Common use of Personal Data and Security Clause in Contracts

Personal Data and Security. You agree that You have in place and will maintain, or will establish and maintain, adequate security procedures and controls to prevent the unintended disclosure of, and the unauthorized access to or misappropriation of, any personal data or information of any guest. Unless you receive consent directly from the guest, You will not directly or indirectly engage in any solicited or unsolicited marketing, promotional, or similar communications with any guest that has booked a room through the Expedia System. You will process, store, transmit and access any guest information that includes payment information (including, without limitation, credit card, debit card, or financial account information) in compliance with applicable law including, without limitation, the data security rules of the Payment Card Industry Data Security Standard for protecting credit and debit cardholder information applicable to You, and the EU Data Protection Directive (and all laws promulgated thereunder), in each case as the same may be amended, updated, replaced or augmented. Upon Expedia’s request, You will provide evidence that You have established and maintain technical and organizational security measures governing the processing of personal data in accordance with this Section B.4.c.

Personal Data and Security. You agree that You have in place and will maintain, or will establish and maintain, adequate security procedures and controls to prevent the unintended disclosure of, and the unauthorized access to or misappropriation of, any personal data or information of any guest. Unless you receive consent directly from the guest, You will not directly or indirectly engage in any solicited or unsolicited marketing, promotional, or similar communications with any guest that has booked a room through the Expedia System. You will process, store, transmit and access any guest information that includes payment information (including, without limitation, credit card, debit card, or financial account information) in compliance with applicable law including, without limitation, the data security rules of the Payment Card Industry Data Security Standard for protecting credit and debit cardholder information applicable to You, and the EU Data Protection Directive (and all laws promulgated thereunder), in each case as the same may be amended, updated, replaced or augmented. Upon Expedia’s request, You will provide evidence that You have established and maintain technical and organizational security measures governing the processing of personal data in accordance with this Section B.4.cC.4.c.