1. GENERAL PROVISIONS
1.1 This General terms and conditions govern your use of payment services and the payment gateway of Technical Service Provider (TSP) and together with the Processing Agreement executed between Environex OU (hereinafter – “Company”) and the Client (hereinafter “Client” and “Company” jointly referred to as “Parties”) constitute an entire agreement between Parties (hereinafter – “Agreement”).
2. TERMS AND DEFINITIONS
2.1 If in accordance with the applied rules of the payment systems any term is supposed to have another meaning which is different from the one stated herein, such a term shall be interpreted in accordance with the rules of the payment system.
2.2 Terms used herein shall have the meaning specified in this clause, provided that they are capitalized:
2.2.1 “Man Hour” means a unit for measuring working time equal to one hour of actual work of one person.
2.2.2 “Acquirer” means a financial institute that performs full scope of financial transactions related to settlements and Card payments.
2.2.3 “Issuing Bank” means a bank, which issues and maintains the Card.
2.2.4 “Governmental Body” shall mean any government or governmental or regulatory body thereof, or political subdivision thereof, or any agency, instrumentality or authority thereof, or any court or arbitrator (public or private).
2.2.5 “Card” means the tool for cashless transfers, designed for the Cardholder to make transactions using money on the bank account opened by the Issuing Bank to the Cardholder’s name under the agreement between such Cardholder and Issuing Bank.
2.2.6 “Cardholder” means an individual or an authorized representative of a legal entity, in whose name the Card is issued.
2.2.7 “Payment System” means the international payment system “Visa International”, the international payment system “MasterCard Worldwide, and other operators on transfer of digital money.
2.2.8 “Payment Gateway” means the hardware and software complex connected to the Payment System, which allows to automate the process of acceptance and making of payments.
2.2.9 “Standard operating procedure” means the procedure of communication between the Client and the Company is published at the Company website.
2.2.10 “Transaction” means a payment transaction of settlement for products, works, and (or) services purchased (being purchased), executed with the use of the Card; or a financial transaction of transfer of funds with using Mastercard MoneySend and Visa Direct technologies.
2.2.11 “Mobile Terminal” means an aggregate of a mobile device and a mobile POS terminal connected to it, designed to read the Card data and used in order to process payment transactions and/or for information exchange with the Payment Gateway via the Payment Gateway.
2.2.12 “The cardholder data environment (CDE)” means comprised of people, processes and technologies that store, process, or transmit Cardholder data or sensitive authentication data.
2.2.13 “PCI DSS” (Payment Card Industry Data Security Standard) means the rules for secure storage, processing and transfer of data accepted in the payment cards industry and supported with the participation of Payment Systems.
2.2.14 “Processing Service” means data processing and information exchange between Client, Acquirer and Cardholders via the Payment Gateway for purpose of making agreed Transactions.
2.2.15 “E-Commerce payment transaction” shall mean any payment Transaction issued to Payment Gateway from Internet website or Mobile Internet website.
2.2.16 “Mobile payment transaction” shall mean any payment Transaction issued to Payment Gateway from Mobile terminal.
2.2.17 “MOTO payment transaction” shall mean any payment transaction issued to Payment Gateway from a virtual terminal or e-terminal.
2.2.18 “Deposit to card transfer transaction (D2C)” shall mean any Transaction issued to Payment Gateway from Internet website or Mobile Internet website aimed at transfer of monetary funds from the bank account of the Client to the Card in favor of the Cardholder.
2.2.19 “Specification” shall mean a description of Payment Gateway, published at the Company website.
2.2.20 “Sanctions” shall mean any sanction administered or enforced by the European Union or other relevant sanctions authority.
2.2.21 “Processing Service” shall mean providing a safe software and technical infrastructure complying with the PCI DSS, for the purpose of secure exchange of data between settlements and data storage participants.
2.2.22 “Personal Data Processing Agreement” shall refer to a legal contract between a data controller and a data processor.
