Company’s business, including methods of operation, customers, and customer lists, products, services, proposed products or services, former products or services, proposed, pending or completed acquisitions of any company, division, product line or other business unit, prices, fees, costs, plans, designs, technology, inventions, trade secrets, know-how, software, marketing methods, policies, plans, personnel, suppliers, competitors, markets or other specialized information or proprietary matters. The term Confidential Information does not include, and there shall be no obligation hereunder with respect to, information that (i) is generally available to the public on the date of this Agreement, or (ii) becomes generally available to the public other than as a result of a disclosure by a Seller or any of their respective Affiliates in violation of Privacy Laws or any Contracts to which the Company is subject.
(iii) “Personal Information” means all information that identifies, or could be used to identify or is otherwise reasonably identifiable with, an individual, including all information that has the meaning of such term or like terms (e.g., personal data, personally identifiable information, protected health information, and sensitive personal information) set forth in each of the Privacy Laws that describes, covers or defines data that identifies or can be used to identify individuals.
(iv) “Privacy Laws” means all Laws applicable to the Company that relate to privacy, data collection, data protection or data transfer issues, or that otherwise related to the Processing of Personal Information, including all implementing Laws.
(v) “Process”, “Processed” or “Processing” means any method, operation or set of operations performed related to or upon information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction and protection, as well as the obtaining of consents for all such methods and operations, and the making of disclosures for all such methods and operations.
(b) The Company, including any Person acting on behalf of the Company, is in material compliance with all Privacy Laws and with its published policies related to the Processing of Personal Information and Confidential Information. The Company, and any Person acting on behalf of the Company, has collected, stored, retained, maintained, destroyed and otherwise used all Personal Information and Confidential Information owned, used or maintained by it, and the Company, and any Person acting on behalf of the Company, protects their systems, networks and data, in accordance with all relevant provisions of Company’s customer Contracts, all Privacy
39