Common use of Data Security Compliance Clause in Contracts

Data Security Compliance. ▇▇▇▇▇▇▇▇ agrees to comply with data privacy and security requirements under the Payment Card Industry (“PCI”) Data Security Standard (“DSS”) ("Network PCI- DSS Requirements") with regards to Merchant's use, access, and storage of certain credit card non-public personal information ("Cardholder Information"). Visa, MasterCard, Discover, American Express, Diners Club card, JCB, UPI (China UnionPay), any debit network, and the other financial service card organizations shall be collectively known herein as "Networks." Additionally, ▇▇▇▇▇▇▇▇ agrees to comply with its obligations under any applicable law or regulation as may be in effect or as may be enacted, adopted or determined regarding the confidentiality, use, and disclosure of Cardholder Information. PayPal may, at its discretion, conduct an on-site audit and review of Merchant's data privacy and security procedures upon either (a) five (5) Business Days’ notice for any reason or (b) immediately upon any unauthorized access to, use or disclosure of any Cardholder Information. PayPal may, with written notice to Merchant, require that Merchant comply with any further requirements any regulator, including the Financial Conduct Authority, the European Central Bank or the Networks for strong authentication for all or certain specified credit card transactions. PayPal agrees to comply with the Network PCI-DSS Requirements of Visa and MasterCard. Merchant can verify PayPal's compliance with the PCI DSS by viewing the Global List of PCI DSS Validated Compliant Service Providers on Visa's website at ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇/splisting/▇▇▇▇▇▇▇▇▇▇.▇▇. Merchant may request a copy of PayPal’s attestation of compliance for PCI DSS from PayPal no more frequently than on an annual basis. PayPal acknowledges that it is responsible for the security of customer cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that it could impact the security of the customer cardholder data environment.