Payment Card Standards. Except as set forth on Schedule 4.18, the Company and its Subsidiaries have collected, stored, maintained, used, shared and processed Personal Information in accordance with all Applicable Privacy and Data Security Laws and have taken commercially reasonable steps to protect against any anticipated or actual threats or hazards to the security or integrity of Personal Information, and from the loss of Personal Information. To the Knowledge of the Company, the Company’s and its Subsidiaries’ practices, policies and procedures with regard to payment instrument information are in full compliance with all rules, regulations, standards and guidelines adopted or required (a) by all payment card brands that are accepted as a form of payment by, or whose instrument information is otherwise handled by, the Company, and (b) by the Payment Card Industry Security Standards Council, in either case relating to privacy, data security or the safeguarding, disclosure or handling of payment instrument information, including but not limited to (1) the Payment Card Industry Data Security Standards, (2) the Payment Card Industry’s Payment Application Data Security Standard, (3) the Payment Card Industry’s PIN Transaction Security requirements, (4) Visa’s Cardholder Information Security Program and Payment Application Best Practices, (5) American Express’s Data Security Operating Policy, (6) MasterCard’s Site Data Protection Program and POS Terminal Security program, and (7) the analogous security programs implemented by other card brands, in each case referenced in this sentence as they may be amended from time to time (collectively referred to herein as the “PCI Requirements”). Other than as set forth on Schedule 4.18, to the Knowledge of the Company, neither the Company nor its Subsidiaries have suffered a breach of Personal Information that was required to be reported to a data subject or a data owner or licensee pursuant to any Applicable Privacy and Data Security Laws or any other Applicable Laws. The Company and its Subsidiaries have written agreements with each third party service provider or partner having access to Personal Information requiring compliance with Applicable Privacy and Data Security Laws, including the PCI Requirements to the extent applicable. The Company and its Subsidiaries maintain records of their customers’ communications preferences, such as opt-ins and opt-outs for various forms of direct marketing, behavioral advertising, and customer tracking...
Payment Card Standards. To the extent a party, or any subcontractor or service provider of such party, receives, stores, processes or transmits any debit, credit or prepaid card information, such party and/or its applicable subcontractors and service providers, as applicable, (a) will comply with all applicable laws, standards, rules and regulations related to the collection, storage, processing and transmission of debt, credit or prepaid card information; and (b) will be a certified Payment Card Industry Data Security Standard (“PCI-DSS”) service provider. Each party will promptly provide the other party with its most recent annual attestation of PCI-DSS compliance upon request.
Payment Card Standards. 1.6.1 To the extent [company name] collects or has access to any information involving payment card data under the contract, [company name] shall adhere to all applicable payment card industry requirements, including, the current Payment Card Industry Data Security Standard (PCI DSS).
