Common use of Data Security/Personal Cardholder Information Clause in Contracts

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer or the applicable Card Brand, except as expressly authorized in writing by the Cardholder, or as required by law. (a) Safeguards. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) ensure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant or Servicer in accordance with applicable federal and state laws, rules, regulations and guidance. Merchants transacting in electronic commerce must: offer Cardholders secure transaction methods such as SSL or 3-D Secure; install and maintain network firewalls; regularly update security patches; restrict and track employee access to all data relating to Cardholders and Card transaction (“Data”); encrypt all stored Data sent over open networks; use only approved or validated payment software applications; establish policies for properly managing use and allocation of passwords; and consistently assess and revise security systems and processes.

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honoring Cards unless such information is required to provide delivery of goods or services services, or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer or the applicable Card Brand, except as expressly authorized in writing by the Cardholder, or as required by lawApplicable Law. (a) Safeguards. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will will: (a) ensure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant or Servicer in accordance with applicable federal and state lawsApplicable Law, rules, regulations and guidance. Merchants transacting in electronic commerce must: offer Cardholders secure transaction methods such as SSL or 3-D Secure; install and maintain network firewalls; regularly update security patches; restrict and track employee access to all data relating to Cardholders and Card transaction Transactions (“Data”); encrypt all stored Data sent over open networks; use only approved or validated payment software applications; establish policies for properly managing use and allocation of passwords; and consistently assess and revise security systems and processes.

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer or the applicable Card Brand, except as expressly authorized in writing by the Cardholder, or as required by law. (a) Safeguards. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) ensure insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant or Servicer in accordance with applicable federal and state laws, rules, regulations and guidance. Merchants transacting in electronic commerce must: offer Cardholders secure transaction methods such as SSL or 3-D Secure; install and maintain network firewalls; regularly update security patches; restrict and track employee access to all data relating to Cardholders and Card transaction (“Data”); encrypt all stored Data sent over open networks; use only approved or validated payment software applications; establish policies for properly managing use and allocation of passwords; and consistently assess and revise security systems and processes.

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer Bank or the applicable Card BrandAssociation, except as expressly authorized in writing by the Cardholder, or as required by law. (a) Safeguards. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) ensure insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant or Servicer Bank in accordance with applicable federal and state laws, rules, regulations and guidance. Merchants transacting in electronic commerce must: offer Cardholders secure transaction methods such as SSL or 3-D Secure; install and maintain network firewalls; regularly update security patches; restrict and track employee access to all data relating to Cardholders and Card transaction (“Data”); encrypt all stored Data sent over open networks; use only approved or validated payment software applications; establish policies for properly managing use and allocation of passwords; and consistently assess and revise security systems and processes.

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer Peoples Trust or the applicable Card BrandPayment Network, except as expressly authorized in writing by the Cardholder, or as required by law. (aA) Safeguards. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) ensure insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant or Servicer in accordance with Data Privacy Requirements and applicable federal Laws. Merchant must promptly report the use of any third parties, defined as any entity that is not a member of a Payment Network but has a direct relationship with a Merchant, and state laws, rules, regulations which has access to cardholder data and guidance. Merchants transacting in electronic commerce must: offer Cardholders secure transaction methods performs such services such as SSL or 3-D Secure; install gateway, fraud scrubbing, loyalty programs, etc. Bank is required by Payment Network regulations to register the third party with Payment Network and maintain network firewalls; regularly update security patches; restrict and track employee access to all data relating to Cardholders and ensure that the third party is documented compliant with the Payment Card transaction (“Data”); encrypt all stored Data sent over open networks; use only approved or validated payment software applications; establish policies for properly managing use and allocation of passwords; and consistently assess and revise security systems and processesIndustry requirements.

Data Security/Personal Cardholder Information. A Merchant may not, as a condition of sale, impose a requirement require- ment on Cardholders to provide any personal information as a condition for honoring Cards unless such information is required to provide toprovide delivery of goods or services or Merchant Merchant, in good faith, has reason to believe the identity of the person presenting the Card may be different than from that of the Cardholder. Merchant will not, under any circumstances, release, sell sell, or otherwise disclose any Cardholder Information Informa- tion to any person other than Servicer Bank or the applicable Card BrandAssociation, except as expressly authorized in writing by the Cardholder, Cardholder or as required by law. (a) Safeguards. Merchant Merchants will maintain appropriate administrative, technical technical, and physical safeguards for all Cardholder Information. These safeguards will (ai) ensure the confidentiality of Cardholder Information; (bii) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (ciii) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (div) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant or Servicer Bank in accordance with applicable federal and state laws, rules, regulations regulations, and guidance, including, without limitation, those set forth in the Interagency Guidelines Establishing Information Security Standards (12 C.F.R. App. Merchants transacting in electronic commerce must: offer Cardholders secure transaction methods such as SSL or 3-D Secure; install and maintain network firewalls; regularly update security patches; restrict and track employee access B to all data relating to Cardholders and Card transaction (“Data”Part 364); encrypt all stored Data sent over open networks; use only approved or validated payment software applications; establish policies for properly managing use and allocation of passwords; and consistently assess and revise security systems and processes.