Common use of Data Security/Personal Cardholder Information Clause in Contracts

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honouring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer or the applicable Card Association, except as expressly authorized in writing by the Cardholder, or as required by law. (a) Safeguards. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant in accordance with Data Privacy Requirements and applicable Laws. (b) Compliance with Data Privacy Requirements and Card Association Data Security Rules. Merchant represents, warrants and covenants that it is and will remain throughout the term of the Merchant Agreement, in compliance with obligations pertaining to the collection, use, disclosure, retention of Cardholder Information including, data security, data integrity and the safeguarding of such information as set out in the Data Privacy Requirements in effect and as may be amended, supplemented or replaced. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will cause all of its Representatives to comply with the Data Privacy Requirements at all times. Merchant will report any non-compliance immediately to Servicer. To help accomplish the foregoing, Merchant and its Representatives will encrypt, at appropriate standards required by the Data Privacy Requirements, all debit, credit or stored value card numbers whether in storage, transport or backup and will not store data security codes on its systems, network or software. Merchant will notify Servicer of any vendor utilized by Merchant after the approval of the Merchant Application, which has access to Card or Transaction information.

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honouring honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer Processor or the applicable Card Association, except as expressly authorized in writing by the Cardholder, or as required by lawApplicable Law. (a) Safeguards. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (dd ) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant in accordance with Data Privacy Requirements and applicable LawsApplicable Law. (b) Compliance with Data Privacy Requirements and Card Association Data Security Rules. Merchant represents, warrants and covenants that it is and will remain throughout the term of the Merchant Agreement, in compliance with obligations pertaining to the collection, use, disclosure, retention of Cardholder Information including, data security, data integrity and the safeguarding of such information as set out in the Data Privacy Requirements in effect and as may be amended, supplemented or replaced. Merchant will maintain appropriate administrative, technical and physical safeguards for all Cardholder Information. These safeguards will (a) insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will cause all of its Representatives to comply with the Data Privacy Requirements at all times. Merchant will report any non-compliance immediately to Servicer. To help accomplish the foregoing, Merchant and its Representatives will encrypt, at appropriate standards required by the Data Privacy Requirements, all debit, credit or stored value card numbers whether in storage, transport or backup and will not store data security codes on its systems, network or software. Merchant will notify Servicer of any vendor utilized by Merchant after the approval of the Merchant Application, which has access to Card or Transaction information.,

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honouring honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer Processor or the applicable Card Association, except as expressly authorized in writing by the Cardholder, or as required by lawApplicable Law. (a) Safeguards. Merchant will maintain appropriate administrative, technical technical, and physical safeguards for all Cardholder Information. These safeguards will (a) insure ensure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant in accordance with Data Privacy Requirements and applicable LawsApplicable Law. (b) Compliance with Data Privacy Requirements and Card Association Data Security Rules. Merchant represents, warrants warrants, and covenants that it is and will remain throughout the term of the Merchant Agreement, in compliance with obligations pertaining to the collection, use, disclosure, retention of Cardholder Information including, data security, data integrity and the safeguarding of such information as set out in the Data Privacy Requirements in effect and as may be amended, supplemented or replaced. Merchant will maintain appropriate administrative, technical technical, and physical safeguards for all Cardholder Information. These safeguards will (a) insure ensure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will cause all of its Representatives to comply with the Data Privacy Requirements at all times. Merchant will report any non-compliance immediately to Servicer. To help accomplish the foregoing, Merchant and its Representatives will encrypt, at appropriate standards required by the Data Privacy Requirements, all debit, credit or stored value card numbers whether in storage, transport or backup and will not store data security codes on its systems, network or software. Merchant will notify Servicer of any vendor utilized by Merchant after the approval of the Merchant Application, which has access to Card or Transaction information.any

