Common use of Use and Disclosure of Cardholder Data Clause in Contracts

Use and Disclosure of Cardholder Data. (a) Neither Party shall use, or permit to be used, the Cardholder Data, except as provided in this Article XII. Bank agrees that, during and after the Term of this Agreement, it shall not use, nor permit any third party other than Program Manager or its designated Program Affiliate(s) to use, any Cardholder Data other than as necessary to perform Bank’s regulatory obligations hereunder or as required to comply with Applicable Law. (b) Each Party, and each Person with which either Party contracts to perform any portion of such Party’s obligations hereunder may receive, use and disclose the Cardholder Data with respect to the relevant Program(s) solely to the extent permitted by this Article XII and in compliance with Applicable Law and the Privacy Policy (i) for purposes of promoting the Cards and Programs, (ii) as otherwise necessary to carry out its obligations under this Agreement, and (iii) as otherwise permitted by the Privacy Policy and Applicable Law. Neither Party shall, directly or indirectly, sell or otherwise transfer any right in or to the Cardholder Data other than as provided herein. (c) During the Term of this Agreement, the Cardholder Data shall be owned by Bank, but the manner in which such Cardholder Data may be used, shared and disclosed by the Parties and/or the customer during the Term shall be as set forth herein. (d) Each Party may disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy solely: (i) to any System or other entity to which disclosure is necessary in connection with the processing a Transaction; (ii) to its subcontractors in connection with a permitted use of such Cardholder Data under this Article XII, provided that each such subcontractor agrees in writing to maintain all such Cardholder Data as strictly confidential in perpetuity and not to use or disclose such information to any person other than Program Manager or Bank, except as required by Applicable Law or any Regulatory Authority (after giving Bank or Program Manager ,as applicable, prior notice and an opportunity to defend against such disclosure); provided, further, that each such subcontractor maintains, and agrees in writing to maintain, an information security program that is designed to protect Cardholder Data and information related to Transactions, and which complies with the requirements under Applicable Law; (iii) to its employees, consultants, attorneys and accountants with a need to know such Cardholder Data in connection with a permitted use of such Cardholder Data under this Article XII; provided that (A) any such person is bound by terms substantially similar to this Article XII as a condition of employment or of access to Cardholder Data or by professional *** Confidential Treatment Requested obligations imposing comparable terms; and (B) such Party shall be responsible for the compliance by each such person with the terms of this Article XII (iv) to any Regulatory Authority with authority over Program Manager (A) in connection with an examination of either Party; or (B) pursuant to a specific requirement to provide such Cardholder Data by such Regulatory Authority or pursuant to compulsory legal process; provided that such Party seeks the full protection of confidential treatment for any disclosed Cardholder Data to the extent available under Applicable Law governing such disclosure, and with respect to clause (B), to the extent permitted by Applicable Law, such Party (1) provides at least ten (10) Business Days’ prior notice of such proposed disclosure to the other Party if reasonably possible under the circumstances, and (2) seeks to redact the Cardholder Data to the fullest extent possible under Applicable Law governing such disclosure; (e) Notwithstanding the foregoing, Program Manager shall be permitted to disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy to any third party for purposes of marketing other goods or services to the extent permissible under Applicable Law and the Privacy Policy.