3. AVAILABILITY OF PAYMENT GATEWAY INFRASTRUCTURE
3.1 The Company shall ensure accessibility of servers and databases of the Payment Gateway infrastructure of no less than 99.9% of time per month (no more than 9.299 hours of downtime per month). Payment Gateway is deemed accessible if the servers it functions on work without Critical Errors.
3.2 Payment Gateway is provided on the terms of Internet access to the servers, where the software and the database management systems are hosted via interfaces provided in the Payment Gateway.
3.3 To ensure the adequate level of quality and security Parties agreed to introduce the schedule of preventive maintenance works, during which time the Payment Gateway will be inaccessible. Procedure for preventive maintenance works is set forth in the Standard operating procedure. During the preventive maintenance works the Payment Gateway is deemed accessible despite the interruption.
3.4 Measuring the availability of the servers’ connection with the Internet is carried out by an external monitoring service in accordance with Standard Operating procedure.
3.5 Company shall take reasonable measures to ensure the proper and continuous operation of the Payment Gateway and provision of the Processing Service.
4. NEW INVENTIONS
4.1 OWNERSHIP OF NEW INVENTIONS
4.1.1 The Client shall acquire no rights to new enhancements, translations, re-writings, revisions, updates, modifications, or improvements made by Company/Client in connection with the Payment Gateway (hereinafter — “the New Inventions”) which shall be considered as an integral part of the Payment Gateway, including but not limited to Acquirer integration software, from the moment of their creation unless parties agree to treat it differently and sign their intentions in the separate Agreement or Addendum to this contract.
4.2.1 Company shall be entitled to implement, at any time, any New Invention at its own discretion without Client’s consent, providing it does not influence the way the Client uses the system.
5. REPRESENTATIONS AND WARRANTIES OF COMPANY
5.1 Company hereby covenants, represents, and warrants to Client that:
(i) Company is a company validly existing and in good standing under the laws of The Republic of Estonia. Company has full corporate power and authority to own, lease and operate its property and to carry on its business as conducted and is duly qualified to transact business.
(ii) Company has full corporate power and authority to enter into and deliver the Agreement and all other agreements specified in or contemplated by the Agreement to be entered into and to perform its obligations hereunder and there under. The execution and delivery by Company of the Agreement and all other agreements specified in or contemplated by the Agreement to be entered into and the performance by Company of its obligations hereunder and there under have been duly authorized by all requisite action on its part.
(iii) The Agreement has been duly executed and delivered by Company and constitutes the legal, valid and binding obligation of Company enforceable against it in accordance with its terms. Company warranties to the Client that it has the rights to use and provide services based on the Payment Gateway Infrastructure.
(iv) Neither the execution and delivery by Company of the Agreement or any of the instruments or agreements herein referred to nor the consummation by it of any of the transactions contemplated hereby or thereby nor the performance by Company of the Agreement or any of the instruments or agreements herein referred to in accordance with their respective terms requires the consent, approval, order or authorization of, or registration with, or the giving of notice to any Governmental Body or any third party.
(v) Neither the execution and delivery by Company of the Agreement or any of the instruments or agreements herein referred to nor the consummation by it of any of the transactions contemplated hereby or thereby nor compliance by Company with any of their respective terms and provisions will contravene any existing law of The Republic of Estonia or regulation or any judgment, decree or order applicable to or binding upon Company or will contravene or result in any breach of, or constitute any default under, its organizational documents or any agreement or instrument to which it is a party or by which it or any of its properties may be bound, or result in the creation of any Lien upon property of Company.
(vi) The Company acknowledges that it is responsible for the security of Cardholder data that is being stored, processed, or transmitted within the Cardholder Data Environment (CDE) owned and managed by the Company.
6. REPRESENTATIONS AND WARRANTIES OF CLIENT
6.1 Client hereby covenants, represents, and warrants to Company that:
(i) Client has full corporate power and authority to own, lease and operate its property and to carry on its business as conducted and is duly qualified to transact business, and is in good standing, in all jurisdictions wherein the nature of its business or its ownership, lease or operation of property requires Client to be qualified as a foreign corporation or where the failure so to qualify might impair its right to enforce its contracts or expose it or its business, properties or assets to material liabilities.
