PayPal is our payment gateway.
THIS MERCHANT SERVICES AGREEMENT (THE “AGREEMENT”) IS A LEGAL AND BINDING AGREEMENT BETWEEN YOU AND PAYPAL PTE LTD. PLEASE READ IT CAREFULLY.
BY APPLYING FOR THE SERVICES THROUGH OUR ONLINE APPLICATION PROCESS OR OTHERWISE OR BY USING THE SERVICES DEFINED BELOW, YOU ACKNOWLEDGE THAT YOU HAVE READ AND AGREE TO BE BOUND BY (AND THAT YOUR COMPANY WILL BE BOUND BY) ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT AND ALL DOCUMENTS INCORPORATED BY REFERENCE. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT DO NOT USE THE SERVICES.
- INTRODUCTION
1.1 Introduction. In this Merchant Service Agreement (“ Agreement ”), “Merchant”, “you” and “your” refer to each customer (“ Merchant ”) and its designated agents, including your administrative contact, and “PayPal”, “we”, “us” and “our” refer collectively to PayPal Pte Ltd, 5 Temasek Boulevard, #09-01/ 02/ 03 Suntec Tower 5, Singapore 038985 (“ PayPal ”). This Agreement explains our obligations to you, and your obligations to us in relation to the service(s) you purchase. By purchasing the service(s) you agree to establish an account with us for such services. When you use your account or permit someone else to use your account to purchase or otherwise acquire access to additional PayPal service(s) or to modify or cancel your service(s) (even if we were not notified of such authorisation), this Agreement as amended covers any such service or actions. Additionally, you agree that the administrative contact for any services provided to you is your agent with full authority to act on your behalf with respect to such services, as permitted by the Services and related documentation, including (but not limited to) the authority to terminate, transfer (where transfer is permitted by the Agreement), or modify such services, or purchase additional services. Any acceptance of your application(s) or requests for our services and the performance of our services will be deemed to occur at our offices in Singapore.
1.2 Various Services. Sections 1 through 12 apply to any and all Services that you purchase or use under the Agreement. The terms and conditions set forth in the attached schedules to the Agreement apply only to customers who have purchased or use the PayPal services referenced in those schedules. Such schedules are incorporated into this Agreement by this reference. In the event of any inconsistency between the terms of Sections 1 through 12 and the terms of the schedules, the terms of the schedules shall control with regard to the applicable PayPal service. IMPORTANT NOTICE CONCERNING BUNDLED SERVICES: If you purchase or use separate PayPal services that are sold together as a “bundled” package, as opposed to your purchasing or using such services separately, termination of any part of the services may result in termination of all PayPal services provided as part of the bundled package unless arrangements are made to pay for the services separately. Please see Section 10 of this Agreement for termination terms.
- DEFINITIONS.
2.1 “ Financial Institution ” shall mean banks or financial institutions having business relationships with one or more Financial Processors that have agreed to evaluate and provide merchant accounts and payment authorisation services to merchants.
2.2 “ Financial Processor ” shall mean an entity with which PayPal has established a relationship that performs the back-end authorisation and processing of Transactions between the Merchant’s Financial Institution and the cardholder’s bank.
2.3 “ Services ” shall mean the Payflow Link or Payflow Pro services used by Merchant and any add-on services specifically described in this Agreement. Current descriptions of the Payflow Link TM and Payflow Pro TM services can be found at the URL: https://www.paypal.com/au/cgi-bin/webscr?cmd=_payflow-gateway-overview-outside.
2.4 “ Software ” shall mean the object code version of PayPal’s client Software Development Kit (“ SDK ”), HTML code, application programming interfaces (APIs), related documentation and other client software or code which PayPal provides to Merchant, including updates, to enable PayPal to provide the Services to Merchant. Unless otherwise specified, Software shall not include any source code. The Software is proprietary to PayPal and is licensed to Merchant under a separate SDK License Agreement at the time of download.
2.5 “ Manager Web Site ” means PayPal’s online account management tools for merchants for the Payflow Link services and Payflow Pro services that are part of the Services.
2.6 “ Transaction ” shall mean information related to the purchase of goods and services from Merchant by a third party. Specifically a Transaction is an authorisation, delayed capture, sale, void, voice authorisation or credit data transmission between PayPal and its back end processors.
- MERCHANT OBLIGATIONS.
3.1 General Service Requirements. Merchant shall be solely responsible for:
- Establishing, hosting and maintenance of its Web site(s) and its connection to the Internet (the “ Merchant Web Site(s) ”), fulfilling all orders for products and services sold by Merchant to its users on the Merchant Web Site(s) or otherwise, including without limitation transmitting Merchant’s registration information and Transaction data to PayPal servers or via the PayPal Manager Web Site and ensuring that any data stored or transmitted by Merchant in conjunction with the Services and for enrollment for the Services is accurate, complete and in the form as requested by PayPal, is securely collected and is not corrupted due to Merchant’s systems. Merchant is also responsible for reviewing the Transactions in its account on a regular basis and notifying PayPal promptly of suspected unauthorised activity through its account;
- Establishing and maintaining a commercial banking relationship with one or more Financial Institutions. The terms of such relationship shall be determined solely by Merchant and the Financial Institution;
- Keeping its login name and password confidential. Merchant shall notify PayPal immediately upon learning of any unauthorised use of its user name or password. Merchant shall be solely responsible for (i) updating its passwords for access to the Services periodically, and (ii) creating passwords that are reasonably “strong” under the circumstances, both in accordance with PayPal’s requirements. A “strong” password is at least six characters long, does not contain all or part of the users account name, and contains at least three of the four following categories of characters: uppercase characters, lowercase characters, base 10 digits, and symbols found on the keyboard (such as !, @, #). Strong passwords should be generated in such a way that knowledge of one does not lead to knowledge of another.
- Maintaining commercially reasonable business practices in conjunction with use of the Services, collecting, storing and transmitting its customer data in a secure manner and protecting the privacy of its customer data. Merchant shall comply with PayPal’s requests for reasonable action on Merchant’s part, to the extent necessary, to maintain security and integrity of the Services;
- Updating to the most current Software version and security updates and patches necessary to properly operate the Services and keeping all Merchant enrollment and payment information current and updated on the Manager Web Site; and
- Merchant agrees, and hereby represents and warrants that Merchant shall (A) use the Services in accordance with the applicable user guides and other documentation; and (B) not use or permit others to use information obtained through the use of the Services for any purpose other than in conjunction with the Services and in a manner described in the documentation for the Services
