|
Association in the event of a Data Security Event. In all events, Merchant shall not take any action, or fail to take any action, without
<br />TMS's prior written consent, which prejudices TMS's rights under this CCAP.
<br />IV. ADDITIONAL OBLIGATIONS
<br />In addition to all other duties and obligations contained elsewhere in this CCAP:
<br />A. Merchant shall allow TMS and/or our insurers to examine and audit all of its records that relate to the matters covered by this
<br />CCAP. TMS and/or its insurers may conduct the audits during regular business hours during the term of the CCAP and within
<br />three (3) years after the term of this CCAP ends; and
<br />B. MERCHANT shall pay all amounts payable when due to TMS under this CCAP or any other written agreement to which
<br />MERCHANT and TMS are a party, including the Merchant Transaction Processing Agreement to which this CCAP has been
<br />attached. MERCHANT shall also be responsible for the giving and receiving of timely notices as required under the CCAP,
<br />including, but not limited to, notice of a Data Security Event and any claim arising out of such Data Security Event.
<br />V. EXCLUSIONS
<br />The CCAP does not and will not apply to:
<br />A. any Data Security Event arising out of MERCHANT allowing any party (other than its employees or TMS) to hold or access
<br />Cardholder Information;
<br />B. any Security Event Expenses arising out of or resulting, directly or indirectly, from any dishonest, fraudulent, criminal or
<br />malicious act, error or omission, or any intentional or knowing violation of the law, if committed by MERCHANT's:
<br />1. directors, officers, trustees, governors, management committee members, members of the management board or partners (or
<br />the equivalent positions), whether acting alone or in collusion with other persons; or
<br />2. employees (other than officers) if any of MERCHANT's elected or appointed officers possessed knowledge of any such:
<br />a) dishonest, fraudulent, malicious, or criminal or malicious act, error or omission;
<br />b) intentional or knowing violation of the law or the CCAP, or
<br />c) gaining of any profit or advantage to which MERCHANT is not legally entitled;
<br />prior to or at the time (a), (b) or (c) above were committed,
<br />C. any Data Security Event caused by or resulting, directly or indirectly, from an act, error or omission of TMS, including, without
<br />limitation: (i) the disclosure of any Cardholder Information by TMS its employees or any person or entity to whom TMS provides
<br />Cardholder Information; or (ii) any failure of the TMS's operating environment security, computer system equipment or payment
<br />processing network; provided however, this exclusion does not apply to the actual or alleged failure of TMS to monitor the operations of,
<br />or the security procedures or computer systems used by, MERCHANT;
<br />D. any Security Event Expenses arising out of or resulting from a claim, suit, action or proceeding against MERCHANT that is
<br />brought by or on behalf of any federal, state or local government agency;
<br />E. any Data Security Event relating to MERCHANT if MERCHANT has experienced a prior Data Security Event unless
<br />MERCHANT was later certified (or re-certified) as PC] compliant by a qualified security assessor;
<br />F. any Data Security Event involving MERCHANT if MERCHANT: (i) is categorized by any Card Association as "Level 1"; or (ii)
<br />MERCHANT processed more than six million (6,000,000) Bank Card transactions during the twelve month period prior to
<br />MERCHANT's enrollment into this CCAP;
<br />G. any expenses, other than Security Event Expenses, incurred by MERCHANT, arising out of or resulting, directly or indirectly,
<br />from a Data Security Event, including without limitation, expenses incurred to bring MERCHANT into compliance with the PCI Data
<br />Security Standard or any similar security standard,
<br />H. any Security Event Expenses arising out of or resulting, directly or indirectly, from physical injury, sickness, disease, disability,
<br />shock or mental anguish sustained by any person, including without limitation, required care, loss of services or death at any time
<br />resulting therefrom;
<br />1. any Security Event Expenses arising out of or resulting, directly or indirectly, from any of the following:
<br />1. fire, smoke, explosion, lightning, wind, water, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, an act of God or
<br />any other physical event, however caused,
<br />2 strikes or similar labor action, war, invasion, act of foreign enemy, hostilities or warlike operations (whether declared or not), civil
<br />war, mutiny, civil commotion assuming the proportions of or amounting to a popular rising, military rising, insurrection, rebellion,
<br />revolution, military or usurped power, or any action taken to hinder or defend against these actions; or
<br />3. electrical or mechanical failures, including any electrical power interruption, surge, brownout or blackout; a failure of telephone
<br />lines, data transmission lines, satellites or other infrastructure comprising or supporting the Internet, unless such lines or infrastructure
<br />were under TMS's operational control;
<br />J. any Security Event Expenses arising out of or resulting, directly or indirectly, from the presence of or the actual, alleged or
<br />threatened discharge, dispersal, release or escape of Pollutants (including nuclear materials), or any direction or request to test for,
<br />201108 MTPA Terms and Conditions Page 25 of 35 CONFIDENTIAL
|