(ii) Client has all the necessary licenses and permits for its business activities and will conduct its business in compliance with any and all laws and regulations applicable to the Client.
(iii) Client has full corporate power and authority to enter into and deliver the Agreement, General Terms and all other agreements specified in or contemplated by the Agreement to be entered into and to perform its obligations hereunder and there under. The execution and delivery by Client of the Agreement and all other agreements specified in or contemplated by the Agreement to be entered into and the performance by Client of its obligations hereunder and there under have been duly authorized by all requisite action on its part.
(iv) The Processing Agreement, the SOP, and the General Terms and all other agreements specified in or contemplated by the Agreement has been duly executed and delivered by Client and constitutes the legal, valid and binding obligation of Client enforceable against it in accordance with itse terms.
(v) Neither the execution and delivery by Client of the Agreement or any of the instruments or agreements herein referred to nor the consummation by it of any of the transactions contemplated hereby or thereby nor the performance by Client of the Agreement or any of the instruments or agreements herein referred to in accordance with their respective terms requires the consent, approval, order or authorization of, or registration with, or the giving of notice to any Governmental Body or any third party.
(vi) Neither the execution and delivery by Client of the Agreement or any of the instruments or agreements herein referred to nor the consummation by it of any of the transactions contemplated hereby or thereby nor compliance by Client with any of their respective terms and provisions will contravene any existing law, rule or regulation or any judgment, decree or order applicable to or binding upon Client or will contravene or result in any breach of, or constitute any default under, its certificate of incorporation or by-laws or any agreement or instrument to which it is a party or by which it or any of its properties may be bound, or result in the creation of any Lien upon property of Client.
(vii) The Client warrants and declares that the Client will not, and will not allow its Affiliates or any third party to: (I) copy, sell, license, distribute, transfer, modify, adapt, translate, prepare derivative works from, decompile, reverse engineer, disassemble the Payment Gateway and any part or component thereof, or otherwise perform illegal acts in relation to the Payment Gateway; (II) use the Payment Gateway to access, copy, transfer, transcode or retransmit content in violation of any law or third party rights; or (III) remove, obscure, or alter copyright notices, trademarks, or other proprietary rights affixed to or contained within the Payment Gateway if applicable.
(viii) The Client acknowledges that the Company is sole a technology provider and is not and will at no event be deemed to be a party to any Transaction between the Client and its customers or brands. The Client will be sole and exclusively liable to its customers and brands and will be solely responsible to any relationships between the Client and its customers.
(ix) Neither the Client nor any of its subsidiaries nor, to the knowledge of the Client, any director, officer, agent, employee or affiliate of the Client or any of its subsidiaries (i) is, or is controlled or 50% or more owned in the aggregate by or is acting on behalf of, one or more individuals or entities that are currently the subject of any Sanctions administered or enforced by the European Union, a member state of the European Union or other relevant sanctions authority (collectively, “Sanctions” and such persons, “Sanctioned Persons” and each such person, a “Sanctioned Person”), (ii) is located, organized or resident in a country or territory that is, or whose government is, the subject of Sanctions that broadly prohibit dealings with that country or territory (collectively, “Sanctioned Countries” and each, a “Sanctioned Country”) or (iii) will, directly or indirectly, use the proceeds of Processing Service or otherwise make available such proceeds to any subsidiary, joint venture partner or other individual or entity in any manner that would result in a violation of any Sanctions by, or could result in the imposition of Sanctions against, any individual or entity. Neither the Client nor any of its subsidiaries has engaged in any dealings or transactions with or for the benefit of a Sanctioned Person, or with or in a Sanctioned Country, in the preceding 5 years, nor does the Client or any of its subsidiaries have any plans to engage in dealings or transactions with or for the benefit of a Sanctioned Person, or with or in a Sanctioned Country.