3.2 Proprietary Rights.
Except as otherwise set forth herein, all right, title and interest in and to all, (i) registered and unregistered trademarks, service marks and logos; (ii) patents, patent applications, and patentable ideas, inventions, and/or improvements; (iii) trade secrets, proprietary information, and know-how; (iv) all divisions, continuations, reissues, renewals, and extensions thereof now existing or hereafter filed, issued, or acquired; (v) registered and unregistered copyrights including, without limitation, any forms, images, audiovisual displays, text, software and (vi) all other intellectual property, proprietary rights or other rights related to intangible property which are used, developed, comprising, embodied in, or practiced in connection with any of the Services identified herein (“PayPal Intellectual Property Rights”) are owned by PayPal or its licensors, and you agree to make no claim of interest in or ownership of any such PayPal Intellectual Property Rights. You acknowledge that no title to the PayPal Intellectual Property Rights is transferred to you, and that you do not obtain any rights, express or implied, in the PayPal or its licensors’ service, other than the rights expressly granted in this Agreement. To the extent that you create any Derivative Work (any work that is based upon one or more preexisting versions of a work provided to you, such as an enhancement or modification, revision, translation, abridgement, condensation, expansion, collection, compilation or any other form in which such preexisting works may be recast, transformed or adapted) such Derivative Work shall be owned by PayPal and all existing and future copyright and other right, title and interest in and to each such Derivative Work, are assigned to, and shall automatically vest in, PayPal. PayPal shall have no obligation to grant you any right in any such Derivative Work. Except to the extent permitted by applicable law, Merchant shall not disassemble, decompile, decrypt, extract, reverse engineer, prepare a derivative work based upon, distribute, or time share the Services or any components thereof, or otherwise apply any procedure or process to the Services or components thereof in order to ascertain, derive, and/or appropriate for any reason or purpose, the source code or source listings or any algorithm, data, process, procedure or other information contained therein. Merchant shall not rent, sell, resell, lease, sublicense, loan or otherwise transfer the Services or components thereof.
- PAYPAL’S OBLIGATIONS.
4.1 Services.
Subject to the terms in this Agreement, PayPal agrees to
(i) provide to Merchant the Services for which Merchant enrolls and pays the applicable fees, including without limitation the transmission of Transaction information to Financial Processors, and (ii) provide Merchant with access to standardised reports regarding Merchant’s Transactions processed using the Services and certain reporting tools to assist Merchant in accounting activities. PayPal hereby grants to Merchant the right to access and use the Services in accordance with the Agreement. PayPal is not bound by nor should Merchant rely on any representation by (i) any agent, representative or employee of any third party that Merchant may use to apply for our services; or in
(ii) information posted on our Web site of a general informational nature.
4.2 Modification of Terms; Changes to Services.
Except as otherwise provided in this Agreement, Merchant agrees that PayPal may:
(1) revise the terms and conditions of this Agreement, including without limitation modifying the service fees or payment terms; and/or
(2) change part of the Services provided under this Agreement at any time. Any such revision or change will be binding and effective either, at PayPal’s sole discretion, 30 days after posting of the revised Agreement or change to the Services on the PayPal Manager Web Site, or upon electronic or written notification to you. You agree to periodically review the Manager Web Site, including the current version of this Agreement available on the Manager Web Site, to be aware of any such revisions. If you do not agree with any revision to the Agreement, you may terminate this Agreement at any time by providing us with notice as set forth in this Agreement. Notice of your termination will be effective on receipt and processing by us. Any fees paid by you if you terminate your Agreement with us are nonrefundable, except as otherwise expressly stated herein, but you will not incur any additional fees. By continuing to use PayPal services after any revision to this Agreement or change in Services, you agree to abide by and be bound by any such revisions or changes. We are not bound by nor should you rely on any representation by
(i) any agent, representative or employee of any third party that you may use to apply for our Services; or in
(ii) information posted on our Web site of a general informational nature. No employee, contractor, agent or representative of PayPal is authorised to alter or amend the terms and conditions of this Agreement.
4.3 Secure Transactions.
PayPal has implemented and will maintain security systems for the transmission of Merchant’s Transactions, consisting of encryption and “firewall” technologies that are understood in the industry to provide adequate security for the transmission of such information over the Internet. PayPal does not guarantee the security of the Services or Transaction data, and PayPal will not be responsible in the event of any infiltration of its security systems, provided that PayPal has used commercially reasonable efforts to prevent any such infiltration. Merchant further acknowledges and agrees that Merchant, and not PayPal, is responsible for the security of Transaction data or information or any other information stored on Merchant’s servers, and that PayPal is not responsible for any other party’s servers (other than subcontractors of PayPal solely to the extent PayPal is liable for its own actions hereunder).
4.4 Technical Support for Services.
PayPal shall provide the technical support services to Merchants, specific to the support package selected by Merchant during enrollment. PayPal’s then-current, standard technical support descriptions for these Services shall be posted at the URL: https://www.paypal.com/au/cgi-bin/webscr?cmd=_payflow-support-list-outside.
- PRIVACY
5.1 The PayPal Privacy Statement. Our privacy statement for the Services is located on our Web site at /webapps/mpp/ua/privacy-full and is incorporated herein by reference, as it is applicable to the Services. The privacy statement sets forth your and our rights and responsibilities with regard to your personal information. You agree that we, in our sole discretion, may modify our privacy statement. We will post such revised statement on our Web site. You agree to monitor our Web site periodically to review such revisions. By using our services after modifications to the privacy statement, you have agreed to these modifications. You acknowledge that if you do not agree to any such modification, you may terminate this Agreement.
5.2 Use of the Data. Merchant acknowledges and agrees that in the course of providing the Services, PayPal will capture certain transaction and user information (collectively, the “ Data ”). Merchant agrees to provide to PayPal, and PayPal shall capture, only the Data that is required by the Software and is necessary for PayPal to provide the Services. PayPal agrees to use Data in its personally identifiable form only as necessary to complete the requested transaction. PayPal shall not disclose Data to third parties or use the Data, except that PayPal shall have the rights (i) to use the Data as necessary to perform the Services contemplated in this Agreement (including distributing the Data to third parties providing services requested by Merchant); (ii) to maintain the Data as long as necessary or as required by law and used internally for record keeping, internal reporting, and support purposes;
(iii) to compile and disclose Data in the aggregate where individual merchant Data is not identifiable, including without limitation, calculating merchant averages by region or industry; and (iv) to provide the Data as required by law or court order, or to defend PayPal’s rights in a legal dispute.
You represent and warrant that you have provided notice to, and obtained consent from, any third party individuals whose personal data you supply to us as part of our services with regard to: (i) the purposes for which such third party’s personal data has been collected, (ii) the intended recipients or categories of recipients of the third party’s personal data, (iii) which parts of the third party’s data are obligatory and which parts, if any, are voluntary; and (iv) how the third party can access and, if necessary, rectify the data you hold about them. You further agree to provide such notice and obtain such consent with regard to any third party personal data you supply to us in the future. We are not responsible for any consequences resulting from your failure to provide notice or receive consent from such individuals nor for your providing outdated, incomplete or inaccurate information.
