Common use of Data Security and Privacy Clause in Contracts

Data Security and Privacy. In the event that Sub-Merchant receives Card information (such as the cardholder’s account number, expiration date, and CVV2) in connection with the processing services provided under this Agreement, Sub-Merchant agrees that it will not use Card information for any fraudulent purpose or in violation of any Network Rules, including but not limited to Payment Card Industry Data Security Standards (PCI DSS) or applicable law. If at any time Sub-Merchant believes that Card information has been compromised, Sub-Merchant must notify Provider and Payment Facilitator promptly, and Sub-Merchant and Payment Facilitator must provide notice to the proper parties in accordance with the Master Contract’s Attachment 2, Statement of Work, Section 10.3, Core Platform and Security Breach. Sub-Merchant must ensure Sub-Merchant’s compliance and that of any third party service provider utilized by Sub-Merchant, with all security standards and guidelines that are applicable to it and published from time to time by Visa, MasterCard or any other Network, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (CISP), the MasterCard Site Data Protection (SDP), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard PA-DSS (Payment Application Data Security Standards) (collectively, the Security Guidelines). If any Network requires an audit of Sub-Merchant due to a data security compromise event or suspected event, Sub-Merchant agrees to cooperate with such audit. Sub-Merchant may not use any Card information other than for the sole purpose of completing the Transaction authorized by the customer for which the information was provided to Sub-Merchant or as specifically allowed by Network Rules, Your Payments Acceptance Guide, or required by law.

Data Security and Privacy. In the event that Sub-Merchant receives Card information (such as the cardholder’s account number, expiration date, and CVV2) in connection with the processing services provided under this Agreement, Sub-Merchant agrees that it will not use Card information for any fraudulent purpose or in violation of any Network Rules, including but not limited to Payment Card Industry Data Security Standards (PCI DSS) or applicable law. If at any time Sub-Merchant believes that Card information has been compromised, Sub-Merchant must notify Provider and Payment Facilitator promptly, and Sub-Merchant and Payment Facilitator must provide notice to the proper parties in accordance with the Master Contract’s Attachment 2, Statement of Work, Section 10.3, Core Platform and Security Breach. Sub-Merchant must ensure Sub-Merchant’s compliance and that of any third party service provider utilized by Sub-Merchant, with all security standards and guidelines that are applicable to it and published from time to time by Visa, MasterCard Mastercard or any other Network, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (CISP), the MasterCard Mastercard Site Data Protection (SDP), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard Mastercard PA-DSS (Payment Application Data Security Standards) (collectively, the Security Guidelines). If any Network requires an audit of Sub-Merchant due to a data security compromise event or suspected event, Sub-Merchant agrees to cooperate with such audit. Sub-Merchant may not use any Card information other than for the sole purpose of completing the Transaction authorized by the customer for which the information was provided to Sub-Merchant or as specifically allowed by Network Rules, Your Payments Acceptance Guide, or required by law.

Data Security and Privacy. In the event that Sub-Merchant receives Card information (such as the cardholder’s account number, expiration date, and CVV2) in connection with the processing services provided under this Agreement, Sub-Merchant agrees that it will not use Card information for any fraudulent purpose or in violation of any Network Rules, including but not limited to Payment Card Industry Data Security Standards (PCI DSS) or applicable law. If at any time Sub-Merchant believes that Card information has been compromised, Sub-Merchant must notify Provider and Payment Facilitator promptly, and Sub-Merchant and Payment Facilitator must provide notice to the proper parties in accordance with the Master Contract’s Attachment 2, Statement of Work, Section 10.3, Core Platform and Security Breach. Sub-Sub- Merchant must ensure Sub-Merchant’s compliance compliance, and that of any third party service provider utilized by Sub-Sub- Merchant, with all security standards and guidelines that are applicable to it and published from time to time by Visa, MasterCard Mastercard, or any other Network, including, without limitation, the Visa U.S.A. Cardholder Information Security Program (CISP), the MasterCard Mastercard Site Data Protection (SDP), and (where applicable), the PCI Security Standards Council, Visa, and MasterCard Mastercard PA-DSS (Payment Application Data Security Standards) (collectively, the Security Guidelines). If any Network requires an audit of Sub-Merchant due to a data security compromise event or suspected event, Sub-Merchant agrees to cooperate with such audit. Sub-Merchant may not use any Card information other than for the sole purpose of completing the Transaction authorized by the customer for which the information was provided to Sub-Merchant or as specifically allowed by Network Rules, Your Payments Acceptance Guide, or required by law.