7. LIABILITY OF THE COMPANY
7.1 CLIENT ACKNOWLEDGES THAT THE PAYMENT GATEWAY, THE PROCESSING SERVICES AND/OR TSP GTC (ENVIRONEX OU) API HEREUNDER ARE PROVIDED «AS IS», AND COMPANY DOES NOT WARRANT THAT THE USE OF THE PAYMENT GATEWAY, THE PROCESSING SERVICES, AND/OR TSP GTC — (ENVIRONEX OU) API FURNISHED IN CONNECTION WITH THIS AGREEMENT WILL BE UNINTERRUPTED OR ERROR-FREE. EXCEPT AS PROVIDED HEREIN THIS AGREEMENT, COMPANY PROVIDES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE PAYMENT GATEWAY OR THE PROCESSING SERVICE AND ITS FITNESS OR COMPATIBILITY WITH ANY PURPOSE.
7.2 Notwithstanding the aforesaid, the parties acknowledged that the use of the Payment Gateway is subject to factors which are not within Company’s control. The Company shall not be liable to any failure in the provision of the Processing Service which is caused exclusively by factors which are not in Company’s control.
7.3 The indemnification hereunder shall apply to all liabilities, damages, losses, expenses, claims, demands, suits proceedings, fines, judgments or execution proceedings (including without limitation, any reasonable legal fees, costs and related expenses) incurred or suffered by any indemnified party as a result of indemnified event as detailed above and any claims or proceedings brought by any third party arising out of or in connection with any breach of the indemnifying party’s obligations under the Agreement, gross negligence or willful misconduct on the part of the indemnifying party or anyone acting on its behalf.
7.4 Notwithstanding anything in the Agreement, Company’s total aggregate liability for all claims related to the Agreement, whether based on an action or claim in contract, tort (including negligence), breach of statutory duty or otherwise arising out of, or in relation to the Agreement, will be to 100% of the monthly average fees actually paid to the Company pursuant to the Agreement in the three (3) calendar month period prior to the cause of action giving rise to the first claim made under this Agreement.
7.5 NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR WILLFUL MISCONDUCT OR GROSS NEGLIGENCE, THE COMPANY SHALL BEAR NO LIABILITY TO THE CLIENT WITH RESPECT TO ANY AND ALL INDIRECT, CONSEQUENTIAL, INCIDENTAL AND PUNITIVE DAMAGES CAUSED TO THE CLIENT UNDER THIS AGREEMENT, INCLUDING BUT NOT LIMITED, LOSS OF DATA OR LOSS OF PROFITS, REGARDLESS IF COMPANY WAS ADVISED OF THE POSSIBLITY OF SUCH DAMAGES.
8. LIABILITY OF THE CLIENT
8.1 In the event of failure by the Client to pay any invoice on its due date, the Company will be entitled to suspend or terminate services rendered to the Client under this Agreement with immediate effect upon notice to the Client, and in addition to any other remedy to which the Company is entitled under this Agreement or any applicable law.
8.2 Client shall defend, indemnify, and hold Company and its respective officers, directors, agents, employees harmless from claim, demand, fine, or other liability incurred by any such party due to or arising out of any breach of the Agreement by the Client or any party on Client’s behalf.
9. CONSIDERATION, TAXES AND SETTELMENT CURRENCY
9.1 Collection. The Client is solely responsible for collection of payment from the Acquirer, and that the fees due to the Company are due to the Company without delay whether the Client collected payments from the Acquirer or not.
9.2 Taxes. The Client shall pay or reimburse to Company any applicable taxes and charges levied by any government authority on the services received by Client, including (not limited) value added tax, services tax.
9.3 Settlement currency. All sums of money due in consideration to the rendered services, will be calculated in invoices in euro currency. If some Transactions will be denominated in currencies other than euro, Company should apply exchange rate which is established by the European Central Bank (ECB) on date of each Transaction.