Use and Disclosure of Cardholder Data. (a) Neither Party shall use, or permit to be used, the Cardholder Data, except as provided in this Article XII. Bank Servicer agrees that, during and after the Term of this AgreementTerm, it shall not use, nor permit any Subcontractor or any third party other than Bank or a Program Manager or its designated Program Affiliate(s) Critical Subcontractor to use, any Cardholder Data other than as necessary to perform BankServicer’s regulatory obligations hereunder or as required to comply with Applicable Law. (b) Each Party, and each Person with which either Party contracts to perform any portion of such Party’s obligations hereunder may receive, use and disclose the Cardholder Data with respect to the relevant Program(s) solely to the extent permitted by this Article XII and in compliance with Applicable Law and the Privacy Policy (i) for purposes of promoting the Cards and Programs, (ii) as otherwise necessary to carry out its obligations under this Agreement, and (iii) as otherwise permitted by the Privacy Policy and Applicable Law. Neither Party shall, directly or indirectly, sell or otherwise transfer any right in or to the Cardholder Data other than as provided herein. (c) During the Term of this Agreement, the Cardholder Data shall be owned by Bank, but the manner in which such Cardholder Data may be used, shared and disclosed by the Parties and/or the customer during the Term shall be as set forth herein. (d) Each Party Servicer may disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy solely: (i) to any System or other entity to which disclosure is necessary in connection with the processing of a Transaction; (ii) to its subcontractors Program Critical Subcontractors in connection with a permitted use of such Cardholder Data under this Article XIIXI, provided that each such subcontractor Program Critical Subcontractor agrees in writing to maintain all such Cardholder Data as strictly confidential in perpetuity and not to use or disclose such information to any person Person other than Program Manager Servicer or Bank, except as required by Applicable Law or any Regulatory Authority (after giving Bank or Program Manager ,Servicer, as applicable, prior notice and an opportunity to defend against such disclosure); provided, further, that each such subcontractor maintains, and agrees Program Critical Subcontractor maintains a Security Program in writing to maintain, an information security program that is designed to protect Cardholder Data and information related to Transactions, and which complies accordance with the requirements under Applicable Lawterms of Section 11.5; (iii) to its employees, consultants, attorneys and accountants with a need to know such Cardholder Data in connection with a permitted use of such Cardholder Data under this Article XIIXI; provided that (A) any such person Person is bound by terms substantially similar to this Article XII X1 as a condition of employment or of access to Cardholder Data or by professional [*** *] Certain information in this document has been omitted and filed separately with the Securities and Exchange Commission. Confidential Treatment Requested treatment has been requested with respect to the omitted portions. obligations imposing comparable terms; and (B) such Party shall be responsible for the compliance by each such person Person with the terms of this Article XIIXI; or (iv) to any Regulatory Authority with authority over Program Manager (A) in connection with an examination of either Party; Servicer or (B) pursuant to a specific requirement to provide such Cardholder Data by such Regulatory Authority or pursuant to compulsory legal process; provided that such Party seeks the full protection of confidential treatment for any disclosed Cardholder Data to the extent available under Applicable Law governing such disclosure, and with respect to clause (B), to the extent permitted by Applicable Law, such Party (1) provides at least ten (10) Business Days’ prior notice of such proposed disclosure to the other Party if reasonably possible under the circumstances, and (2) seeks to redact the Cardholder Data to the fullest extent possible under Applicable Law governing such disclosure; (e) Notwithstanding the foregoing, Program Manager shall be permitted to disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy to any third party for purposes of marketing other goods or services to the extent permissible under Applicable Law and the Privacy PolicyBank.

Use and Disclosure of Cardholder Data. (a) Neither Party shall use, or permit to be used, the Cardholder Data, except as provided in this Article XII. Bank agrees that, during and after the Term of this Agreement, it shall not use, nor permit any third party other than Program Manager or its designated Program Affiliate(s) to use, any *** Confidential Treatment Requested Cardholder Data other than as necessary to perform Bank’s regulatory obligations hereunder or as required to comply with Applicable Law. (b) Each Party, and each Person with which either Party contracts to perform any portion of such Party’s obligations hereunder may receive, use and disclose the Cardholder Data with respect to the relevant Program(s) solely to the extent permitted by this Article XII and in compliance with Applicable Law and the Privacy Policy (i) for purposes of promoting the Cards and Programs, (ii) as otherwise necessary to carry out its obligations under this Agreement, and (iii) as otherwise permitted by the Privacy Policy and Applicable Law. Neither Party shall, directly or indirectly, sell or otherwise transfer any right in or to the Cardholder Data other than as provided herein. (c) During the Term of this Agreement, the Cardholder Data shall be owned by Bank, but the manner in which such Cardholder Data may be used, shared and disclosed by the Parties and/or the customer during the Term shall be as set forth herein. (d) Each Party may disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy solely: (i) to any System or other entity to which disclosure is necessary in connection with the processing a Transaction; (ii) to its subcontractors in connection with a permitted use of such Cardholder Data under this Article XII, provided that each such subcontractor agrees in writing to maintain all such Cardholder Data as strictly confidential in perpetuity and not to use or disclose such information to any person other than Program Manager or Bank, except as required by Applicable Law or any Regulatory Authority (after giving Bank or Program Manager ,as applicable, prior notice and an opportunity to defend against such disclosure); provided, further, that each such subcontractor maintains, and agrees in writing to maintain, an information security program that is designed to protect Cardholder Data and information related to Transactions, and which complies with the requirements under Applicable Law; (iii) to its employees, consultants, attorneys and accountants with a need to know such Cardholder Data in connection with a permitted use of such Cardholder Data under this Article XII; provided that (A) any such person is bound by terms substantially similar to this Article XII as a condition of employment or of access to Cardholder Data or by professional *** Confidential Treatment Requested obligations imposing comparable terms; and (B) such Party shall be responsible for the compliance by each such person with the terms of this Article XII (iv) to any Regulatory Authority with authority over Program Manager (A) in connection with an examination of either Party; or (B) pursuant to a specific requirement to provide such Cardholder Data by such Regulatory Authority or pursuant to compulsory legal process; provided that such Party seeks the full protection of confidential treatment for any disclosed Cardholder Data to the extent available under Applicable Law governing such disclosure, and with respect to clause (B), to the extent permitted by Applicable Law, such Party (1) provides at least ten (10) Business Days’ prior notice of such proposed disclosure to the other Party if reasonably possible under the circumstances, and (2) seeks to redact the Cardholder Data to the fullest extent possible under Applicable Law governing such disclosure; (e) Notwithstanding the foregoing, Program Manager shall be permitted to disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy to any third party for *** Confidential Treatment Requested purposes of marketing other goods or services to the extent permissible under Applicable Law and the Privacy Policy.