5.3 Compliance with Data Protection Schedule. You agree (as a “Merchant”) to comply with Schedule D below, which forms part of this Agreement. The terms of the Data Protection Schedule shall prevail over any conflicting terms in this Agreement relating to data protection and privacy.
- FEES AND PAYMENT TERMS
As consideration for the services you purchased, you agree to pay PayPal the applicable service(s) fees set forth on our Web site, or as otherwise provided by PayPal concurrently with this Agreement, at the time of your selection, or, if applicable, upon receipt of your invoice from PayPal. All fees are due immediately and are non-refundable, except as otherwise expressly noted herein or in one or more attached Schedules. Unless otherwise specified herein or on our Web site, the Services are for a one-year initial term and renewable thereafter for successive one-year periods. Any renewal of your Services with us is subject to our then-current terms and conditions, including, but not limited to, successful completion of any applicable authentication procedure, and payment of all applicable service fees at the time of renewal. Additional payment terms may apply to the PayPal services you purchase, as set forth in the applicable Schedules to this Agreement.
You are solely responsible for the credit card or Direct Debit (“ DDR ”) account information you provide to PayPal and must promptly inform PayPal of any changes thereto (e.g., change of expiration date or account number). Changes should be communicated to PayPal by entering the updated information through the PayPal tools or contacting PayPal customer support. All payments shall be made in Australian dollars. All fees are non-refundable unless otherwise explicitly stated in this Agreement. If we do issue a refund, it will only be via the same payment method used by you to pay for the Services. For additional services or add-on services, Merchant shall either prepay PayPal’s then-current annual prepaid fees, if available, or pay the then-current monthly fees for such services, in accordance with Sections 6.2 and 6.3 below.
If Merchant uses PayPal add-on services that are subject to additional standard fees that are not prepaid at enrollment, then PayPal shall either immediately charge Merchant’s credit card or debit Merchant’s DDR account, as applicable, for PayPal’s then-current fees for such services or invoice Merchant for such additional standard fees, and Merchant shall pay such invoice immediately. You agree to pay all value added, sales and other taxes (other than taxes based on PayPal’s income) related to PayPal services or payments made by you hereunder. All payments due to PayPal shall be made without any deduction or withholding on account of any tax, duty, charge or penalty except as required by law in which case the sum payable by a party in respect of which such deduction or withholding is to be made shall be increased to the extent necessary to ensure that, after making such deduction or withholding, e PayPal receives and retains (free from any liability in respect thereof) a net sum equal to the sum it would have received but for such deduction or withholding being required. Set up fees, if any, will become payable on the applicable effective date for the applicable PayPal services.
All sums due and payable that remain unpaid after any applicable cure period herein will accrue interest as a late charge of 1.5% per month or the maximum amount allowed by law, whichever is less. Merchant hereby authorises PayPal to charge Merchant’s credit card provided to PayPal or debit Merchant’s DDR account for the fees due for the Services, and Merchant shall provide to PayPal proper debit authorisation for purposes of allowing PayPal to debit the applicable Merchant account to collect fees due under this Agreement. All fees owed by Merchant to third parties (for example, Financial Institutions, Financial Processors and merchant account providers), are Merchant’s sole responsibility and are not covered by this Agreement.
6.1 For Annual Prepaid Agreements.
Merchant agrees to pay to PayPal the applicable annual fees for the applicable Services enrolled for and used by Merchant (the “ Annual Prepaid Service Fee ”) for twelve (12) months from the due date as described above in this Section 6, or twenty-four (24) months if Merchant prepays for two (2) years. Merchant shall pay a separate Annual Prepaid Service Fee for each PayPal Services account for which Merchant registers. Merchant agrees that PayPal shall have no obligation to provide the Services until it has received Merchant’s Annual Prepaid Service Fee. We will endeavor to provide you notice prior to the renewal of the Services at least fifteen (15) days in advance of the renewal date.
Unless either party terminates the Agreement early in accordance with the terms herein or unless otherwise notified by PayPal electronically or via the PayPal Manager Web Site, then for each renewal term of this Agreement following the initial annual or bi-annual prepaid term, Merchant hereby authorises PayPal to charge Merchant’s credit card or DDR account that PayPal has on file for Merchant or invoice Merchant, as applicable, for the annual renewal period. In the event Merchant desires to request another payment method, Merchant shall contact Customer Support no less than thirty (30) days prior to the end of the applicable prepaid term. PayPal reserves the right at the end of each prepaid term to change its fees upon written or electronic notice to Merchant. If PayPal is unable to collect the Annual Prepaid Service Fee from Merchant for each renewal period, then PayPal shall have the right to terminate this Agreement in accordance with the terms herein.
6.2 For Non-Prepaid Agreements. Merchant agrees to pay to PayPal the applicable fees for each separate PayPal account for the Services used by Merchant, as described in these registration pages or as otherwise provided in writing by PayPal concurrent herewith. There will not be any pro-ration of fees paid or invoiced unless otherwise agreed in writing by PayPal. Merchant agrees to pay all value added, sales and other taxes (other than taxes based on PayPal’s income) related to the Services or payments made by Merchant to PayPal. PayPal may, at its option, either invoice or debit Merchant’s credit card or DDR account, as applicable for the fees due PayPal. Initial set up fees will become payable on the Effective Date. Monthly fees will be invoiced or debited at the end of the calendar month in which the Services are performed.
Merchant agrees to pay all such invoices immediately or as otherwise indicated on the applicable invoice. Merchant agrees, at the request of PayPal, to provide PayPal with an authorised credit card name, number and date of expiration or an DDR account number.
6.3 Monthly Excess Transaction Fee. Notwithstanding Sections 6.1 and 6.2, in the event Merchant exceeds the Transaction limit permitted for the applicable Services as described in the registration pages (“Excess Transaction”) in any month, Merchant shall be charged a monthly transaction fee (“Monthly Excess Transaction Fee”) to be determined by multiplying each Excess Transaction processed in that month by the corresponding Service’s transaction fee listed in the registration pages. The Monthly Excess Transaction Fee shall be invoiced or debited in accordance with the terms for Monthly fees in Section 6.2 “Payment Terms.”
- WARRANTY; DISCLAIMER
7.1 PayPal represents and warrants that (a) it has all requisite corporate or other power to enter into this Agreement and to carry out the terms of this Agreement; (b) all corporate action on the part of PayPal, its officers, board of directors and stockholders necessary for the performance of its obligations under this Agreement has been taken.
- EXCEPT AS EXPRESSLY SET FORTH ABOVE AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, PAYPAL AND ITS LICENSORS, AS APPLICABLE, MAKE NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, REGARDING THE SERVICES OR SOFTWARE,
- TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL SUCH CONDITIONS AND WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE HEREBY EXPRESSLY DISCLAIMED BY PAYPAL AND ITS LICENSORS, EXCEPT ANY IMPLIED CONDITION OR WARRANTY THE EXCLUSION OF WHICH WOULD CONTRAVENE ANY STATUTE (INCLUDING THE TRADE PRACTICES ACT 1974 (CTH) OR CAUSE ANY PART OF THIS CLAUSE TO BE VOID (“ NON-EXCLUDABLE CONDITION ”).
