Cardholder Data Clause Samples
POPULAR SAMPLE Copied 3 times
Cardholder Data. (a) As among the Parties hereto, the Cardholder Data shall be the property of and exclusively owned by Bank.
(b) The Program Privacy Policy applicable to the Cardholder Data is attached as Schedule 6.2 hereto. Any modifications to the Program Privacy Policy shall be approved by the Management Committee, provided that the Program Privacy Policy shall comply with Applicable Law at all times.
(c) Bank shall not use, or permit to be used, the Cardholder Data, except as provided in this Section 6.2. Bank may use the Cardholder Data in compliance with Applicable Law and the Program Privacy Policy solely (i) for purposes of soliciting or marketing (in each case, solely as directed by the NMG Companies or the Management Committee) or servicing customers listed in the Cardholder Data for NMG Credit Cards, Approved Ancillary Products, and any other products and services approved by the Management Committee, (ii) as otherwise necessary to carry out its obligations or exercise its rights hereunder, or (iii) as required by Applicable Law. Bank has no rights to use the Cardholder Data for marketing purposes except as expressly provided herein.
(d) Bank shall not disclose, or permit to be disclosed, the Cardholder Data, except as provided in this Section 6.2. Bank shall not, directly or indirectly, sell or otherwise transfer any right in or to the Cardholder Data other than to NMG or any of its Affiliates. Bank may disclose the Cardholder Data in compliance with Applicable Law and the Program Privacy Policy solely:
(i) to its authorized subcontractors in connection with a permitted use of such Cardholder Data under this Section 6.2, provided that each such authorized subcontractor agrees in a written agreement satisfactory to NMG and Bank to maintain all such Cardholder Data as strictly confidential and not to use or disclose such information to any Person other than Bank or an NMG Company, except as required by Applicable Law or any Governmental Authority (after giving Bank and the NMG Companies prior notice and an opportunity to defend against such disclosure); provided, further, that each such authorized subcontractor maintains, and agrees in writing to maintain, an information security program that is designed to meet all requirements of Applicable Law, including, at a minimum, maintenance of an information security program that is designed to: (w) ensure the security and confidentiality of the Cardholder Data; (x) protect against any anticipated threats or hazards t...
Cardholder Data. To the extent applicable, Successful Respondent shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Successful Respondent shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of, or otherwise unauthorized access to, Cardholder Data stored by or for Successful Respondent, Successful Respondent shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s facilities and all pertinent records to conduct a review of Successful Respondent’s compliance with these requirements. Successful Respondent shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, or failure of Successful Respondent’s primary data systems which involve a risk to Cardholder Data. Successful Respondent shall provide access to its security systems and procedures, as requested by DIR or its designee. Successful Respondent shall cooperate fully with any reviews of their facilities and records provided for in this Section. Successful Respondent will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Cardholder Data. Service Provider shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. Service Provider shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of or otherwise unauthorized access to Cardholder Data stored by or for Service Provider, Service Provider shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Service Provider's facilities and all pertinent records to conduct a review of Service Provider's compliance with these requirements. Service Provider shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster or failure of Service Provider's primary data systems which involve a risk to Cardholder Data. Service Provider shall provide access to its security systems and procedures, as reasonably requested by DIR or its designee. Service Provider shall cooperate fully with any reviews of their facilities and records provided for in this Section 13.5(d). Service Provider will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Cardholder Data. If Supplier handles, maintains, processes, or is otherwise responsible for credit, debit or other cardholder payment information (“Cardholder Data”), Supplier shall comply with the most current Payment Card Industry (“PCI”) Standard in connection with the processing of Cardholder Data, including, but not limited to: (a) creating and maintaining a secure network to protect Cardholder Data; (b) using all technical and procedural measures reasonably necessary to protect Cardholder Data it maintains or controls; (c) creating and implementing security measures to limit access to Cardholder Data; (d) monitoring access to Cardholder Data it maintains or controls; and (e) creating and implementing an information security policy that assures employee compliance with the foregoing. Suppler may provide Cardholder Data to third parties provided that Supplier remains liable for ensuring compliance with the then-current PCI Data Security Standard (“DSS”) requirements and monitoring the PCI DSS compliance of all associated third parties. Supplier agrees to handle all point of sale (“POS”) machines in accordance with the Point-of-Sale Anti-Tamper Inspection Procedure terms found at ▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇▇.
Cardholder Data. Service Provider shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Service Provider shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of or otherwise unauthorized access to Cardholder Data stored by or for Service Provider, Service Provider shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Service Provider's facilities and all pertinent records to conduct a review of Service Provider's compliance with these requirements. Service Provider shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster or failure of Service Provider's primary data systems which involve a risk to Cardholder Data. Service Provider shall provide access to its security systems and procedures, as reasonably requested by DIR or its designee. Service Provider shall cooperate fully with any reviews of their facilities and records provided for in this Section 13.5(d). Service Provider will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Cardholder Data. You and Cardholders agree to the terms of the program’s privacy notice as posted at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/us/business/en/common/privacypolicy.html, as it may be amended from time to time. • You and Cardholders acknowledge and agree that SVB and MasterCard may share and use data regarding you, Cardholders, your personnel and your small business card usage with each other and with third parties, such as merchants and service providers, to operate the program and for internal operational purposes, including, but not limited to, sending you and your personnel emails regarding the program. • You agree to obtain Cardholder agreement to the program’s privacy and information sharing provisions and to do so in advance of any Cardholder participation in the Easy Savings Program. • You agree to inform us if any Cardholder objects to information sharing as described by MasterCard or under the program.