Use and Disclosure of Cardholder Data. (a) Neither Party shall use, or permit to be used, the Cardholder Data, except as provided in this Article XII. Bank agrees that, during and after the Term of this Agreement, it shall not use, nor permit any third party other than Program Manager or its designated Program Affiliate(s) to use, any Cardholder Data other than as necessary to perform Bank’s regulatory obligations hereunder or as required to comply with Applicable Law. (b) Each Party, and each Person with which either Party contracts to perform any portion of such Party’s obligations hereunder may receive, use and disclose the Cardholder Data with respect to the relevant Program(s) solely to the extent permitted by this Article XII and in compliance with Applicable Law and the Privacy Policy (i) for purposes of promoting the Cards and Programs, (ii) as otherwise necessary to carry out its obligations under this Agreement, and (iii) as otherwise permitted by the *** Confidential Treatment Requested Privacy Policy and Applicable Law. Neither Party shall, directly or indirectly, sell or otherwise transfer any right in or to the Cardholder Data other than as provided herein. (c) During the Term of this Agreement, the Cardholder Data shall be owned by Bank, but the manner in which such Cardholder Data may be used, shared and disclosed by the Parties and/or the customer during the Term shall be as set forth herein. (d) Each Party may disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy solely: (i) to any System or other entity to which disclosure is necessary in connection with the processing a Transaction; (ii) to its subcontractors in connection with a permitted use of such Cardholder Data under this Article XII, provided that each such subcontractor agrees in writing to maintain all such Cardholder Data as strictly confidential in perpetuity and not to use or disclose such information to any person other than Program Manager or Bank, except as required by Applicable Law or any Regulatory Authority (after giving Bank or Program Manager ,as applicable, prior notice and an opportunity to defend against such disclosure); provided, further, that each such subcontractor maintains, and agrees in writing to maintain, an information security program that is designed to protect Cardholder Data and information related to Transactions, and which complies with the requirements under Applicable Law; (iii) to its employees, consultants, attorneys and accountants with a need to know such Cardholder Data in connection with a permitted use of such Cardholder Data under this Article XII; provided that (A) any such person is bound by terms substantially similar to this Article XII as a condition of employment or of access to Cardholder Data or by professional *** Confidential Treatment Requested obligations imposing comparable terms; and (B) such Party shall be responsible for the compliance by each such person with the terms of this Article XII (iv) to any Regulatory Authority with authority over Program Manager (A) in connection with an examination of either Party; or (B) pursuant to a specific requirement to provide such Cardholder Data by such Regulatory Authority or pursuant to compulsory legal process; provided that such Party seeks the full protection of confidential treatment for any disclosed Cardholder Data to the extent available under Applicable Law governing such disclosure, and with respect to clause (B), to the extent permitted by Applicable Law, such Party (1) provides at least ten (10) Business Days’ prior notice of such proposed disclosure to the other Party if reasonably possible under the circumstances, and (2) seeks to redact the Cardholder Data to the fullest extent possible under Applicable Law governing such disclosure; (e) Notwithstanding the foregoing, Program Manager shall be permitted to disclose the Cardholder Data in compliance with Applicable Law and the Privacy Policy to any third party for purposes of marketing other goods or services to the extent permissible under Applicable Law and the Privacy Policy.