Data Security and Privacy. 12.1 SERVICE PROVIDER acknowledges the importance of Data Security and agrees to adhere to the Terms and Conditions of the Data Security Policy of IIMC.
Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data ...
Data Security and Privacy. 9.1. Definition: For the purpose of Agreement, "Data Protection Law" means applicable laws relating to privacy and data protection, including in the case of University, the Family Educational Rights and Privacy Act ("FERPA"), and other applicable U.S. federal and California state laws on privacy and data protection; and in the case of Company, Company's applicable national and local laws on privacy and data protection. In the event any Protected Information is revealed, shared, or exchanged between the Parties, each Party agrees to comply with its obligations under all applicable Data Protection Law, and as required under Agreement. To the extent that any laws or regulations of the home country or region of a Party has extra- territorial application such as to impose legal obligations on the other Party or its conduct outside such home country or region, the other Party upon request will provide reasonable assistance to such other Party in satisfying such obligation as necessary to implement Agreement. Such reasonable assistance shall not include legal advice or opinion.
Data Security and Privacy. You represent to us that you do not have access to Card information (such as the cardholder’s account number, expiration date, and CVV2) and you will not request access to such Card information from us. In the event that you receive such Card information in connection with the processing services provided under this Agreement, you agree that you will not use it for any fraudulent purpose or in violation of any Card Organization Rules, including but not limited to Payment Card Industry Data Security Standards (“PCI DSS”) or applicable law. If at any time you believe that Card information has been compromised, you must notify us promptly and assist in providing notification to the proper parties. You must ensure your compliance and that of any third party service provider utilized by you, with all security standards and guidelines that are applicable to you and published from time to time by Visa, MasterCard or any other Card Organization, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (“CISP”), the MasterCard Site Data Protection (“SDP”), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard PA-DSS (“Payment Application Data Security Standards”) (collectively, the "Security Guidelines"). If any Card Organization requires an audit of you due to a data security compromise event or suspected event, you agree to cooperate with such audit. You may not use any Card information other than for the sole purpose of completing the transaction authorized by the customer for which the information was provided to you, or as specifically allowed by Card Organization Rules, Your Card Acceptance Guide or required by law.
Data Security and Privacy. The Company and each of its Subsidiaries (i) is, and since January 4, 2021 has been, in material compliance with all Data Security Requirements, except for noncompliance that would have a Company Material Adverse Effect; and (ii) since January 4, 2021, has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with the Data Security Requirements to protect (A) the confidentiality, integrity, availability, and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft, and modification, except in each case as would not be material to the business of the Company Group, taken as a whole. As of the date hereof, except as would not have a Company Material Adverse Effect, (i) there are no pending complaints, investigations, inquiries, notices, enforcement proceedings, or actions by or before any Governmental Authority and (ii) since January 4, 2021, no fines or other penalties have been imposed on or written claims for compensation have been received by the Company or any Subsidiary, relating to any Specified Data Breach. The Company and each of its Subsidiaries have not since January 4, 2021, (1) experienced any Specified Data Breaches; or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole.
Data Security and Privacy. (a) Each Credit Party and its Subsidiaries is, and at all relevant times since January 31, 2022, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR, where applicable and any other applicable laws relating to cross-border transfers of Personal Data; (ii) all applicable contractual obligations concerning data privacy and data security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third party processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Credit Party or a Subsidiary is a party (collectively, “Privacy Agreements”).
Data Security and Privacy. (a) Each Credit Party and its Subsidiaries will maintain compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and other laws relating to cross-border transfers of Personal Data; (ii) all applicable contractual obligations concerning data privacy and security relating to Personal Data in the possession or control of a Credit Party or a Subsidiary or maintained by third parties as processors on behalf of such Credit Party or Subsidiary and having access to such information under contracts (or portions thereof) to which a Credit Party or a Subsidiary is a party; and (iii) the Privacy Agreements.
Data Security and Privacy. (a) Each Group Member is, and at all times, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including, to the extent applicable, but not limited to the GDPR and those relating to cross-border transfers; (ii) all applicable contractual obligations of each Loan Party and its Subsidiaries concerning data privacy and security relating to Personal Data in the possession or control of any Group Member or maintained by third parties on behalf of such Group Member and having access to such information under contracts (or portions thereof) to which a Group Member is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Group Member is a party (collectively, “Privacy Agreements”):
Data Security and Privacy. In the event that Sub-Merchant receives Card information (such as the cardholder’s account number, expiration date, and CVV2) in connection with the processing services provided under this Agreement, Sub-Merchant agrees that it will not use Card information for any fraudulent purpose or in violation of any Network Rules, including but not limited to Payment Card Industry Data Security Standards (PCI DSS) or applicable law. If at any time Sub-Merchant believes that Card information has been compromised, Sub-Merchant must notify Provider and Payment Facilitator promptly, and Sub-Merchant and Payment Facilitator must provide notice to the proper parties in accordance with the Master Contract’s Attachment 2, Statement of Work, Section 10.3, Core Platform and Security Breach. Sub-Merchant must ensure Sub-Merchant’s compliance and that of any third party service provider utilized by Sub-Merchant, with all security standards and guidelines that are applicable to it and published from time to time by Visa, MasterCard or any other Network, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (CISP), the MasterCard Site Data Protection (SDP), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard PA-DSS (Payment Application Data Security Standards) (collectively, the Security Guidelines). If any Network requires an audit of Sub-Merchant due to a data security compromise event or suspected event, Sub-Merchant agrees to cooperate with such audit. Sub-Merchant may not use any Card information other than for the sole purpose of completing the Transaction authorized by the customer for which the information was provided to Sub-Merchant or as specifically allowed by Network Rules, Your Payments Acceptance Guide, or required by law.
Data Security and Privacy. (a) Each Loan Party and its Subsidiaries is in compliance in all material respects with (i) all applicable Data Protection Laws, including but not limited to the GDPR and those relating to cross-border transfers; and (ii) all applicable data transfer agreements and data processing agreements required to be implemented pursuant to applicable Data Protection Laws, including the EU standard contractual clauses, to which a Loan Party or a Subsidiary is a party (clause (ii), “Privacy Agreements”).