- PAYPAL’S LIABILITY TO MERCHANT FOR BREACH OF ANY NON-EXCLUDABLE CONDITION IS LIMITED, AT PAYPAL’S OPTION, TO REFUNDING THE PRICE OF THE GOODS OR SERVICES IN RESPECT OF WHICH THE BREACH OCCURRED OR TO PROVIDING, REPLACING OR REPAIRING THOSE GOODS OR PROVIDING THOSE SERVICES AGAIN (EXCEPT FOR GOODS OR SERVICES OF A KIND ORDINARILY ACQUIRED FOR PERSONAL, DOMESTIC OR HOUSEHOLD USE OR CONSUMPTION, IN RESPECT OF WHICH PAYPAL’S LIABILITY IS NOT LIMITED UNDER THIS AGREEMENT).
- MERCHANT ACKNOWLEDGES THAT NEITHER PAYPAL NOR ITS LICENSORS HAVE REPRESENTED OR WARRANTED THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR FREE OR WITHOUT DELAY OR WITHOUT COMPROMISE OF THE SECURITY SYSTEMS RELATED TO THE SERVICES OR THAT ALL ERRORS WILL BE CORRECTED.
7.2 Merchant represents and warrants that it shall comply with all applicable privacy, consumer and other laws and regulations with respect to its (i) provision, use and disclosure of the Data; (ii) dealings with the users providing the Data; and (iii) use of the Services. Additionally, Merchant represents and warrants that (a) it has all requisite corporate or other power to enter into this Agreement and to carry out the terms of this Agreement; (b) all corporate action on the part of Merchant, its officers, board of directors and stockholders necessary for the performance of its obligations under this Agreement has been taken; (c) this Agreement constitutes its valid and legally binding obligation, enforceable against it in accordance with the terms hereof; (d) if Merchant is a corporation, then it is a corporation in good standing in its jurisdiction of incorporation; (e) it has read and understands the entire Agreement and desires to be bound thereby, and it has been represented by counsel of its own choosing; and (f) it represents and warrants that, except as expressly set forth herein, no representations of any kind or character have been made to induce it to execute and enter into this Agreement.
- INDEMNIFICATION. This section is subject to the terms of Section 9.
Either party will defend, indemnify, save and hold harmless the other party and the officers, directors, agents, Affiliates, distributors, franchisees and employees of the other party from any and all third party claims, demands, liabilities, costs or expenses, including reasonable attorneys’ fees, resulting from the indemnifying party’s material breach of any duty, representation or warranty of this Agreement. A party’s right to indemnification under the Agreement (“indemnified party”) is conditioned upon the following: prompt written notice to the party obligated to provide indemnification (“indemnifying party”) of any claim, action or demand for which indemnity is sought; control of the investigation, preparation, defense and settlement thereof by the indemnifying party; and such reasonable cooperation by the indemnified part, at the indemnifying party’s request and expense, in the defense of the claim. The indemnified party shall have the right to participate in the defense of a claim by the indemnifying party with counsel of the indemnified party’s choice at the indemnified party’s expense. The indemnifying party shall not, without the prior written consent of the indemnified party, settle, compromise or consent to the entry of any judgment that makes any admissions in the indemnified party’s name or imposes any liability upon the indemnified party.
- LIMITATIONS ON LIABILITY
Merchant acknowledges that PayPal is not a financial or credit reporting institution. PayPal is responsible only for providing data transmission to effect or direct certain payment authorisations for Merchant and is not responsible for the results of any credit inquiry, the operation of web sites of ISPs or Financial Institutions or the availability or performance of the Internet, or for any damages or costs Merchant suffers or incurs as a result of any instructions given, actions taken or omissions made by Merchant, Merchant’s financial processor(s), Merchant’s Financial Institution or any ISP. IN NO EVENT WILL PAYPAL’S LIABILITY (INCLUDING LIABILITY FOR NEGLIGENCE) ARISING OUT OF THIS AGREEMENT EXCEED THE FEES PAID TO PAYPAL BY MERCHANT HEREUNDER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT WHICH GAVE RISE TO THE CLAIM FOR DAMAGES. IN NO EVENT WILL PAYPAL OR ITS LICENSORS HAVE ANY LIABILITY (INCLUDING LIABILITY FOR NEGLIGENCE) TO MERCHANT OR ANY OTHER PARTY FOR ANY LOST OPPORTUNITY OR PROFITS, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR SPECIAL DAMAGES ARISING OUT OF THIS AGREEMENT, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE), AND WHETHER OR NOT PAYPAL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. Notwithstanding the above, the limitations set forth above shall be enforceable to the maximum extent allowed by applicable law.
- TERM AND TERMINATION
10.1 Term; Renewal.
This Agreement will commence on the later of (i) the date Merchant accepts the terms of this Agreement (the “Effective Date”), or
(ii) the date that Merchant’s Payflow account is activated for live Transactions, if different; and will continue for a period of one (1) year (or two (2) years if Merchant prepays for two years), unless terminated earlier or suspended according to the provisions of this Agreement. This Agreement will thereafter automatically renew for successive twelve (12) month terms (or twenty-four (24) month terms if Merchant prepays for twenty-four months), unless either party gives the other party written or electronic notice, in accordance with the terms herein, of its intention not to renew the Agreement, at least thirty (30) days prior to the end of the then-current term or renewal term if termination is by PayPal. Any renewal of your Services is subject to our then-current terms and conditions, successful completion of any applicable authentication procedure, if any, and payment of all applicable service fees at the time of renewal. Additional payment terms may apply to the PayPal Services you purchase, as set forth herein and in the applicable Schedules to this Agreement.
10.2 Suspension and Termination. Either party hereto may, at its option, and without notice, terminate this Agreement, effective immediately, should the other party hereto (i) admit in writing its inability to pay its debts generally as they become due; (ii) make a general assignment for the benefit of creditors; (iii) institute proceedings to be adjudicated a voluntary bankrupt, or consent to the filing of a petition of bankruptcy against it; (iv) be adjudicated by a court of competent jurisdiction as being bankrupt or insolvent; (v) seek reorganisation under any bankruptcy act, or consent to the filing of a petition seeking such reorganisation; or (vi) have a decree entered against it by a court of competent jurisdiction appointing a receiver liquidate, trustee, or assignee in bankruptcy or in insolvency covering all or substantially all of such Party’s property or providing for the liquidation of such party’s property or business affairs.