9.4 Invoicing. Company shall issue the Client an invoice for the fees due for the Processing Service once per month before the 7th day of the calendar month following the month in which the Processing Services have been rendered. Client will pay the invoice within ten (10) calendar days from receiving the invoice via email.
10. TERMS AND TERMINATION
10.1 Term of the Agreement is one year from the day of signing the Agreement by both Parties. The Agreement is deemed prolonged for one year under the same terms and conditions each time provided that neither Party to the Agreement notifies the other Party about its intention to terminate the Agreement by sending written notice three (3) months prior to expiration of the Agreement term.
10.2 The Agreement may be terminated only as follows:
10.2.1 by mutual agreement of Company and Client; or
10.2.2 by Company unilaterally without any reason provided that the Company notifies the Client one (1) months in advance about Agreement termination; or
10.2.3 by Company in the event: (a) Client files a petition in bankruptcy; (b) Client is adjudicated as bankrupt or insolvent; (c) a petition in bankruptcy is filed against Client and such petition remains undismissed, unstayed or unbonded for a period of more than 90 days; (d) Client makes a general assignment for the benefit of its creditors or an arrangement pursuant to any bankruptcy law; (e) Client applies for or consents to the appointment of a receiver, trustee, custodian, sequestrate, liquidator or similar official for itself or any of its assets or properties; (f) Client fails or is unable, or admits in writing to its inability, to pay its debts generally as they become due; (g) Client conceals, removes or transfers any of its assets or properties in violation or evasion of any bankruptcy, fraudulent conveyance or similar applicable law; (h) Client discontinues its business; or (i) the Client breached the Agreement and fails to remedy such breach within seven (7) days following receipt of notice from the Company; or (j) Client takes any action for the purpose of effecting any of the foregoing; or by operation of law. Notwithstanding the abovementioned, the Company will be entitled to terminate this Agreement with immediate effect by providing the Client with notice in the event the Company is prohibited from providing the License or the Processing Service by any regulative, legal or governmental authorities.
10.2.4 By the Client unilaterally and without any reason provided that the Company is provided with three (3) months written advance notice; or
10.2.5 By the Client in the event (a) Company files a petition in bankruptcy; (b) Company is adjudicated as bankrupt or insolvent; (c) a petition in bankruptcy is filed against Company and such petition remains undismissed, unstayed or unbonded for a period of more than 90 days; (d) Company makes a general assignment for the benefit of its creditors or an arrangement pursuant to any bankruptcy law; (e) Company applies for or consents to the appointment of a receiver, trustee, custodian, sequestrate, liquidator or similar official for itself or any of its assets or properties; (f) Company fails or is unable, or admits in writing to its inability, to provide the Services in accordance to the Agreement; (g) Company conceals, removes or transfers any of its assets or properties in violation or evasion of any bankruptcy, fraudulent conveyance or similar applicable law; (h) Company discontinues its business; or (i) Company takes any action for the purpose of effecting any of the foregoing; or by operation of law.
10.3 Any provisions of the Agreement, including the General Terms and all other agreements specified in or contemplated by the Agreement which by their nature should survive the termination of the Agreement, will survive the termination thereof.
11. CONFIDENTIAL INFORMATION
11.1 “Confidential Information” shall mean any information disclosed by either party (the “Disclosing Party”) to the other party or anyone acting in its behalf (the “Receiving Party”) or by its Affiliates, in any manner: directly or indirectly, in writing, orally, in digital form or in any other form or media, including, without limitation, data, technology, Payment Gateway and modifications or upgrades thereof, the Processing Service, know-how, designs, processes, documents, systems, specifications, plans, Personal Data, ESK issued by the Client, information concerning research and development work, prices, costs, proposed transaction terms and other commercial information and/or trade and business secrets including information which relates to current, planned or proposed products, marketing, sales and business plans or status, forecasts, projections and analyses, financial information, third party confidential information and customer information, including Clients, Acquirers, PSPs, Transactions and parties to Transactions, vulnerabilities found in the Payment Gateway infrastructure.
