Common use of Data Security and Privacy Clause in Contracts

Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data breaches that may occur, as well as all costs of forensic exam/audit, card replacement fees, all claims and demands of Cardholders, Card Issuers, Card Networks, governmental agencies, or other third parties, and all litigation costs and expenses including reasonable attorney's fees, and all other costs of any kind, associated with any actual or suspected data security breach or noncompliance with Card Network data security requirements or data security requirements of applicable law; and (b) in the event of a computer or other data security breach, or suspected computer or other data security breach, Merchant agrees to abide by Card Network requirements which may include without limitation a forensic network exam by a Qualified Incident Response Assessor (QIRA); and (c) Merchant agrees to cooperate with Processor and Merchant Bank in order to effectively manage breach response. Without limiting the generality of the foregoing, Merchant understands that the payment card industry has required all merchants to be PCI DSS compliant. Processor and Merchant Bank, in compliance with Card Network mandates, will not board merchants for the Services provided for in this Agreement that are not PCI DSScompliant. Merchant and Merchant's principals hereby covenant that they are, and will continue for the duration of the Term to be, PCI DSS compliant. Processor and Merchant Bank also require compliance with the PA- DSS standards in accordance with industry mandates, and with all applicable Card Network mandates relating to PIN and PIN entry device (PED) security, including without limitation, and as applicable, the applicable Payment Card Industry PCI PIN Security Requirements, PCI PIN- Entry Device Security Requirements, and PCI Encrypting PIN Pad Security Requirements. Merchant covenants that all point-of- sale (POS) and/or terminal hardware and software (make and version) that Merchant will use to submit Transactions during the Term is PA- DSS compliant, and compliant with all applicable PIN and PED security requirements, and that any future changes in Merchant’s POS hardware or software will be in compliance with the PA-DSS and all applicable PIN and PED security requirements.

Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant Xxxxxxxx will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data breaches that may occur, as well as all costs of forensic exam/audit, card replacement fees, all claims and demands of Cardholders, Card Issuers, Card Networks, governmental agencies, or other third parties, and all litigation costs and expenses including reasonable attorney's fees, and all other costs of any kind, associated with any actual or suspected data security breach or noncompliance with Card Network data security requirements or data security requirements of applicable law; and (b) in the event of a computer or other data security breach, or suspected computer or other data security breach, Merchant Xxxxxxxx agrees to abide by Card Network requirements which may include without limitation a forensic network exam by a Qualified Incident Response Assessor (QIRA); and (c) Merchant Xxxxxxxx agrees to cooperate with Processor and Merchant Bank in order to effectively manage breach response. Without limiting the generality of the foregoing, Merchant Xxxxxxxx understands that the payment card industry has required all merchants to be PCI DSS compliant. Processor and Merchant Bank, in compliance with Card Network mandates, will not board merchants for the Services provided for in this Agreement that are not PCI DSScompliant. Merchant and MerchantXxxxxxxx's principals hereby covenant that they are, and will continue for the duration of the Term to be, PCI DSS compliant. Processor and Merchant Bank also require compliance with the PA- DSS standards in accordance with industry mandates, and with all applicable Card Network mandates relating to PIN and PIN entry device (PED) security, including without limitation, and as applicable, the applicable Payment Card Industry PCI PIN Security Requirements, PCI PIN- Entry Device Security Requirements, and PCI Encrypting PIN Pad Security Requirements. Merchant covenants that all point-of- sale (POS) and/or terminal hardware and software (make and version) that Merchant will use to submit Transactions during the Term is PA- DSS compliant, and compliant with all applicable PIN and PED security requirements, and that any future changes in Merchant’s POS hardware or software will be in compliance with the PA-DSS and all applicable PIN and PED security requirements.

Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant Xxxxxxxx will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data breaches that may occur, as well as all costs of forensic exam/audit, card replacement fees, all claims and demands of Cardholders, Card Issuers, Card Networks, governmental agencies, or other third parties, and all litigation costs and expenses including reasonable attorney's fees, and all other costs of any kind, associated with any actual or suspected data security breach or noncompliance with Card Network data security requirements or data security requirements of applicable law; and (b) in the event of a computer or other data security breach, or suspected computer or other data security breach, Merchant agrees to abide by Card Network requirements which may include without limitation a forensic network exam by a Qualified Incident Response Assessor (QIRA); and (c) Merchant Xxxxxxxx agrees to cooperate with Processor and Merchant Bank in order to effectively manage breach response. Without limiting the generality of the foregoing, Merchant Xxxxxxxx understands that the payment card industry has required all merchants to be PCI DSS compliant. Processor and Merchant Bank, in compliance with Card Network mandates, will not board merchants for the Services provided for in this Agreement that are not PCI DSScompliant. Merchant and MerchantXxxxxxxx's principals hereby covenant that they are, and will continue for the duration of the Term to be, PCI DSS compliant. Processor and Merchant Bank also require compliance with the PA- DSS standards in accordance with industry mandates, and with all applicable Card Network mandates relating to PIN and PIN entry device (PED) security, including without limitation, and as applicable, the applicable Payment Card Industry PCI PIN Security Requirements, PCI PIN- Entry Device Security Requirements, and PCI Encrypting PIN Pad Security Requirements. Merchant covenants that all point-of- sale (POS) and/or terminal hardware and software (make and version) that Merchant will use to submit Transactions during the Term is PA- DSS compliant, and compliant with all applicable PIN and PED security requirements, and that any future changes in Merchant’s POS hardware or software will be in compliance with the PA-DSS and all applicable PIN and PED security requirements.

Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data breaches that may occur, as well as all costs of forensic exam/audit, card replacement fees, all claims and demands of Cardholders, Card Issuers, Card Networks, governmental agencies, or other third parties, and all litigation costs and expenses including reasonable attorney's fees, and all other costs of any kind, associated with any actual or suspected data security breach or noncompliance with Card Network data security requirements or data security requirements of applicable law; and (b) in the event of a computer or other data security breach, or suspected computer or other data security breach, Merchant agrees to abide by Card Network requirements which may include without limitation a forensic network exam by a Qualified Incident Response Assessor (QIRA); and (c) Merchant agrees to cooperate with Processor and Merchant Bank in order to effectively manage breach response. Without limiting the generality of the foregoing, Merchant understands that the payment card industry has required all merchants to be PCI DSS compliant. Processor and Merchant Bank, in compliance with Card Network mandates, will not board merchants for the Services provided for in this Agreement that are not PCI DSScompliantDSS compliant. Merchant and Merchant's principals hereby covenant that they are, and will continue for the duration of the Term to be, PCI DSS compliant. Processor and Merchant Bank also require compliance with the PA- DSS standards in accordance with industry mandates, and with all applicable Card Network mandates relating to PIN and PIN entry device (PED) security, including without limitation, and as applicable, the applicable Payment Card Industry PCI PIN Security Requirements, PCI PIN- Entry Device Security Requirements, and PCI Encrypting PIN Pad Security Requirements. Merchant covenants that all point-of- sale (POS) and/or terminal hardware and software (make and version) that Merchant will use to submit Transactions during the Term is PA- DSS compliant, and compliant with all applicable PIN and PED security requirements, and that any future changes in Merchant’s POS hardware or software will be in compliance with the PA-DSS and all applicable PIN and PED security requirements.

Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant Xxxxxxxx will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data breaches that may occur, as well as all costs of forensic exam/audit, card replacement fees, all claims and demands of Cardholders, Card Issuers, Card Networks, governmental agencies, or other third parties, and all litigation costs and expenses including reasonable attorney's fees, and all other costs of any kind, associated with any actual or suspected data security breach or noncompliance with Card Network data security requirements or data security requirements of applicable law; and (b) in the event of a computer or other data security breach, or suspected computer or other data security breach, Merchant Xxxxxxxx agrees to abide by Card Network requirements which may include without limitation a forensic network exam by a Qualified Incident Response Assessor (QIRA); and (c) Merchant agrees to cooperate with Processor and Merchant Bank in order to effectively manage breach response. Without limiting the generality of the foregoing, Merchant Xxxxxxxx understands that the payment card industry has required all merchants to be PCI DSS compliant. Processor and Merchant Bank, in compliance with Card Network mandates, will not board merchants for the Services provided for in this Agreement that are not PCI DSScompliant. Merchant and MerchantXxxxxxxx's principals hereby covenant that they are, and will continue for the duration of the Term to be, PCI DSS compliant. Processor and Merchant Bank also require compliance with the PA- DSS standards in accordance with industry mandates, and with all applicable Card Network mandates relating to PIN and PIN entry device (PED) security, including without limitation, and as applicable, the applicable Payment Card Industry PCI PIN Security Requirements, PCI PIN- Entry Device Security Requirements, and PCI Encrypting PIN Pad Security Requirements. Merchant covenants that all point-of- sale (POS) and/or terminal hardware and software (make and version) that Merchant will use to submit Transactions during the Term is PA- DSS compliant, and compliant with all applicable PIN and PED security requirements, and that any future changes in Merchant’s POS hardware or software will be in compliance with the PA-DSS and all applicable PIN and PED security requirements.

