Processing of Cardholder Data Clause Samples

Processing of Cardholder Data. In addition to the terms and conditions set forth in this Exhibit, if Supplier collects, accesses, uses, stores, processes, disposes of, or discloses credit, debit, or other payment cardholder information, Supplier shall comply with the additional terms and conditions set forth in this Section 5 with respect to sensitive authentication data (“Cardholder Data. Cardholder Data is deemed to be Confidential Information and ABA Data. Unless set forth otherwise in the Agreement, any term used in this Section 5 shall have the meaning set forth in the Payment Card Industry (‘PCI’) Glossary (the glossary published by the Payment Card Industry (“PCI”)) or otherwise defined with respect to the PCI Standard. 5.1 Supplier, at its sole expense, shall comply with the Payment Card Industry Data Security Standard (“PCI DSS”) at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/merchants/index.php, as may be amended from time to time, including without limitation, any and all payment card industry validation actions (e.g., any onsite assessments, self-assessments, network security scans, or any other actions identified by payment card companies for the purpose of validating Supplier’s compliance with the PCI DSS. 5.2 Supplier shall maintain a continuous PCI DSS compliance program. By September 30th of each year during the term of the Agreement, Supplier shall confirm Supplier’s PCI DSS compliance by providing ABA with written confirmation in the form of a Qualified Security Assessor (“QSA”) Assessment Certificate, a PCI Report on Compliance, or evidence that Supplier is included on the Visa or MasterCard list of PCI DSS Validated Services Providers at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/approved_companies_providers/validated_payment_applications.php?agree=true. 5.3 Supplier shall immediately notify ABA if Supplier is found to be non-compliant with any PCI DSS requirement or if there is any breach of cardholder data impacting ABA or its customers. Appendix 1 to Exhibit C 1. Data Subjects