PCI-DSS Credit Card Security Policy

Last updated April 2024

In this PCI-DSS Credit Card Security Policy (“PCI Policy”), “DISCOUNT LOTS”, “we”, “us”, or “our” refers to DISCOUNT LOTS, LLC, including its affiliates. We follow the Payment Card Industry Data Security Standard (PCI-DSS) when handling credit card data and other proprietary information disclosed by visitors of our website (https://discountlots.com/) (the “Site”) when paying for services on our Site and DISCOUNT LOTS affiliated websites, subject to the following terms and conditions.

This PCI Policy applies if we, including any of our associated third-party service providers, accept cardholder information when processing payments for our services or otherwise processing payments on any website affiliated with DISCOUNT LOTS. Please read this PCI Policy carefully to understand our policies and practices regarding visitor cardholder information and how we will treat it. By accepting payments through a DISCOUNT LOTS affiliated website, our third-party service providers agree to this PCI Policy.

PLEASE READ THE ENTIRE PCI POLICY CAREFULLY BEFORE YOU CONTINUE. BY ACCESSING THIS SITE OR USING ANY OF ITS FEATURES, YOU AGREE TO THE TERMS OF THIS PCI POLICY AND ARE DEEMED TO HAVE ACCEPTED THESE TERMS IN THEIR ENTIRETY. IF YOU DO NOT AGREE, PLEASE REDIRECT YOUR BROWSER AND EXIT THE SITE.

In addition to this PCI Policy, the collection and use of your personal information obtained by us from this Site is subject to our Privacy Policy, which you can access and review here: https://discountlots.com/privacy-policy/. For more information regarding the use of your information, please see our Privacy Policy.

1. Applicability. Organizations utilizing a third-party “service provider” to process merchant cards are subject to compliance with Requirement 12.8 of the PCI-DSS, which requires a “written agreement” addressing PCI-DSS responsibilities. The requirement is one of the items included in the Self-Assessment Questionnaire (SAQ C or SAQ D) that the organization must answer annually.

2. Nature of the PCI Policy.

(a) DISCOUNT LOTS and its affiliates, including DISCOUNT LOTS third-party service providers (collectively, the “Vendors”) may provide certain services, which such services may involve the processing of merchant card transactions; specifically the processing of payment card information disclosed by visitors when paying for services or otherwise making payments on the Site and/or any DISCOUNT LOTS affiliated website;

(b) Vendors are required to adhere to PCI-DSS promulgated by the PCI Security Standards Council;

(c) Vendors may collect cardholder data disclosed by visitors of the Site on DISCOUNT LOTS affiliated websites and may share this data with various third-party payment processors;

(d) Vendors may process, transmit, and/or store cardholder data in the performance of services provided to visitors of the Site, and are therefore considered “service providers” under Requirement 12.8 of the PCI-DSS;

(e) Requirement 12.8.2 of the PCI-DSS requires Vendors to maintain a written agreement that includes an acknowledgment that the Vendors are responsible for the security of cardholder data that the service providers possess; and

(f) Requirement 12.8.4 of the PCI-DSS requires Vendors to maintain a program to monitor their PCI-DSS compliance status.

3. Representations and Warrenties.

(a) Vendors are responsible for the security of cardholder data that they possess, including the functions relating to storing, processing, and transmitting of cardholder data;

(b) Vendors affirm as of the effective date of the PCI Policy (indicated by the “Last updated” date above), Vendors have complied with all applicable requirements to be considered PCI-DSS compliant, and have performed the necessary steps to validate their compliance with the PCI-DSS;

(c) Vendors will comply with the most current PCI-DSS in connection with the processing of cardholder data, including, but not limited to: (i) creating and maintaining a secure network to protect cardholder data; (ii) using all technical and procedural measures reasonably necessary to protect cardholder data it maintains or controls; (iii) creating and implementing security measures to limit access to cardholder data; (iv) monitoring access to cardholder data it maintains or controls; and (v) creating and implementing an information security policy that assures employee compliance with the foregoing;

(d) Vendors may supply, upon reasonable request, the current status of Vendors’ PCI-DSS compliance status, and evidence of their most recent validation of compliance;

(e) Vendors may notify visitors of the Site if a Vendor learns that they are no longer PCI-DSS compliant and may provide the visitors with the steps being taken to remediate the non-compliance status; and

(f) Vendors acknowledge that any indemnification provided for under any contracts with third-party payment processors apply to the failure of the Vendors to be and to remain PCI-DSS compliant.

If a visitor of the Site wishes to request to review, update, delete submitted cardholder information, or exercise any of their rights in accordance with this PCI Policy, or if Site visitors have any additional questions regarding this PCI Policy or how to remove or modify their cardholder information or related consents, please contact DISCOUNT LOTS by the e-mail or the mailing address below:

DISCOUNT LOTS, LLC
450 Anthony Trail
Northbrook, Illinois 60062
Attention: Privacy Officer
By Email: [email protected]

DISCOUNT LOTS will use commercially reasonable efforts to promptly respond and resolve any problem or question.