disclosure, transfer, storage, disposal, privacy, confidentiality, integrity and security of Confidential Data (including to the extent applicable, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act (the HITECH Act); the European Union General Data Protection Regulation (GDPR) (EU 2016/679); and the California Consumer Privacy Act (CCPA) (collectively, the Privacy Laws)), and (ii) all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, policies, procedures, and contractual obligations relating to the privacy and security of IT Assets and Confidential Data and to the protection of such IT Assets and Confidential Data from unlawful or unauthorized use, destruction, loss, alteration, access, misappropriation or modification (collectively, the Data Protection Requirements). To the extent required by the Privacy Laws, except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company and its subsidiaries have made all required disclosures to and obtained all necessary consents from individuals (including, without limitation, clinical trial participants, customers, users, and personnel) for the Companys and its subsidiaries collection, use, disclosure, transfer, and other processing of Confidential Data, and complied with all such disclosures and consents. To the knowledge of the Company, none of such disclosures made or contained in any policies or notices have been inaccurate, misleading, deceptive or in violation of any Privacy Laws or Data Protection Requirements, except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect. Personal Data means (i) any information which would qualify as personally identifying information under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) personal data as defined by GDPR; (v) personal information as defined by CCPA; and (vi) any other information that constitutes personal data, personal information, personally identifiable information, nonpublic personal information, customer proprietary network information, individually identifiable health information, protected health information, or similar information under any Privacy Law.
(z) No Complaints. Since June 1, 2018, the Company has not received written notice of any complaint or audit, proceeding, investigation (formal or informal) demand or claim made against the Company or its subsidiaries, by any person, government entity, regulator, group or other party in respect of the collection, use, disclosure, transfer, or other processing of Confidential Data by the Company or its subsidiaries.
(aa) FDA Compliance. Since June 1, 2018, except as would not, individually or in the aggregate, reasonably be expected to have a Material Adverse Effect, the Company: (A) is and has been in compliance with all applicable statutes, rules or regulations of the U.S. Food and Drug Administration (FDA) and other comparable governmental entities applicable to the ownership, testing, development, manufacture, packaging, processing, use, distribution, marketing, labeling, promotion, sale, offer for sale, storage, import, export or disposal of any product under development, manufactured or distributed by the Company (collectively, Applicable Laws); (B) has not received any FDA Form 483, written notice of adverse finding, warning letter, untitled letter or other written correspondence or written notice from the FDA or any governmental entity alleging or asserting noncompliance with any Applicable Laws or any licenses, certificates, approvals, clearances, exemptions, authorizations, permits and supplements or amendments thereto required by any such Applicable Laws (Authorizations); (C) possesses all Authorizations and such Authorizations are valid and in full force and effect and the Company is not in violation of any term of any such Authorizations; (D) has not received written notice of any claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action from the FDA or any applicable governmental entity alleging that any product, operation, or activity is in violation of any Applicable Laws or Authorizations and has no knowledge that the FDA or any governmental entity is considering any such claim, litigation, arbitration, action, suit, investigation or proceeding; (E) has not received written notice that the FDA or any governmental entity has taken, is taking or to the knowledge of the Company, intends to take action to limit, suspend or revoke any Authorizations; and (F) has filed, obtained, maintained or submitted all reports, documents, forms, notices, applications, records, claims,