Cardholder Data Security Sample Clauses

Cardholder Data Security. To the extent applicable, each of the parties shall be required to comply at all times with the Payment Card Industry Data Security Standard Program (“PCI-DSS”) in effect and as may be amended from time to time during the term of the Agreement. The current PCI-DSS specifications are available on the PCI Security Standards Council website which may be amended or modified at any time: xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx.
Sample 1Sample 2Sample 3See All (4)
AutoNDA by SimpleDocs
Cardholder Data Security. Provider has implemented technical and organizational measures designed to secure Xxxxxxxx’s Customer’s personal information from accidental loss and from unauthorized access, use, alteration or disclosure; however, Provider cannot guarantee that unauthorized third parties will never be able to defeat those measures or use Merchant’s, or Merchant’s Customers’, personal information for improper purposes. Provider is committed to the secure operation of the systems used to operate the Services. Provider is audited on an annual basis and is certified and compliant with Level 1 Payment Card Industry Data Security Standards (PCI DSS). Provider systems are regularly tested for compliance with all applicable PCI DSS standards and best practices. Provider will maintain all applicable PCI DSS requirements to the extent that Provider possesses or otherwise stores, processes, or transmits cardholder data on behalf of the Merchant, or otherwise impacts the security of the Provider cardholder data environment. Merchant shall adopt and maintain the following security requirements for its security environment:
Sample 1Sample 2
Cardholder Data Security. With respect to the Program, from and after the Effective Date, Company and Bank shall, each at its own cost and expense except to the extent otherwise provided therein, comply with the information security and business continuity requirements set forth in Schedule 6.4. At a minimum, the parties shall transmit, store and process Cardholder Data in accordance with Applicable Law, Network Rules, Payment Card Industry Data Security Standards and the then-current security rules and requirements of the Network, all as applicable to the Program. [*] Without limiting the foregoing, Company and Bank will each establish, maintain and implement (and require each of its subcontractors receiving Cardholder Data or Company Guest Data to establish, maintain and implement) an information security program, including appropriate administrative, technical and physical safeguards, that is designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Information Security Data and any other Applicable Law governing data security, including the objectives of (v) ensuring the security and confidentiality of the Cardholder Data, (w) protecting against any anticipated threats or hazards to the security or integrity of the Cardholder Data, (x) protecting against unauthorized access to or modification, destruction, disclosure, use or disposal of, or access to, Cardholder Data, (y) ensuring the proper disposal of Cardholder Data, and (z) in the event of a security breach involving Cardholder Data, ensuring that the party suffering such breach notifies affected Cardholders, Applicants and other individuals, and Governmental Authorities, in each case insofar as required by and otherwise in compliance with Applicable Law and Network Rules. [*]
Sample 1Sample 2
Cardholder Data Security. (A) Each Party acknowledges and agrees that this Amended Program Manager Agreement constitutes an agreement for Manager to perform services for Xxxxxx Bank as contemplated in Title V of GLBA and the Privacy Regulations. Without limiting the generality of the terms of this Amended Program Manager Agreement, Manager and Processor each agree that they shall protect the privacy of Cardholder Data to at least the same extent that Xxxxxx Bank must maintain that confidentiality under GLBA and the Privacy Regulations. Without limiting the generality of the foregoing sentence, except as otherwise provided in any Program Schedule, neither Manager nor Processor shall:
Sample 1Sample 2
Cardholder Data Security. You agree you are fully responsible for the security of data collected through your website or otherwise in your possession or control including cardholder data. Cardholder data is any personally identifiable information associated with an individual's credit card or debit card, including Primary Account Numbers (PAN), cardholder name, expiration date, or service code. You expressly agree to comply with the PCI and to provide validation of compliance to Faithlife upon request.
Sample 1
Cardholder Data Security. With respect to the Program, from and after the Effective Date, Company and Bank shall, each at its own cost and expense except to the extent otherwise provided therein, comply with the information security and business continuity requirements set forth in Schedule 6.4. At a minimum, the parties shall transmit, store and process Cardholder Data in accordance with Applicable Law, Network Rules, Payment Card Industry Data Security Standards and the then-current security rules and requirements of the Network, all as applicable to the Program. Company will keep Cardholder Data logically isolated from any data of its own, other customers or suppliers, so that: (i) Cardholder Data is not commingled with third party data or disclosed in conjunction with any disclosure of third party data; and (ii) Company can readily locate and/or return Cardholder Data in accordance with this Agreement. Without limiting the foregoing, Company and Bank will each establish, maintain and implement (and require each of its subcontractors receiving Cardholder Data or Company Guest Data to establish, maintain and implement) an information security program, including appropriate administrative, technical and physical safeguards, that is designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Information Security Data and any other Applicable Law governing data security, including the objectives of
Sample 1
Cardholder Data Security. Licensee acknowledges that to the extent it receives cardholder data in connection with the Agreement, Licensee is responsible for the security of the cardholder data Licensee possesses and Licensee will comply with current Payment Card Industry (“PCI”) Data Security Standards (as updated by PCI from time to time). In the event of a data breach of Sears Card cardholder information involving Licensee or Licensee’s environment, Licensee will notify Sears within 24 hours of identified breach and cooperate fully with Sears, PCI, and government officials in any review or forensic investigation of Licensee’s environment and processes.
Sample 1
AutoNDA by SimpleDocs

Related to Cardholder Data Security

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • Privacy and Data Security (a) The parties will keep confidential any information regarding the Trust, the Variable Accounts, and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Trust or Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”) and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available other than as a result of a disclosure by the Receiving Party or its representatives, or (iii) is or becomes available to the Receiving Party on a non-confidential basis from a source (other than the Disclosing Party) which, to the best of the Receiving Party’s knowledge, is not prohibited from disclosing such information to the Receiving Party by a legal, contractual, or fiduciary obligation to the Disclosing Party, or (iv) describes the fees payable to Nationwide under this Agreement.

  • Privacy and Security (a) The Service Provider shall not transmit or store any AHS data outside the borders of Canada, nor transmit any AHS data in Canada to any party not specifically contemplated in this Agreement, without AHS’s prior written consent to each such data transmittal, which consent may be arbitrarily and unreasonably withheld.

  • Customer Data 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.

  • Monthly Data Download Not later than fifteen (15) days after the end of each month, beginning with the month in which the Commencement Date occurs and ending with the Final Shared-Loss Month, Assuming Institution shall provide Receiver:

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • Account Information The account balance and transaction history information may be limited to recent account information involving your accounts. Also, the availability of funds for transfer or withdrawal may be limited due to the processing time for any ATM deposit transactions and our Funds Availability Policy.

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.

  • Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds' shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer's reasonable requests for information concerning Bank's information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank's discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank's information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer ("Breach of Security"); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank's other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank's ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer's ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, "personal information" shall mean (i) an individual's name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver's license number, (c) state identification card number, (d) debit or credit card number, (e) financial account 22 number, (f) passport number, or (g) personal identification number or password that would permit access to a person's account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual's account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing "personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

  • Safeguarding Customer Information The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616 and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Master Servicer, the Trustee and the NIMS Insurer information reasonably available to it regarding such security measures upon the reasonable request of the Master Servicer, the Trustee and the NIMS Insurer which information shall include, but not be limited to, any Statement on Auditing Standards (SAS) No. 70 report covering the Servicer’s operations, and any other audit reports, summaries of test results or equivalent measures taken by the Servicer with respect to its security measures to the extent reasonably necessary in order for the Seller to satisfy its obligations under the Guidelines.

Time is Money Join Law Insider Premium to draft better contracts faster.