name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, drivers license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as personally identifying information under the Federal Trade Commission Act, as amended; (iii) personal data as defined by GDPR (as defined below); (iv) any information which would qualify as protected health information under the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, HIPAA); and (v) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified persons health or sexual orientation. There have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except as would not be expected, individually or in the aggregate, to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except as would not be expected, individually or in the aggregate, to have a Material Adverse Effect.
(xlix) The Company and its subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the European Union General Data Protection Regulation (GDPR) (EU 2016/679) (collectively, the Privacy Laws), except as would not be expected, individually or in the aggregate, to have a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the Policies). Except as would not be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company and its subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. Except as would not be expected, individually or in the aggregate, to have a Material Adverse Effect, the Company further certifies that neither it nor any subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
(l) Each of the Company and its subsidiaries: (A) is and at all times has been in compliance with all statutes, rules or regulations of the U.S. Food and Drug Administration (FDA) and any other comparable U.S. or non-U.S. federal, state, local or other governmental or regulatory authority, governmental or regulatory agency or body, court, arbitrator or self-regulatory organization (each, a Governmental Authority) applicable to the ownership, testing, development, manufacture, packaging, processing, use, marketing, distribution, storage, import, export or disposal of any product under development, manufactured or distributed by the Company or each such subsidiary (collectively, the Applicable Laws), except where such noncompliance would not, individually or in the