(x) Trade Secrets. The Company and its subsidiaries have taken reasonable and customary actions to protect their rights in and prevent the unauthorized use and disclosure of material trade secrets and confidential business information (including confidential source code, ideas, research and development information, know-how, formulas, compositions, technical data, designs, drawings, specifications, research records, records of inventions, test information, financial, marketing and business data, customer and supplier lists and information, pricing and cost information, business and marketing plans and proposals) owned by the Company and its subsidiaries, and, to the knowledge of the Company, there has been no unauthorized use or disclosure.
(y) IT Assets, Data Privacy and Security. The computers, websites, applications, databases, software, servers, networks, data communications lines, and other information technology systems owned, licensed, leased or otherwise used by the Company and its subsidiaries (excluding any public networks) (collectively, the IT Assets) are adequate for, and operate and perform for, the operation of the business of the Company and its subsidiaries as currently conducted and as proposed to be conducted as described in the Registration Statement, the Pricing Disclosure Package and the Prospectus. The IT Assets are free and clear of viruses, disabling code or other harmful code or vulnerabilities, in each case that may reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries have at all times implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their proprietary, sensitive, or confidential information, including Personal Data (as defined below) (collectively Confidential Data) and the confidentiality, integrity, continuous operation, redundancy, availability, and security of all IT Assets and Confidential Data used in connection with their businesses. Such controls, policies, procedures, and safeguards are currently in compliance with, and at all past times have been in compliance with, all applicable Privacy Laws (as defined below). There have been no actual or reasonably suspected breaches of, violations of, material outages of, or unlawful or unauthorized uses of, destruction of, losses of, alterations of, or accesses to IT Assets and Confidential Data, nor any such actual or reasonably suspected incidents under internal review or investigation. The Company and its subsidiaries have not been notified of, and have no knowledge of, any fact or circumstance that would reasonably be expected to result in any such incidents. The Company and its subsidiaries comply, and have at all times complied, with all (i) applicable laws, statutes, regulations, and directives concerning the protection, collection, use, disclosure, transfer, storage, disposal, privacy, confidentiality, integrity and security of Confidential Data (including without limitation the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act (the HITECH Act); the European Union General Data Protection Regulation (GDPR) (EU 2016/679); and the California Consumer Privacy Act (CCPA) (collectively, the Privacy Laws)), and (ii) all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, policies, procedures, and contractual obligations relating to the privacy and security of IT Assets and Confidential Data and to the protection of such IT Assets and Confidential Data from unlawful or unauthorized use, destruction, loss, alteration, access, misappropriation or modification, except to the extent that any such non-compliance would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries have at all times made all required disclosures under such applicable Privacy Laws to and obtained all necessary consents from individuals (including, without limitation, clinical trial participants, customers, users, and personnel) for the Companys and its subsidiaries collection, use, and disclosure of Personal Data, complied with all such disclosures and consents. None of such disclosures made or contained in any policies or notices have been inaccurate, deceptive, misleading, incomplete, or in violation of applicable Privacy Laws. The execution, delivery, and performance of this Agreement or any other agreement referred to in this Agreement will not result in a breach or violation of any Privacy Law. Personal Data means (i) a natural persons first and last name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, gender, date of birth, age, drivers license number, passport number, credit card number, financial information, customer or account number, biometric