11.2 EXCEPTIONS TO CONFIDENTIAL INFORMATION
11.2.1 For the purposes of this Agreement, Confidential Information will not include any information that has been:
126.96.36.199 publicly known and made generally available in the public domain, through no action or inaction of the parties;
188.8.131.52 already in the possession of the party receiving the information at the time of disclosure by a Disclosing Party, as demonstrated by documentary evidence;
184.108.40.206 obtained by the Receiving Party from a third party without a breach of such third party’s obligations of confidentiality, as demonstrated by documentary evidence; or;
220.127.116.11 independently developed by the Receiving Party without use of or reference to the Confidential Information, as demonstrated by documentary evidence.
11.3 RESTRICTIONS ON USE
11.3.1 Receiving Party agrees and undertakes that it will not use the Confidential Information except in accordance with the purpose of this Agreement nor will it disclose any Confidential Information to any third parties without the Disclosing Party’s written consent.
11.3.2 Receiving Party may disclose the Confidential Information if required by law, so long as it gives the Disclosing Party prompt written notice of such requirement prior to such disclosure (unless such notice is prohibited by law) and assistance in obtaining an order protecting the Confidential Information from public disclosure. If such an order is not obtained, Receiving Party shall disclose only that portion of the Confidential Information which is legally required, and shall ensure confidential treatment of such information.
11.3.3 Except for backup of the Confidential Information, Receiving Party shall not make any copies of any Confidential Information without the prior written consent of the Disclosing.
11.4 STANDARD OF CARE
11.4.1 Receiving Party agrees that it shall hold all Confidential Information in strict confidence and shall safeguard the Confidential Information with the highest reasonable degree of care, while taking all reasonable precautions necessary to protect the secrecy and preserve the confidentiality of the Confidential Information.
11.4.2 Without limiting the foregoing, Receiving Party will take at least those measures that it takes to protect its own confidential information but take not less than reasonable measures and utilize not less than a reasonable standard of care.
11.5 PERMITTED DISCLOSURE
11.5.1 Receiving Party agrees not to disclose, even in part, any Confidential Information, except as provided herein. Disclosing Party shall only make the Confidential Information, and even then, specifically the relevant parts thereof, available to its employees, consultants, affiliates, agents and subcontractors, excluding any entity (and any personnel of such entity) that is a competitor of the Disclosing Party, on a “need to know” basis in order to carry out the purpose of the Agreement (such recipients, collectively, the “Authorized Recipients”).
11.5.2 Prior to any disclosure of the Disclosing Party’s Confidential Information to the Authorized Recipients to the extent permitted hereunder, the Receiving Party will ensure that such Authorized Recipients are bound by a non-use and non-disclosure agreement that contains provisions in respect of disclosure and use of Confidential Information that are substantially similar to the applicable provisions of this clause. Furthermore, each party will reproduce the other party’s proprietary rights and confidentiality notices on any approved copies of Confidential Information.
11.6 INJUNCTIVE RELIEF
11.6.1 The parties acknowledge that unauthorized disclosure or use of Confidential Information may give rise to irreparable injury, which may not be adequately compensated by damages. The Parties agree and acknowledge that money damages may not be a sufficient remedy for any breach or threatened breach of this Agreement by either party and that the other party shall be entitled to seek specific performance or injunctive relief (as appropriate) as a remedy for any breach or threatened breach thereof, in addition to any other remedies available at law or in equity.
11.7 RETURN OF MATERIALS
11.7.1 Upon the written request of the Disclosing Party, the Receiving Party shall promptly return to the Disclosing Party or destroy all copies of the Confidential Information. Receiving Party shall furnish the Client, together with such returned materials or subsequent to any destruction thereof, a certificate duly executed by an officer of such party, confirming that the provisions of this section have been complied with. Return or destruction of the Confidential Information as required hereunder shall not affect the remaining obligations pursuant to this Agreement.
