Common use of Cardholder Data Security Clause in Contracts

Cardholder Data Security. With respect to the Program, from and after the Effective Date, Company and Bank shall, each at its own cost and expense except to the extent otherwise provided therein, comply with the information security and business continuity requirements set forth in Schedule 6.4. At a minimum, the parties shall transmit, store and process Cardholder Data in accordance with Applicable Law, Network Rules, Payment Card Industry Data Security Standards and the then-current security rules and requirements of the Network, all as applicable to the Program. [*] Without limiting the foregoing, Company and Bank will each establish, maintain and implement (and require each of its subcontractors receiving Cardholder Data or Company Guest Data to establish, maintain and implement) an information security program, including appropriate administrative, technical and physical safeguards, that is designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Information Security Data and any other Applicable Law governing data security, including the objectives of (v) ensuring the security and confidentiality of the Cardholder Data, (w) protecting against any anticipated threats or hazards to the security or integrity of the Cardholder Data, (x) protecting against unauthorized access to or modification, destruction, disclosure, use or disposal of, or access to, Cardholder Data, (y) ensuring the proper disposal of Cardholder Data, and (z) in the event of a security breach involving Cardholder Data, ensuring that the party suffering such breach notifies affected Cardholders, Applicants and other individuals, and Governmental Authorities, in each case insofar as required by and otherwise in compliance with Applicable Law and Network Rules. [*]

Cardholder Data Security. With respect to the Program, from and after the Effective Date, Company and Bank shall, each at its own cost and expense except to the extent otherwise provided therein, comply with the information security and business continuity requirements set forth in Schedule 6.4. At a minimum, the parties shall transmit, store and process Cardholder Data in accordance with Applicable Law, Network Rules, Payment Card Industry Data Security Standards and the then-current security rules and requirements of the Network, all as applicable to the Program. [*] Company will keep Cardholder Data logically isolated from any data of its own, other customers or suppliers, so that: (i) Cardholder Data is not commingled with third party data or disclosed in conjunction with any disclosure of third party data; and (ii) Company can readily locate and/or return Cardholder Data in accordance with this Agreement. Without limiting the foregoing, Company and Bank will each establish, maintain and implement (and require each of its subcontractors receiving Cardholder Data or Company Guest Data to establish, maintain and implement) an information security program, including appropriate administrative, technical and physical safeguards, that is designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Information Security Data and any other Applicable Law governing data security, including the objectives of (v) ensuring the security and confidentiality of the Cardholder Data, (w) protecting against any anticipated threats or hazards to the security or integrity of the Cardholder Data, (x) protecting against unauthorized access to or modification, destruction, disclosure, use or disposal of, or access to, Cardholder Data, (y) ensuring the proper disposal of Cardholder Data, and (z) in the event of a security breach involving Cardholder Data, ensuring that the party suffering such breach notifies affected Cardholders, Applicants and other individuals, and Governmental Authorities, in each case insofar as required by and otherwise in compliance with Applicable Law and Network Rules. [*]For the avoidance of doubt, Bank shall have no liability to Company arising out of the failure by Company or any of Company’s subcontractors to comply with the requirements of this Section

Cardholder Data Security. With respect to the Program, from and after the Effective Date, Company and Bank shall, each at its own cost and expense except to the extent otherwise provided therein, comply with the information security and business continuity requirements set forth in Schedule 6.4. At a minimum, the parties shall transmit, store and process Cardholder Data in accordance with Applicable Law, Network Rules, Payment Card Industry Data Security Standards and the then-current security rules and requirements of the Network, all as applicable to the Program. [*] Company will keep Cardholder Data logically isolated from any data of its own, other customers or suppliers, so that: (i) Cardholder Data is not commingled with third party data or disclosed in 60 conjunction with any disclosure of third party data; and (ii) Company can readily locate and/or return Cardholder Data in accordance with this Agreement. Without limiting the foregoing, Company and Bank will each establish, maintain and implement (and require each of its subcontractors receiving Cardholder Data or Company Guest Data to establish, maintain and implement) an information security program, including appropriate administrative, technical and physical safeguards, that is designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Information Security Data and any other Applicable Law governing data security, including the objectives of (v) ensuring the security and confidentiality of the Cardholder Data, (w) protecting against any anticipated threats or hazards to the security or integrity of the Cardholder Data, (x) protecting against unauthorized access to or modification, destruction, disclosure, use or disposal of, or access to, Cardholder Data, (y) ensuring the proper disposal of Cardholder Data, and (z) in the event of a security breach involving Cardholder Data, ensuring that the party suffering such breach notifies affected Cardholders, Applicants and other individuals, and Governmental Authorities, in each case insofar as required by and otherwise in compliance with Applicable Law and Network Rules. [*]For the avoidance of doubt, Bank shall have no liability to Company arising out of the failure by Company or any of Company’s subcontractors to comply with the requirements of this Section 6.4, which compliance or noncompliance shall be the sole obligation of Company notwithstanding its servicing relationship to Bank.

Cardholder Data Security. With respect to the Program, from and after the Effective Date, Company and Bank shall, each at its own cost and expense except to the extent otherwise provided therein, comply with the information security and business continuity requirements set forth in Schedule 6.4. At a minimum, the parties shall transmit, store and process Cardholder Data in accordance with Applicable Law, Network Rules, Payment Card Industry Data Security Standards and the then-current security rules and requirements of the Network, all as applicable to the Program. [*] Company will keep Cardholder Data logically isolated from any data of its own, other customers or suppliers, so that: (i) Cardholder Data is not commingled with third party data or disclosed in conjunction with any disclosure of third party data; and (ii) Company can readily locate and/or return Cardholder Data in accordance with this Agreement. Without limiting the foregoing, Company and Bank will each establish, maintain and implement (and require each of its subcontractors receiving Cardholder Data or Company Guest Data to establish, maintain and implement) an information security program, including appropriate administrative, technical and physical safeguards, that is designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Information Security Data and any other Applicable Law governing data security, including the objectives of of (v) ensuring the security and confidentiality of the Cardholder Data, (w) protecting against any anticipated threats or hazards to the security or integrity of the Cardholder Data, (x) protecting against unauthorized access to or modification, destruction, disclosure, use or disposal of, or access to, Cardholder Data, (y) ensuring the proper disposal of Cardholder Data, and (z) in the event of a security breach involving Cardholder Data, ensuring that the party suffering such breach notifies affected Cardholders, Applicants and other individuals, and Governmental Authorities, in each case insofar as required by and otherwise in compliance with Applicable Law and Network Rules. [*]For the avoidance of doubt, Bank shall have no liability to Company arising out of the failure by Company or any of Company’s subcontractors to comply with the requirements of this Section