DATA SECURITY, COLLECTION, TRANSFER AND RETENTION
Payment Gateway’s Duties
You understand Payment Gateway will collect, retain, use and share information and data collected from You and your customers in accordance with Payment Gateway’s then current Privacy Policies. You hereby consent, as a condition of Your enrollment in and use of the Payment Gateway Services, to the collection, use, processing and transfer of personal data as described in Section 5 and Payment Gateway’s Privacy Policies.
You understand that Payment Gateway may collect and hold personal or non-public information about You and Your customers, including but not limited to: Your name, address, telephone number, e-mail address, social security number and/or tax identification number and payment data as well as Your customers’ names, mailing & shipping addresses, email addresses, phone number, types of purchases and descriptions of purchases (“Data”) for the purpose of considering eligibility for the Payment Gateway Services and for the purpose of providing You and your customers with the Payment Gateway Services. You also understand and agree that Payment Gateway, its subsidiaries, Affiliate Partners, Third Party Service Providers, suppliers and/or their agents and/or contractors may transfer Data among themselves as necessary for the purpose of the provision and management of the Payment Gateway Services and that Payment Gateway may further transfer Data (i) with non-affiliated entities that assist Payment Gateway in providing products and services that You have requested; (ii) with companies that provide support services to Payment Gateway; (iii) with companies that provide marketing services on behalf of Payment Gateway; or (iv) as otherwise provided by law.
You further understand that while Payment Gateway uses commercially reasonable efforts to safeguard Data and Transaction data transmitted while using Payment Gateway Services, Payment Gateway does not warrant that Data and Transaction data will be transported without unauthorized interception or modification or that Data or Transaction data will not be accessed or compromised by any unauthorized third parties.
With respect to the Payment Gateway Services, at all times while this Agreement is in effect, Payment Gateway will maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS).
You agree that you will comply at all times with all applicable and then-current legal obligations and security measures including without limitation those issued by the United States Government, Federal, State and Municipal laws and ordinances, Card Association, the Federal Trade Commission, PCI DSS and any other governing body. You agree that you will comply with all Payment Gateway security protocols, notices and safeguards in effect during the term of this Agreement. You warrant that You have taken such precautions as are necessary to ensure that Your data and Your customer data is protected and that Your electronic systems are secure from breach, intrusion or compromise by any unauthorized third parties. In the event that Your system is breached and an unauthorized third party has access to or has accessed Data or Transaction data, You shall notify the designated parties as required under any applicable laws or industry guidelines and shall immediately notify Payment Gateway of such breach and take such prompt action and precautions as necessary to prevent any continuous or additional breach.
You are solely responsible for the security of data residing on server(s) owned or operated by You, Third Party Service Provider, or a third party designated by You (e.g., a web hosting company, processor, or other service provider), including credit card numbers and any other personal data. You shall comply with all applicable laws and regulations governing the collection, retention and use by You of credit card and other financial information and agree to provide notice to your customers on Your web site that discloses how and why personal and financial information is collected and used, including uses governed by this Agreement.
You agree that You are solely responsible for verifying the accuracy and completeness of all Transactions submitted and processed by Payment Gateway associated with Your account and verifying that all corresponding funds are accurately processed. You acknowledge that the fees associated with any and all transactions processed through Your account are earned by Payment Gateway and shall not be reimbursed. You acknowledge that Payment Gateway shall not be liable for any improperly processed or unauthorized Transactions or illegal or fraudulent access to Your account, Data or Transaction data. Payment Gateway’s liability for unauthorized Transactions or improperly processed Transactions solely attributable to the negligence of Payment Gateway is limited pursuant to Section 13.
You agree not to use, disclose, sell or disseminate any card, cardholder or ACH information obtained in connection with a Transaction except for purposes of completing or settlement of a Transaction and/or resolving chargebacks, retrievals or similar issues involving a Transaction unless required to do so by court order or governmental agency request, subpoena or order.
You agree that You are solely responsible for compiling and retaining permanent records of all Data and Transaction data for Your reference. Except as otherwise provided herein, Payment Gateway shall have no obligation to store, retain, report or otherwise provide any copies of or access to any records of Transactions or other Data collected or processed by Payment Gateway. You acknowledge that upon termination of this Agreement, Payment Gateway shall have no obligation to provide You with any Data or Transaction data. You agree that You shall use proper controls for and limit access to all Data or Transaction data. Prior to discard You shall render all Data or Transaction data unreadable and abide by any laws or regulations imposed on You for Data or Transaction data destruction and/or disposal.
Your User Name and Password
In connection with Your rights described in Section 4.1, Payment Gateway or Affiliate Partner will issue to You, or permit You to use a user name and password, to enable You and/or Your employees and agents to access Your gateway account and use the Payment Gateway Services. You will restrict access to such user name, password, and account to Your employees and agents as may be reasonably necessary and consistent with the purposes of this Agreement and will ensure that each such employee and agent accessing and using the account is aware of and otherwise complies with all applicable provisions of this Agreement and any recommendations and notices regarding such use and access.
You are solely responsible for maintaining adequate security and control of any and all user names, passwords, or any other codes that are issued to You by Payment Gateway or Affiliate Partner or selected by You, for purposes of giving You access to the Payment Gateway Services. Payment Gateway shall be entitled to rely on information it receives from You and may assume that all such information was transmitted by or on behalf of You.