Data minimization. As a general principle, you should gather and retain no more Card Data or other sensitive data than you need. Holding Card Data and personal data creates a risk of liability to you, and you can reduce that risk by taking and holding less data. If you store Card Data, consider carefully the need to do so: PayPal must refund a payment which lacks its payer’s authorisation, and if the user will authorise a further payment, the user will generally also give you up-to-date Card Data again, so you may have little need to store Card Data for future use. Card Data that you do not have is data that you cannot spill if you suffer a Data Breach.
Appears in 4 contracts
Samples: www.paypalobjects.com, www.paypalobjects.com, www.paypalobjects.com