12. FORCE MAJEURE
12.1 If performance by any Party of any service or obligation under this Agreement is prevented, restricted, delayed or interfered with by reason of, inter alia, strikes, acts of God, fire, floods, lightning, earthquakes, severe weather, utility or communication failures, failures of any relevant bank or network, DDoS attacks, computer associated outages or delay in receiving electronic data, war, civil commotion, or any law, order or regulation, etc. having legal effect, then that Party shall be excused from its performance hereunder to the extent and duration of the prevention, restriction, delay or interference.
13.1 Each Party shall promptly upon learning of same notify the other Party of the facts and circumstances surrounding any alleged infringement of the rights or misappropriation of the rights or any right of either party known to the other Party hereto.
14.1 ASSIGNMENT. Client shall not assign or transfer the Agreement or any part thereof to any other entity without the prior written consent of the Company. The Company will be entitled to assign this Agreement by notifying the Client. Upon assignment to an Affiliate, the references in the Agreement to Company or Client, as applicable, shall also apply to any such assignee unless the context otherwise requires.
14.2 NO PARTNERSHIP OR JOINT VENTURE. Nothing herein contained shall be construed to place the parties in relationship of partners or joint ventures, and Client shall have no power to obligate or bind Company in any manner whatsoever.
14.3 SEVERABILITY. If any provision or provisions of the Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
14.4 COMMUNICATION BETWEEN PARTIES. Communication between Parties shall be performed in accordance with the order stated in Standard operating procedure.
14.5 DISPUTE RESOLUTION. Any dispute, controversy or claim between the Parties hereto arising out of or relating to this Agreement or any alleged breach thereof which cannot be amicably settled between the parties shall be exclusively referred to arbitration in accordance with the law of The Republic of Estonia.
14.6 GOVERNING LAW & JURISDICTION. This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed exclusively by and construed in accordance with the laws of The Republic of Estonia.
14.7 COSTS AND EXPENSES. Company and Client shall each bear its own costs and expenses incurred in connection with the negotiation and execution of the Agreement and each other agreement, document and instrument contemplated by the Agreement and the consummation of the transactions contemplated hereby and thereby.
14.8 HEADINGS. The headings used in the Agreement are for convenience only and do not define, limit or construe the contents thereof.
14.9 CONSTRUCTION. Whenever used in the Agreement, the singular shall be construed to include the plural and vice versa, where applicable, and the use of the masculine, feminine or neuter gender shall include the other genders.
14.10 COUNTERPARTS. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
14.11 THIRD-PARTY CONTRACTS. The Company may enter any agreements and sign appropriate contracts required to deliver its services, e.g. with banks, third-party PSPs or any other organizations, including the ones that have relations with the Client.
14.12 THIRD PARTY RIGHTS. A Person who is not a party to this agreement shall not have any rights to enforce any term of this agreement. The rights of the parties to terminate, rescind or agree any variation, waiver or settlement under this agreement are not subject to the consent of any other person.
14.13 RESPONSIBILITY. Client shall independently render services to its contract partners, Company bears no responsibility for the activity performed by Client.
Appendix #1 PERSONAL DATA PROCESSING AGREEMENT
1.1 Parties complies with global data protection regulations and requires all own suppliers to verify their compliance. Whereas that Client has entered into Client Service Agreement to provide services involving the processing of Client personal data. The Company must certify its compliance with GDPR and other data protection regulations.
2. TERMS AND DEFINITIONS
2.1 Personal Data means any information disclosed by Client to the Company and/or collected by the Company pursuant to this Client Service Agreement relating to an identified or identifiable individual («Data Subject»), including, without limitation, name, address, e-mail, telephone number, business contact information, date of birth, Social Security Number, credit or debit card number, bank account number, and any other unique identifier or one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity;
2.2 Personal Data Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.3 Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the Personal Data Processing;
2.4 Other Controller means any entity other than Client that is controller of the Client personal data, such as Client’s affiliated companies.