- By Merchant . Merchant may terminate this Agreement upon prior written notice to PayPal by notifying PayPal’s customer support electronically or in writing and following the instructions for cancellation either (i) prior to the end of the initial annual period or any annual renewal period; or (ii) for convenience. Subject to the above, PayPal shall use commercially reasonable efforts to cancel the Services within seven (7) business days following such written notice from Merchant. Merchant shall be responsible for the payment of all fees due and payable through the effective date of termination. Termination requests for non-PayPal, third party services may not be made through PayPal. Merchant must instead contact such third parties directly to cancel such services.
- By PayPal. Notwithstanding Section 10.1, PayPal may suspend Merchant’s access to the Services or terminate this Agreement as follows:
- Following ten (10) days prior electronic or written notice (such as an overdue invoice) if (a) Merchant breaches the Agreement, (b) perpetrates fraud, (c) causes or fails to fix a security breach relating to the Services, (d) fails to comply with PayPal’s best practices requirements for security management or to respond to an inquiry from PayPal, concerning the accuracy or completeness of the information Merchant is required to provide pursuant to this Agreement, (e) if PayPal reasonably suspects fraudulent activity on Merchant’s payment services account, (if such breach is not cured within such 10-day period), (f) in the event that certain third party licenses or access to third party components of the Services are terminated, or (g) non payment of invoice; or
- Immediately, without prior notice, if PayPal reasonably believes Merchant’s breach compromises the security of the Services in any material fashion, if fraudulent Transactions are being run on your account, or Merchant’s financial processor or Financial Institution with which Merchant has a merchant account requires such termination or suspension.
10.3 Effect of Termination.
- PayPal will cease providing the Services and cease charging your credit card, if applicable, for any monthly, annual or bi-annual Service fees as of the expiration of the annual, bi-annual or monthly billing cycle in which the termination is effective. If termination of this Agreement is due to your default hereunder, you shall bear all costs of such termination, including any reasonable costs PayPal incurs in closing your account. You agree to pay any and all costs incurred by PayPal in enforcing your compliance with this Section. Upon termination, your rights to use the Services, and any other rights granted hereunder, shall immediately cease, and you shall destroy any copy of the materials licensed to you hereunder and referenced herein. Each party will be released from all obligations and liabilities to the other occurring or arising after the date of such termination, except that any termination of this Agreement will not relieve PayPal or Merchant from any liability arising prior to the termination of this Agreement. To the extent permitted by applicable law, you agree that upon termination for any reason, we may delete all information relating to your use of the Service. Notwithstanding the foregoing, the provisions of Sections 5, 7-12, Merchant’s obligations to pay all fees due through the effective date of termination and terms in the Schedules relating to indemnity, warranties or terms which by their nature are required to survive contract termination will survive any termination of this Agreement.
- Bundled Services. In addition to the terms set forth above, if you purchase Services which are sold together as part of a “bundled” package of services, any termination relating to such bundle will terminate all PayPal services included in such bundle. In such cases we may, in our sole discretion and subject to your agreeing to be bound by the applicable agreement(s) and to pay the applicable fees, allow you to convert certain services included in the bundled services to stand alone services. Notwithstanding the above, termination of the Services will terminate any add-on services.
- Reinstatement of Services. If Services are suspended or terminated by PayPal due to lack of payment by Merchant, reinstatement of Services shall be subject to Merchant paying PayPal (i) new set-up fees, at PayPal’s then-current rates; and (ii) as applicable, all past due annual or monthly fees and Transaction fees.
- CONFIDENTIALITY
11.1 Confidential Information. “Confidential Information” means any confidential, trade secret or proprietary information (which may be business, financial or technical information) disclosed by one party to the other under this Agreement that is marked confidential or if disclosed orally designated as confidential at the time of disclosure or that should be reasonably understood to be confidential. All source code and the terms of this Agreement will be considered Confidential Information.
11.2 Confidentiality Obligations. Each party (i) shall not disclose to any third party or use any Confidential Information disclosed to it by the other except as expressly permitted in this Agreement and for purposes of performing this Agreement, and (ii) shall take reasonable measures to maintain the confidentiality of all Confidential Information of the other party in its possession or control, which shall in no event be less than the measures it uses to maintain the confidentiality of its own proprietary information or Confidential Information of similar importance. Each party further agrees to use the other party’s Confidential Information only for the purpose of its performance under this Agreement. In addition, the receiving party shall not reverse engineer, disassemble or decompile any prototypes, software or other intangible objects which embody Confidential Information and which are provided to the receiving party hereunder.
11.3 Limitation of Confidentiality . The Obligations set forth in Section 11.2 (“Confidentiality Obligations”) above do not apply to information that (i) is in or enters the public domain without breach of this Agreement, (ii) the receiving party lawfully receives from a third party without restriction on disclosure and without breach of a nondisclosure obligation, (iii) the receiving party knew prior to receiving such information from the disclosing party or develops independently without access or reference to the Confidential Information, (iv) is disclosed with the written approval of the disclosing party, or (v) is disclosed five (5) years from the effective date of termination or expiration of this Agreement.
11.4 Exceptions to Confidentiality. Notwithstanding the Confidentiality Obligations set forth in Section 11.2 above, each party may disclose Confidential Information of the other party (i) to the extent required by a court of competent jurisdiction or other governmental authority or otherwise as required by law but only after alerting the other party of such disclosure requirement and, prior to any such disclosure, allowing (where practicable to do so) the other party a reasonable period of time within which to seek a protective order against the proposed disclosure, or (ii) on a “need-to-know” basis under an obligation of confidentiality substantially similar in all material respects to those confidentiality obligations in this Section 10 to its legal counsel, accountants, contractors, consultants, banks and other financing sources.
- MISCELLANEOUS TERMS
12.1 Force Majeure (Events Beyond the Parties’ Control).
Neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder, except for Merchant’s payment obligations hereunder, due to earthquake, flood, fire, storm, natural disaster, act of God, war, terrorism, armed conflict, labor strike, lockout, or boycott, provided that the party relying upon this Section shall give the other party written notice thereof promptly and, in any event, within five (5) days of discovery thereof, and (ii) shall take all steps reasonably necessary under the circumstances to mitigate the effects of the force majeure event upon which such notice is based; provided, however, that in the event a force majeure event described in this Section extends for a period in excess of thirty (30) days in the aggregate, either party may immediately terminate the Agreement.
12.2 Entire Agreement and Modification.
The terms in this Agreement constitute the entire agreement between PayPal and Merchant regarding its subject matter and its terms supersede any prior or simultaneous agreement, terms, negotiations, whether written or oral, or whether established by custom, practice, policy or precedent, between the parties hereto. Except as otherwise provided for herein, any waiver, modification, or amendment of any provision of this Agreement will be effective only if in writing and signed by the parties herein. Merchant acknowledges and agrees that in the event a purchase order (“PO”) contains additional terms, provisions or language (“ PO Terms ”), those PO Terms shall be null and void and the terms of the Agreement shall prevail.