Cardholder Data. “Cardholder Data” has the same meaning as cardholder data in the PCI DSS Payment Application Data Security Standards Glossary of Terms, Abbreviations, and Acronyms, which at a minimum, consists of the full primary account number (“PAN”). Cardholder Data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code. “Transaction Data” means any data, except Cardholder Data, about a transaction initiated with a Card. Client Affiliate may use Cardholder Data and Transaction Data it receives through Marqeta to perform obligations in accordance with operating a Card Program and Applicable Law. Marqeta may not use or disclose any Cardholder Data or Transaction Data for any purpose except for: (i) providing and improving the Services, (ii) performing its obligations under this Addendum, (iii) performing fraud screening and verifying identities and information, and (iv) to comply with Applicable Law or Card Brand Rules.
Cardholder Data. You must secure and prevent the unauthorized access of any systems and media containing account, Cardholder, or transaction information (physical or electronic, including account numbers, Card imprints, and TID(s). Except for Card drafts you maintain in accordance with this Agreement or the Laws or Operating Regulations, you shall render inoperative and unreadable any media you no longer deem necessary or appropriate to store. You shall notify us of the identity of any third party who will have access to Cardholder data (“Merchant Provider(s)”). You shall also ensure that: (i) Merchant Providers cannot access Cardholder data unless authorized by the Operating Regulations; (ii) Merchant Providers have proper security measures to protect Cardholder data; (iii) you and Merchant Providers comply with the PCI DSS; and (iv) you have written agreements with Merchant Providers requiring compliance with the terms of this Section. You shall immediately notify us of any suspected or confirmed loss or theft of any transaction information. This includes any loss or theft from a Merchant Provider. You are responsible for demonstrating your and Merchant Providers’ compliance with the PCI DSS programs. You agree to provide us reasonable access to your locations and the locations of your Merchant Providers so that we can, at our option, verify whether you and your Merchant Providers can prevent future security violations. In the event of a suspected or confirmed loss or theft of information, you agree, at your expense, to provide any information, whether requested by us, an Association, financial institutions, or a local, state, or federal official in connection with the event. You further agree to cooperate in any ensuing investigation, including any forensic investigation. The information you provide in response to an investigation shall be considered our confidential information. The requirements of this provision apply to Cardholder data regardless of the medium in which the information is contained and regardless of whether you process transactions via internet, mail, phone, face-to- face or any other method.
Cardholder Data. (a) As among the Parties hereto, the Cardholder Data shall be the property of and exclusively owned by the Bank. The Company acknowledges and agrees that, subject to its rights pursuant to Section 17.2, it has no proprietary interest in the Cardholder Data.
(b) The Program Privacy Policy applicable to the Cardholder Data is attached as Schedule 6.2(b) hereto. Any modifications to the Program Privacy Policy shall be approved by the Strategic Operating Committee, provided that, the Program Privacy Policy shall comply with Applicable Law at all times and shall not provide for any reduction in the access to, or disclosure or use of Cardholder Data by the Company and its Affiliates as compared with the Program Privacy Policy in effect on the Effective Date.
(c) The Bank may use the Cardholder Data in compliance with Applicable Law and the Program Privacy Policy [****].
(d) The Bank shall not, directly or indirectly, sell, transfer, or rent (or permit others to do same), the Cardholder Data, and shall not, directly or indirectly, disclose the Cardholder Data, except for disclosure in compliance with Applicable Law and the Program Privacy Policy solely:
(i) [****].
(e) Subject to Applicable Law and the Program Privacy Policy, the Bank shall provide the Company with unlimited access, through the Bank’s data analysts, to all Cardholder Data obtained by the Bank in connection with the Program, which includes at least the items listed below as set forth in greater detail on Schedule 6.2(e). In addition, subject to Applicable Law, and as reasonably requested by the Company, [****]:
(i) [****]. [****]
(f) [****].
(g) [****].
(h) The Company may disclose the Cardholder Data in compliance with Applicable Law and the Program Privacy Policy solely:
(i) to its Service Providers authorized in accordance with this Agreement solely on a “need to know” basis in connection with a permitted use of the Cardholder Data pursuant to Section 6.2(g), [****];
(ii) to its Affiliates (including, for this purpose, the ▇▇▇▇ Group) and its and their Representatives on a “need to know” basis in connection with a permitted use of the Cardholder Data pursuant to Section 6.2(g); [****];
(iii) to any Governmental Authority with authority over the Company or its Affiliates, or their respective Service Providers [****]; or
(iv) as otherwise permitted by Applicable Law and the Program Privacy Policy; [****].
(i) With respect to the sharing, use and disclosure of the Cardholder Data following the ter...