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honouring honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer Processor or the applicable Card Association, except as expressly authorized in writing by the Cardholder, or as required by lawApplicable Law. In addition, Merchant shall ensure that all service providers with access to cardholder data are submitted to and approved by the Processor prior to access to Cardholder data being granted. Moreover, the Merchant must ascertain that each service provider is certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS) before access is granted. The Merchant is also responsible for validating and maintaining records of each service provider's current PCI DSS certification status for the duration of their access to cardholder data. (a) Safeguards. Merchant will maintain appropriate administrative, technical technical, and physical safeguards for all Cardholder Information. These safeguards will (a) insure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant in accordance with Data Privacy Requirements and applicable Laws.physical (b) Compliance with Data Privacy Requirements and Card Association Data Security Rules. Merchant represents, warrants warrants, and covenants that it is and will remain throughout the term of the Merchant Agreement, in compliance with obligations pertaining to the collection, use, disclosure, retention of Cardholder Information including, data security, data integrity and the safeguarding of such information as set out in the Data Privacy Requirements in effect and as may be amended, supplemented or replaced. Merchant will maintain appropriate administrative, technical technical, and physical safeguards for all Cardholder Information. These safeguards will (a) insure ensure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will cause all of its Representatives to comply with the Data Privacy Requirements at all times. Merchant will report any non-compliance immediately to ServicerProcessor. To help accomplish the foregoing, Merchant and its Representatives will encrypt, at appropriate standards required by the Data Privacy Requirements, all debit, credit credit, or stored value card numbers whether in storage, transport or backup and will not store data security codes on its systems, network or software. Merchant will notify Servicer of any vendor utilized by Merchant after the approval ▇▇▇▇▇▇▇▇ hereby acknowledges and agrees to fully comply with all applicable rules and regulations of the Payment Networks ("Payment Networks Rules"), as may be amended from time to time. In the event of a conflict or inconsistency between any provision of this Merchant ApplicationAgreement and the Payment Networks Rules, which has access the provisions of the Payment Networks Rules shall prevail. The Merchant further acknowledges that failure to Card adhere to the Payment Networks Rules may result in sanctions, suspension, or Transaction informationtermination of the Merchant’s ability to participate in the Payment Networks.

Data Security/Personal Cardholder Information. Merchant may not, as a condition of sale, impose a requirement on Cardholders to provide any personal information as a condition for honouring honoring Cards unless such information is required to provide delivery of goods or services or Merchant has reason to believe the identity of the person presenting the Card may be different than that of the Cardholder. Merchant will not, under any circumstances, release, sell or otherwise disclose any Cardholder Information to any person other than Servicer Processor or the applicable Card Association, except as expressly authorized in writing by the Cardholder, or as required by lawApplicable Law. In addition, Merchant shall ensure that all service providers with access to cardholder data are submitted to and approved by the Processor prior to access to Cardholder data being granted. Moreover, the Merchant must ascertain that each service provider is certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS) before access is granted. The Merchant is also responsible for validating and maintaining records of each service provider's current PCI DSS certification status for the duration of their access to cardholder data. (a) Safeguards. Merchant will maintain appropriate administrative, technical technical, and physical safeguards for all Cardholder Information. These safeguards will (a) insure ensure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will maintain all such safeguards applicable to Merchant in accordance with Data Privacy Requirements and applicable Laws.of (b) Compliance with Data Privacy Requirements and Card Association Data Security Rules. Merchant represents, warrants warrants, and covenants that it is and will remain throughout the term of the Merchant Agreement, in compliance with obligations pertaining to the collection, use, disclosure, retention of Cardholder Information including, data security, data integrity and the safeguarding of such information as set out in the Data Privacy Requirements in effect and as may be amended, supplemented or replaced. Merchant will maintain appropriate administrative, technical technical, and physical safeguards for all Cardholder Information. These safeguards will (a) insure ensure the confidentiality of Cardholder Information; (b) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information; (c) protect against unauthorized access to or use of Cardholder Information that could result in substantial harm or inconvenience to any Cardholder; and (d) properly dispose of all Cardholder Information to ensure no unauthorized access to Cardholder Information. Merchant will cause all of its Representatives to comply with the Data Privacy Requirements at all times. Merchant will report any non-compliance immediately to ServicerProcessor. To help accomplish the foregoing, Merchant and its Representatives will encrypt, at appropriate standards required by the Data Privacy Requirements, all debit, credit credit, or stored value card numbers whether in storage, transport or backup and will not store data security codes on its systems, network or software. Merchant will notify Servicer of any vendor utilized by Merchant after the approval ▇▇▇▇▇▇▇▇ hereby acknowledges and agrees to fully comply with all applicable rules and regulations of the Payment Networks ("Payment Networks Rules"), as may be amended from time to time. In the event of a conflict or inconsistency between any provision of this Merchant ApplicationAgreement and the Payment Networks Rules, which has access the provisions of the Payment Networks Rules shall prevail. The Merchant further acknowledges that failure to Card adhere to the Payment Networks Rules may result in sanctions, suspension, or Transaction informationtermination of the Merchant’s ability to participate in the Payment Networks.