Common use of Cardholder Data Clause in Contracts

Cardholder Data. You must secure and prevent the unauthorized access of any systems and media containing account, Cardholder, or transaction information (physical or electronic, including account numbers, Card imprints, and TID(s). Except for Card drafts you maintain in accordance with this Agreement or the Laws or Operating Regulations, you shall render inoperative and unreadable any media you no longer deem necessary or appropriate to store. You shall notify us of the identity of any third party who will have access to Cardholder data (“Merchant Provider(s)”). You shall also ensure that: (i) Merchant Providers cannot access Cardholder data unless authorized by the Operating Regulations; (ii) Merchant Providers have proper security measures to protect Cardholder data; (iii) you and Merchant Providers comply with the PCI DSS; and (iv) you have written agreements with Merchant Providers requiring compliance with the terms of this Section. You shall immediately notify us of any suspected or confirmed loss or theft of any transaction information. This includes any loss or theft from a Merchant Provider. You are responsible for demonstrating your and Merchant Providers’ compliance with the PCI DSS programs. You agree to provide us reasonable access to your locations and the locations of your Merchant Providers so that we can, at our option, verify whether you and your Merchant Providers can prevent future security violations. In the event of a suspected or confirmed loss or theft of information, you agree, at your expense, to provide any information, whether requested by us, an Association, financial institutions, or a local, state, or federal official in connection with the event. You further agree to cooperate in any ensuing investigation, including any forensic investigation. The information you provide in response to an investigation shall be considered our confidential information. The requirements of this provision apply to Cardholder data regardless of the medium in which the information is contained and regardless of whether you process transactions via internet, mail, phone, face-to- face or any other method.

Cardholder Data. You shall comply with all applicable privacy laws in respect of any personal Cardholder information collected or stored by you and shall do so pursuant to a privacy policy that is readily available to Cardholders. You expressly permit us and our third party suppliers in the delivery of the Services to collect, use, and process information provided by you hereunder in and outside of the United States, provided that no third party supplier shall be in territories that are subject to OFAC geographic sanctions. You further state that you have obtained from Cardholders all necessary consents under applicable privacy laws for us, the Associations, and Other Networks to collect, store, use and disclose Cardholder information necessary for the supply of the ▇▇▇▇▇▇▇▇.▇▇▇ must secure and prevent the unauthorized access of any systems and media containing account, Cardholder, or transaction information (physical or electronic, including account numbers, Card imprints, and TID(s). Except for Card drafts you maintain in accordance with this Agreement or the Laws or Operating Regulations, you shall render inoperative and unreadable any media you no longer deem necessary or appropriate to store. You shall notify us of the identity of any third party who will have access to Cardholder data (“Merchant Provider(s)”). You shall also ensure that: (i) Merchant Providers cannot access Cardholder data unless authorized by the Operating Regulations; (ii) Merchant Providers have proper security measures to protect Cardholder data; (iii) you and Merchant Providers comply with the PCI DSS; and (iv) you have written agreements with Merchant Providers requiring compliance with the terms of this Section. You shall immediately notify us of any suspected or confirmed loss or theft of any transaction information. This includes any loss or theft from a Merchant Provider. You are responsible for demonstrating your and Merchant Providers’ compliance with the PCI DSS programs. You agree to provide us reasonable access to your locations and the locations of your Merchant Providers so that we can, at our option, verify whether you and your Merchant Providers can prevent future security violations. In the event of a suspected or confirmed loss or theft of information, you agree, at your expense, to provide any information, whether requested by us, an Association, financial institutions, or a local, state, or federal official in connection with the event. You further agree to cooperate in any ensuing investigation, including any forensic investigation. The information you provide in response to an investigation shall be considered our confidential information. The requirements of this provision apply to Cardholder data regardless of the medium in which the information is contained and regardless of whether you process transactions via internet, mail, phone, face-to- to-face or any other method.