12.3 Severability.
In the event that any provision of this Agreement is unenforceable or invalid such unenforceability or invalidity will not render this Agreement unenforceable or invalid as a whole, and in such event, such provision will be changed and interpreted so as to best accomplish the objectives of such unenforceable or invalid provision within the limits of applicable law or applicable court decisions.
12.4 No Assignment.
Merchant may not assign this Agreement without the prior written consent of PayPal.
12.5 Governing Law and Jurisdiction.
This Agreement will be governed by and construed in accordance with the laws of the Singapore without reference to its conflicts of laws principles. Each party consents to the exclusive venue and jurisdiction of the court in Singapore for any dispute arising out of or related to this Agreement. The parties acknowledge and agree that this Agreement is made and performed in Singapore. The parties hereby waive any right to jury trial with respect to any action brought in connection with this Agreement. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded.
12.6 Export Restrictions.
Merchant acknowledges and agrees that it shall not import, export, or re-export directly or indirectly, any commodity, including Merchant’s products incorporating or using any PayPal products in violation of the laws and regulations of any applicable jurisdiction.
12.7 Notice.
Except as otherwise expressly stated in this Agreement, all notices to PayPal shall be in writing and delivered, via courier or certified or registered mail, to PayPal Pte Ltd, Attention: Compliance Officer, 5 Temasek Boulevard, #09-01/ 02/ 03 Suntec Tower 5, Singapore 038985, or any other address provided by PayPal. All notices to you shall be delivered to your mailing address or e-mail address as provided by you in your account information, as updated by you pursuant to this Agreement.
Unless you choose to opt-out of receiving marketing notices, you authorise PayPal to notify you as our customer, via commercial e-mails, telephone calls and other means of communication, of information that we deem is of potential interest to you, including without limitation communications describing upgrades, new products and services or other information pertaining to the Services or other PayPal offerings relating to Internet security or to enhancing your identity on the Internet. Notwithstanding the above, Merchant shall not have the right to opt-out of service or support notices relating to the Services, including without limitation, notices of service modifications, security, performance issues or technical difficulties.
12.8 Headings. The section headings appearing in the Agreement are inserted only as a matter of convenience and in no way define, limit, construe or describe the scope or extent of such section or in any way affect such section.
12.9 Independent Contractors. Neither party nor their employees, consultants, contractors or agents are agents, employees or joint ventures of the other party, and they do not have any authority to bind the other party by contract or otherwise to any obligation. Each party shall ensure that the foregoing persons shall not represent to the contrary, either expressly, implicitly, by appearance or otherwise.
12.10 Non-Disparagement; Publicity. During the term of the Agreement, neither party will disparage the other party or the other party’s trademarks, web sites, products or services, or display any such items in a derogatory or negative manner on any web site or in any public forum or press release. Unless otherwise stated herein, neither party shall issue a press release or otherwise advertise, make a public statement or disclose to any third party information pertaining to the relationship arising under this Agreement, the existence or terms of the Agreement, the underlying transactions between PayPal and Merchant, or referring to the other party in relation to the Agreement without the other party’s prior written approval.
12.11 Costs. Except as expressly stated in the Agreement, each party shall be solely responsible for the costs and expenses of performing its obligations hereunder.
Schedule A
American Express Direct Processing (v1)
- Merchant shall be solely responsible for:
- Access Via Ecommerce Application. You understand and agree that if you install a third party eCommerce application or your own custom integration on your web site through which you access the PayPal services, it is your responsibility to comply with or select an eCommerce application that complies with the most current American Express standards and operational requirements. In addition, it is your responsibility to keep your systems in good working order and to repair and correct any deficiencies, errors, or defect promptly during the term of this Agreement if notified by PayPal or American Express that such repair is necessary for the PayPal services to operate properly and in accordance with American Express requirements. PayPal will promptly notify you of American Express required changes to your system. You understand and agree that your failure to perform these functions may result in your inability to process such transactions through PayPal or American Express suspending or terminating your right to access the PayPal services.
- Inability to Access Service. You agree to notify PayPal immediately of online processing problems, including but not limited to providing PayPal’s customer service department with notice within forty-eight (48) hours of your using voice authorisations for your transactions that you would otherwise send through PayPal’s online payment services gateway.
- In no event shall PayPal be liable for transaction processing and other services performed by American Express.
Schedule B
Payflow® Recurring Billing Services (v1)
- Merchant agrees, and hereby represents and warrants, that prior to processing any recurring transactions using Payflow Recurring Billing Service, Merchant will have entered into written agreements with its card holder customers (1) confirming the card number and current expiration date; (2) providing an overview of how the recurring billing service will operate; (3) stating the term of the contract, in particular the period the card will be billed and the frequency that the card will be charged.
- Merchant shall be solely responsible for:
- Obtaining all necessary approvals required from each customer authorising Merchant to bill such customer’s credit card account. Merchant hereby represents and warrants that Merchant has the authorisation to bill its customers’ credit card accounts in the manner, for the amounts and for the period of time indicated by Merchant at the time Merchant enrolls for the Payflow Recurring Billing Service.
- Complying with all applicable bank and credit card rules with respect to recurring billing of consumers’ credit cards. Merchant hereby represents and warrants that Merchant has complied with all applicable bank and credit card rules in billing its customers’ credit card and in its use of the Payflow Recurring Billing Service.
- Providing accurate information regarding the credit cards to be billed, the amounts, the billing cycles, billing period and any other information requested by PayPal that is necessary to properly process such Transactions.
- Monitoring its PayPal account, regardless of the features PayPal may offer in connection with the Recurring Billing Service, ensuring that the information is current and accurate and reviewing the transactions periodically to determine if they have been properly submitted. Merchant agrees to notify PayPal promptly if it notices any discrepancy between information Merchant provided and the transactions submitted.
- Indemnifying PayPal and its representatives, officers, directors and employees from and against any claims by credit card holders that their credit cards were charged by Merchant without authorisation.
Schedule C
Fraud Protection Services (v1)
Only eligible merchants, as defined in the applicable Fraud Protection Services enrollment an/or user documentation, are authorised to use the Fraud Protection Services. Merchant agrees to comply with the following terms as applicable to the specific Fraud Protection Services and/or Account Monitoring Services licensed by Merchant:
- Use of Services. Merchant agrees, and hereby represents and warrants that Merchant shall (A) use the Fraud Protection Services in accordance with the applicable user guides and other documentation; and (B) not use or permit others to use information obtained through the use of the Fraud Protection Services for any purpose other than in conjunction with the Services and in a manner described in the documentation for the Services.
- Setting Preferences. Merchant shall be solely responsible for setting preferences for the Fraud Protection Services. It is solely Merchant’s responsibility to determine which Transactions it will accept or reject based on the authentication information provided by PayPal. Merchant shall not reject a Transaction unless, based on various combinations of authentication information, Merchant reasonably determines that the individual requesting the Transaction is likely not the consumer he is representing himself to be.