Data Security and Privacy. 4.1 Merchant will retain in a secure and confidential manner, in accordance with the Operating Rules, original or complete and legible copies of each Charge Record, and each Credit Voucher required to be provided to Cardholders, for at least two (2) years or longer if required by law or the Operating Rules. Merchant shall render any materials containing Cardholder Account numbers unreadable prior to discarding. Merchant will store Charge Records in an area limited to selected personnel, and when record-retention requirements have been met, Merchant Xxxxxxxx will destroy the records so that Charge Records are rendered unreadable. Merchant confirms that it is, and shall be, in full compliance during the term of this Agreement with all federal, state and local statutes, rules and regulations (including without limitation the information privacy and security requirements of the Gramm Xxxxx Xxxxxx Act and regulations thereunder), as well as all Operating Rules, regulations and bylaws of the Card Networks and the Security Standards. Merchant will have in place and comply with at all times during the term of this Agreement a comprehensive written information security program that is designed to ensure the security, confidentiality and integrity of Transaction and Cardholder information, and includes a procedure (i) for periodic review to identify new and emerging threats and vulnerabilities and (ii) to take appropriate measures to remediate and remove such threats and vulnerabilities, all in accordance with the Security Standards. The Card Networks or Provider, and their respective representatives, may inspect the premises of Merchant or any independent contractor or agent or Merchant Servicer engaged by Merchant for compliance with security requirements. Merchant acknowledges that any failure to comply with security requirements, or to demonstrate compliance, may result in the imposition of restrictions on Merchant or the permanent prohibition of Merchant's participation in Card Programs by the Card Networks. Without limitation as to Merchant's obligations or liabilities under other provisions hereof, Merchant hereby agrees to indemnify Processor and Merchant Bank, including their officers, directors, employees, and agents, and to hold them harmless from any fines, assessments, fees and/or penalties that may be assessed by the Card Networks or any governmental agency in regards to PCI-DSS or PA-DSS or otherwise in regards to data security or any actual or suspected data breaches that may occur, as well as all costs of forensic exam/audit, card replacement fees, all claims and demands of Cardholders, Card Issuers, Card Networks, governmental agencies, or other third parties, and all litigation costs and expenses including reasonable attorney's fees, and all other costs of any kind, associated with any actual or suspected data security breach or noncompliance with Card Network data security requirements or data security requirements of applicable law; and (b) in the event of a computer or other data security breach, or suspected computer or other data security breach, Merchant Xxxxxxxx agrees to abide by Card Network requirements which may include without limitation a forensic network exam by a Qualified Incident Response Assessor (QIRA); and (c) Merchant agrees to cooperate with Processor and Merchant Bank in order to effectively manage breach response. Without limiting the generality of the foregoing, Merchant Xxxxxxxx understands that the payment card industry has required all merchants to be PCI DSS compliant. Processor and Merchant Bank, in compliance with Card Network mandates, will not board merchants for the Services provided for in this Agreement that are not PCI DSScompliantDSS compliant. Merchant and MerchantXxxxxxxx's principals hereby covenant that they are, and will continue for the duration of the Term to be, PCI DSS compliant. Processor and Merchant Bank also require compliance with the PA- DSS standards in accordance with industry mandates, and with all applicable Card Network mandates relating to PIN and PIN entry device (PED) security, including without limitation, and as applicable, the applicable Payment Card Industry PCI PIN Security Requirements, PCI PIN- Entry Device Security Requirements, and PCI Encrypting PIN Pad Security Requirements. Merchant covenants that all point-of- sale (POS) and/or terminal hardware and software (make and version) that Merchant will use to submit Transactions during the Term is PA- DSS compliant, and compliant with all applicable PIN and PED security requirements, and that any future changes in Merchant’s POS hardware or software will be in compliance with the PA-DSS and all applicable PIN and PED security requirements.