Protection of Cardholder Data Clause Samples

POPULAR SAMPLE Copied 1 times
Protection of Cardholder Data. Each Party shall maintain a comprehensive information security program which includes physical, technical, and administrative controls and safeguards designed to ensure the security and confidentiality of Cardholder data and to protect against any anticipated threats or hazards to the security of, or unauthorized access to, Cardholder data. Each party shall maintain appropriate administrative, technical and procedural measures designed to: (i) ensure the confidentiality and security of Cardholder data; (ii) protect against unauthorized access to or use of Cardholder data that could result in substantial harm or inconvenience to any Cardholder; and (iii) ensure the proper disposal of Cardholder data. In the event that a party (the “Affected Party”) reasonably believes that Cardholder data has been materially disclosed to or accessed by an unauthorized person (a “Security Incident”), such party shall: (a) immediately initiate response measures designed to identify the nature and scope of the incident, and (b) notify the other party’s designated security officer (or other contact as designated by such other party) as soon as practicable, subject to any law enforcement investigation. The Affected Party will provide regular updates to the other party of its efforts to correct such compromise. The Affected Party, with the cooperation of the other party, shall assume responsibility for remediating the Security Incident as required by applicable law. Each party shall act in compliance with the applicable provisions of the GLBA and other data protection and privacy requirements with respect to such party’s use, storage, and disposal of Cardholder data hereunder. Each party shall obligate, by written agreement, its employees and independent contractors, including any subcontractors, who have access to Cardholder data to adhere to such party’s policies and practices implementing the foregoing obligations. Except as required by applicable law, neither Galileo, nor its employees, agents, or contractors shall communicate with or contact Cardholders regarding a Security Incident without the prior written consent of Customer, which consent shall not be unreasonably withheld. Customer has sole responsibility for communicating any notifications received hereunder to Cardholders in accordance with applicable law.
View Source
Protection of Cardholder Data a. The parties acknowledge that the Cardholder Data or certain other information collected, used and disclosed pursuant to this Agreement may constitute personal information pursuant to Privacy Laws and may be regulated by Privacy Laws and other applicable law. The parties agree that any such information will be collected, used and disclosed in accordance with this Agreement and applicable law, including Privacy Laws, and with the privacy codes of the Servicers, and will only be used and disclosed in connection with the Services provided hereunder. Peoples Trust’s Privacy Code is available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇/▇▇▇▇▇/▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇/ and PSiGate’s Privacy Code is available at ▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇/. b. Merchant may not retain or store magnetic stripe data after a Transaction has been authorized. If Merchant stores any electronically captured signatures of a Cardholder, Merchant may not reproduce such signature except upon the specific request of the Services. Merchant shall store all media containing Cardholder Data, including Transaction Records, in an area limited to selected personnel, and, prior to discarding any such media destroy the media in a manner that renders the data unreadable and unrecoverable.
View SourceView Similar (13)

Related to Protection of Cardholder Data

  • Protection of Customer Data The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified by the Customer in the Call Off Order Form and, in any event, as specified by the Customer from time to time in writing. The Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site at an Approved location in accordance with any BCDR Plan or otherwise. The Supplier shall ensure that such back-ups are available to the Customer (or to such other person as the Customer may direct) at all times upon request and are delivered to the Customer at no less than six (6) Monthly intervals (or such other intervals as may be agreed in writing between the Parties). The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). If at any time the Supplier suspects or has reason to believe that the Customer Data is corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Default so as to be unusable, the Supplier may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of Customer Data to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer, and the Supplier shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Customer’s notice; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer.

  • Collection of card When your application is approved by us, we may send you the card, and a renewal or replacement thereof, by ordinary post to the address we have on record for you. In the event you fail to receive the card and unauthorized transactions occur on the card account, you will not be liable for the balances arising therefrom provided you have not acted fraudulently or negligently. We are not liable to you for any loss or damage which you may suffer if you fail to receive the card.

  • User Data We will maintain certain data that you transmit to the Services for the purpose of managing the performance of the Services, as well as data relating to your use of the Services. Although we perform regular routine backups of data, you are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Services. You agree that we shall have no liability to you for any loss or corruption of any such data, and you hereby waive any right of action against us arising from any such loss or corruption of such data.

  • PROTECTION OF YOUR CONTENT 5.1 In order to protect Your Content provided to Oracle as part of the provision of the Services, Oracle will comply with the applicable administrative, physical, technical and other safeguards, and other applicable aspects of system and content management, available at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/us/corporate/contracts/cloud-services/index.html. 5.2 To the extent Your Content includes Personal Data (as that term is defined in the applicable data privacy policies and the Data Processing Agreement (as that term is defined below)), Oracle will furthermore comply with the following: a. the relevant Oracle privacy policies applicable to the Services, available at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/us/legal/privacy/overview/index.html; and b. the applicable version of the Data Processing Agreement for Oracle Services (the “Data Processing Agreement”), unless stated otherwise in Your order. The version of the Data Processing Agreement applicable to Your order (a) is available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/corporate/contracts/cloud- services/contracts.html#data-processing and is incorporated herein by reference, and (b) will remain in force during the Services Period of Your order. In the event of any conflict between the terms of the Data Processing Agreement and the terms of the Service Specifications (including any applicable Oracle privacy policies), the terms of the Data Processing Agreement shall take precedence.

  • Protection of Your Data We will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data, as described in the Documentation. Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of Your Data by Our personnel except (a) to provide the Purchased Services and prevent or address service or technical problems, (b) as compelled by law in accordance with Section 8.3 (Compelled Disclosure) below, or (c) as You expressly permit in writing.