- Account Monitoring. Merchant understands, acknowledges and agrees that PayPal does not guarantee that the Account Monitoring services will discover or prevent all non-valid, fraudulent transactions, and that PayPal shall not be responsible for any non-valid transaction that is processed unless otherwise explicitly provided elsewhere in the Agreement.
- Dispute Resolution. Merchant acknowledges that in addition to PayPal’s other permitted uses of the Data, PayPal shall have the right to provide Data to Financial Institutions and card associations for the purposes of dispute resolution.
- Best Practices. The Risk and Security “best practices” suggestions features of the Fraud Protection Services are solely for illustrative purposes to show best industry practices, and Merchant shall be solely responsible for choosing the appropriate settings and parameters for the Fraud Protection Services.
- IP Address Verification Components. The following additional restrictions apply. Except as permitted in the applicable documentation for the Services, Merchant shall not:
- Modify, recast or create derivative works of any information obtained using the IP Address Verification components of this service;
- Publicly display, upload or post any information obtained using the IP Address Verification components or transmit, broadcast or otherwise transfer such information to any other party;
- License, sell, transfer or provide access to information obtained using the IP Address Verification components of the Services; and
- Use, or authorise any third party to use, the information obtained using the IP Address Verification components to provide geo-location services to third parties.
- High Risk Filters . PayPal’s licensors of third party products or services used by Merchant as part of the High Risk Filters components of the Fraud Protection Services shall be considered third party beneficiaries of the Agreement and shall have the right to enforce Merchant’s compliance with the Agreement.
- Account Monitoring . Merchant acknowledges that PayPal does not represent or warrant that the Account Monitoring Service is error free or that it will identify all fraudulent activity. In addition, PayPal shall not be liable to Merchant if PayPal incorrectly identifies a transaction as fraudulent. Merchant shall be responsible for taking all final actions on transactions that have been identified by PayPal as potentially fraudulent. PayPal shall use commercially reasonable efforts to monitor and internally investigate and report on potentially fraudulent activity.
- Buyer Authentication . In the event that the card associations modify their buyer authentication programs, PayPal will use commercially reasonable efforts to update the Fraud Protection Services at the next major release of the Fraud Protection Services that PayPal makes generally available.
- Third Party Components . PayPal shall have the right to modify, substitute or remove third party components of the Fraud Protection Services on thirty (30) days prior written or electronic notice, provided that Merchant may terminate this Agreement following proper notice to PayPal in the event that such removal materially diminishes the functionality of the Fraud Protection Services.
- Deactivation . If the Fraud Protection Services are terminated, PayPal shall have the right to immediately upon termination cancel Merchant’s access to the Fraud Protection Services. It is Merchant’s responsibility to clear all settings and download all reports prior to the effective date of any such termination.
Schedule D
DATA PROTECTION SCHEDULE
This Data Protection Schedule applies only to the extent that PayPal acts as a processor or Sub-processor to Merchant.
Capitalized terms used but not defined in this Schedule shall have the meaning set out in the Agreement.
1 DEFINITIONS AND INTERPRETATION
1.1 The following terms have the following meanings when used in this Schedule:
“Card Information“ is defined in Section 2.15 of this Schedule.
“Customer“ means a European Union customer of Merchant who pays the Merchant in exchange for goods or services through the PayPal services and for the purposes of this Schedule, is a data subject.
“Customer Data“ means the personal data that the Customer provides to Merchant and Merchant passes on to PayPal through the use by the Merchant of the PayPal services.
“data controller” (or simply “controller“) and “data processor” (or simply “processor“) and “data subject” have the meanings given to those terms under the Data Protection Laws.
“Data Protection Laws“ means General Data Protection Regulation (EU) 2016/679 (GDPR) and any associated regulations or instruments and any other data protection laws, regulations, regulatory requirements and codes of conduct of EU Member States applicable to PayPal’s provision of the PayPal services.
“Data Recipient” is defined in Section 2.15 of this Schedule.
“PayPal Group” means PayPal Inc. and all companies in which PayPal or its successor directly or indirectly from time to time owns or controls.
“personal data” has the meaning given to it in the Data Protection Laws.
“processing” has the meaning given to it in the Data Protection Laws and “process“, “processes” and “processed” will be interpreted accordingly.
“Sub-processor“ means any processor engaged by PayPal and/or its affiliates in the processing of personal data.
1.2 Schedule. This Schedule comprises (i) sections 1 to 2, being the main body of the Schedule; (ii) Attachment 1; and (iii) Attachment 2.
2 PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE SERVICES
2.1 Merchant data controller. With regard to any Customer Data to be processed by PayPal in connection with this Agreement, Merchant will be a controller and PayPal will be a processor in respect of such processing. Merchant will be solely responsible for determining the purposes for which and the manner in which Customer Data are, or are to be, processed.
2.2 Merchant written instructions. PayPal shall only process Customer Data on behalf of and in accordance with Merchant’s written instructions. The Parties agree that this Schedule is Merchant’s complete and final written instruction to PayPal in relation to Customer Data. Additional instructions outside the scope of this Schedule (if any) require prior written agreement between PayPal and Merchant, including agreement of any additional fees payable by Merchant to PayPal for carrying out such additional instructions. Merchant shall ensure that its instructions comply with all applicable laws, including Data Protection Laws, and that the processing of Customer Data in accordance with Merchant’s instructions will not cause PayPal to be in breach of Data Protection Laws. The provisions of this Section are subject to the provisions of Section 2.14 on Security. Merchant hereby instructs PayPal to process Customer Data for the following purposes:
2.2.1 as reasonably necessary to provide the PayPal services to Merchant;
2.2.2 after anonymizing the Customer Data, to use that anonymized Customer Data, directly or indirectly, which is no longer identifiable personal data, for any purpose whatsoever.
2.3 PayPal cooperation. In relation to Customer Data processed by PayPal under this Agreement, PayPal shall co-operate with Merchant to the extent reasonably necessary to enable Merchant to adequately discharge its responsibility as a controller under Data Protection Laws, including without limitation as Merchant requires in relation to:
2.3.1. assisting Merchant in the preparation of data protection impact assessments to the extent required of Merchant under Data Protection Laws; and
2.3.2 responding to binding requests from data protection authorities for the disclosure of Customer Data as required by applicable laws.
2.4 Scope and Details of Customer Data processed by PayPal. The objective of processing Customer Data by PayPal is the performance of the PayPal services pursuant to the Agreement. PayPal shall process the Customer Data in accordance with the specified duration, purpose, type and categories of data subjects as set out in Attachment 2 (Data Processing of Customer Data).
2.5 Compliance with Laws. The Parties will at all times comply with Data Protection Laws.
2.6 Correction, Blocking and Deletion. To the extent Merchant, in its use of the PayPal services, does not have the ability to correct, amend, block or delete Customer Data, as required by Data Protection Laws, PayPal shall comply with any commercially reasonable request by Merchant to facilitate such actions to the extent PayPal is legally permitted to do so. To the extent legally permitted, Merchant shall be responsible for any costs arising from PayPal’s provision of such assistance.
