Data minimisation. As a general principle, you should gather and retain no more Card Data or other sensitive data than you need. Holding Card Data and personal data creates a risk of liability to you, and you can reduce that risk by taking and holding less data. If you store Card Data, consider carefully the need to do so: PayPal must refund a payment which lacks its payer’s authorisation, and if the user will authorise a further payment, the user will generally also give you up-to- date Card Data again, so you may have little need to store Card Data for future
Appears in 3 contracts
Sources: Online Card Payment Services Agreement, Online Card Payment Services Agreement, Online Card Payment Services Agreement