2.7 Data Subject Requests. PayPal shall, to the extent legally permitted, promptly notify Merchant if it receives a request from a Customer for access to, correction, amendment or deletion of that Customer’s personal data. Merchant shall be responsible for responding to all such requests. If legally permitted, PayPal shall provide Merchant with commercially reasonable cooperation and assistance regarding such Customer’s request and Merchant shall be responsible for any costs arising from PayPal’s assistance.
2.8 Training. PayPal undertakes to provide training as necessary from time to time to the PayPal personnel with respect to PayPal’s obligations in this Schedule to ensure that the PayPal personnel are aware of and comply with such obligations.
2.9 Limitation of Access. PayPal shall ensure that access by PayPal’s personnel to Customer Data is limited to those personnel performing PayPal services in accordance with the Agreement.
2.10 Sub-processors. Merchant specifically authorizes the engagement of members of the PayPal Group as Sub-processors in connection with the provision of the PayPal services. In addition, Merchant generally authorizes the engagement of any other third parties as Sub-processors in connection with the provision of the PayPal services. When engaging any Sub-processor, PayPal will execute a written contract with the Sub-processor, which contains terms for the protection of Customer Data which are no less protective than the terms set out in this Schedule. PayPal shall make available to Merchant a current list of Sub-processors for the respective PayPal services with the identities of those Sub-processors.
2.11 Audits and Certifications. Where requested by Merchant, subject to the confidentiality obligations set forth in the Agreement, PayPal shall make available to Merchant (or Merchant’s independent, third-party auditor that is not a competitor of PayPal or any members of PayPal or the PayPal Group) information regarding PayPal’s compliance with the obligations set forth in this Schedule in the form of the third-party certifications and audits (if any) set forth in the Privacy Policy set out on our website. Merchant may contact PayPal in accordance with the Agreement to request an on-site audit of the procedures relevant to the protection of personal data. Merchant shall reimburse PayPal for any time expended for any such on-site audit at PayPal’s then-current professional PayPal services rates, which shall be made available to Merchant upon request. Before the commencement of any such on-site audit, Merchant and PayPal shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Merchant shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by PayPal. Merchant shall promptly notify PayPal with information regarding any non-compliance discovered during the course of an audit.
2.12 Security. PayPal shall, as a minimum, implement and maintain appropriate technical and organizational measures as described in Attachment 1 to this Schedule to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the PayPal services. Since PayPal provides the PayPal services to all Merchants uniformly via a hosted, web-based application, all appropriate and then-current technical and organizational measures apply to PayPal’s entire customer base hosted out of the same data center and subscribed to the same service. Merchant understands and agrees that the technical and organizational measures are subject to technical progress and development. In that regard, PayPal is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained in relation to the provision of the PayPal services.
2.13 Security Incident Notification. If PayPal becomes aware of a Security Incident in connection with the processing of Customer Data, PayPal will, in accordance with Data Protection Laws: (a) notify Merchant of the Security Incident promptly and without undue delay; (b) promptly take reasonable steps to minimize harm and secure Customer Data; (c) describe, to the extent possible, reasonable details of the Security Incident, including steps taken to mitigate the potential risks; and (d) deliver its notification to Merchant’s administrators by any means PayPal selects, including via email. Merchant is solely responsible for maintaining accurate contact information and ensuring that any contact information is current and valid.
2.14 Deletion. Upon termination or expiry of the Agreement, PayPal will delete or return to Merchant all Customer Data processed on behalf of the Merchant, and PayPal shall delete existing copies of such Customer Data except where necessary to retain such Customer Data strictly for the purposes of compliance with applicable law.
2.15 Data Portability. Upon any termination or expiry of this Agreement, PayPal agrees, upon written request from Merchant, to provide Merchant’s new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to Merchant’s Customers (“Card Information”). In order to do so, Merchant must provide PayPal with all requested information including proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements and is level 1 PCI compliant. PayPal agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) Merchant provides PayPal with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (Level 1 PCI compliant) by providing PayPal a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by PayPal; (b) the transfer of such Card Information is compliant with the latest version of the Association PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Association Rules, and any applicable laws, rules or regulations (including Data Protection Laws) and the Privacy Act 1988 (Cth)).
ATTACHMENT 1
Technical and Organizational Measures
The following technical and organizational measures will be implemented:
- Measures taken to prevent any unauthorized person from accessing the facilities used for data processing;
- Measures taken to prevent data media from being read, copied, amended or moved by any unauthorized persons;
- Measures taken to prevent the unauthorized introduction of any data into the information system, as well as any unauthorized knowledge, amendment or deletion of the recorded data;
- Measures taken to prevent data processing systems from being used by unauthorized person using data transmission facilities;
- Measures taken to guarantee that authorized persons when using an automated data processing system may access only data that are within their competence;
- Measures taken to guarantee the checking and recording of the identity of third parties to whom the data can be transmitted by transmission facilities;
- Measures taken to guarantee that the identity of the persons having had access to the information system and the data introduced into the system can be checked and recorded ex post facto at any time and by any authorized person;
- Measures taken to prevent data from being read, copied, amended or deleted in an unauthorized manner when data are disclosed and data media transported;
- Measures taken to safeguard data by creating backup copies.
ATTACHMENT 2
Data Processing of Customer Data
Categories of data subjects
Customer Data – The personal data that the Customer provides to the Merchant which then passes it to PayPal to be forwarded to their bank or processor.
Subject-matter of the processing
The payment processing services offered by PayPal which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.
Nature and purpose of the processing
PayPal processes Customer Data that is sent by the Merchant to PayPal for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.
Type of personal data
Customer Data – Merchant shall inform PayPal of the type of Customer Data PayPal is required to process under this Agreement. Should there be any changes to the type of Customer Data PayPal is required to process then Merchant shall notify PayPal immediately. PayPal processes the following Customer Data, as may be provided by the Merchant to PayPal from time to time:
Payflow Link | Payflow Pro | |
Full name | x | x |
Date of birth | x | x |
Shipping address | x | x |
Billing address | x | x |
Email address | x | x |
Telephone number | x | x |
Fax number | x | x |
Government ID number | x | x |
Bank account number and bank routing number | x | x |
Financial account number | x | x |
Card or payment instrument type | x | x |
Card Primary Account Number (PAN) or Device-specific Primary Account Number (DPAN) | x | x |
Card Verification Value (CVV) | x | x |
Card expiration date | x | x |
Business tax ID | x | x |
Username | x | x |
Password | x | x |
IP address | x | x |
Device Data | x | x |
Browser data | x | x |
Special categories of data (if relevant)
The transfer of special categories of data is not anticipated.
Duration of Processing
The term of the Agreement.