2.5 Data Subject is the identified or identifiable natural person the personal data is relating to.
2.6 Personal Data Breach means a suspected or actual breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.7 Processor means the natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the Controller;
2.8 Subprocessor means any Processor engaged (i) by the Processor or (ii) by Subprocessor of the Processor to process Personal Data on behalf and in accordance with the instructions of the Controller pursuant to this Client Service Agreement;
2.9 Data Protection Law means the GDPR and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC, and as amended and replaced from time to time) and their national implementing legislations; the Swiss Federal Data Protection Act (as amended and replaced from time to time); the Monaco Data Protection Act (as amended and replaced from time to time); the UK Data Protection Act (as amended and replaced from time to time); and the Data Protection Acts of the European Economic Area («EEA») countries (as amended and replaced from time to time);
2.10 GDPR means the EU General Data Protection Regulation.
2.11 Europe means the European Economic Area, Switzerland, Monaco and the United Kingdom.
3. ROLES OF THE PARTIES
3.1 In the context of the Client Service Agreement, the Parties agree that Company acts as Processor acting on behalf of Client who act as Controllers.
3.2 Client appoints Company as Processor, or as Sub-Processor of Client’s customers (in particular Cardholders), for the Personal Data Processing for the purpose of providing the Processing Service specified in Client Service Agreement. In that context, Client, as Controller, or Processor acting on behalf of its customers, has the sole and exclusive authority to determine the purposes and means of the Personal Data Processing that are disclosed to and collected by Company. Company will Process Personal Data only on behalf and for the benefit of Client, or of Client’s customers, and only to carry out its obligations under this Client Service Agreement as implemented and to the extent required for execution of the Client Service Agreement.
4.1 This Personal Data Processing Agreement (“PDPA”) applies if and to the extent supplier is processing Client personal data. Client appoints supplier as processor to process such Personal data.
4.2 Company will process Personal data for the sole purpose of providing a Processing Service to Client.
4.3 Company will comply with all Data Protection Laws in respect of the services applicable to processors and is responsible for the lawfulness of supplier’s processing of Client personal data.
5. DATA SECURITY, SUBJECT RIGHTS AND REQUESTS
5.1 Company will implement and maintain technical and organizational measure to ensure an appropriate level of security. Company shall regularly monitor its compliance with the respective technical and organizational measures.
5.2 To the extent permitted by law, Company will inform Client without undue delay of the requests from Data subjects exercising their Data Subject rights (e.g. rectification, deletion and blocking of data) addressed directly to Company regarding Personal data.
6. THIRD PARTY REQUESTS AND CONFIDENTIALITY
6.1 Company will not disclose Client personal data to any third party, unless authorized by Client or required by mandatory law. If a government or supervisory authority demands access to Client personal data, supplier will notify Client prior to disclosure unless prohibited by law.
7.1 Company shall impose the same data protection obligations as set out in the PDPA on any Subprocessor, and ensure that the relevant obligations can be directly enforced by Subprocessors.
7.2 Company remains responsible for its Subprocessors and liable for their acts and omissions as for own acts and omissions and any references to Company’s obligations, acts and omissions in the PDPA shall be construed as referring also to the Company’s Subprocessors.
8. PERSONAL DATA BREACH
8.1 Company will inform Client without undue delay of any suspected non-compliance with applicable Data Protection Laws or relevant contractual terms or in case of serious disruptions to operations or any other irregularities in the processing of the Client Personal Data. Company will promptly investigate and rectify any noncompliance as soon as possible and upon Client’s request, provide Client will all information requested with regard to the suspected non-compliance.
8.2 Company will notify Client without undue delay (and in no event later than 24 hours) after becoming aware of a Personal Data Breach in respect of the Processing Service. Company will promptly investigate the Personal Data Breach and will provide Client with reasonable assistance to satisfy any legal obligations (including obligations to notify Supervisory Authorities or Data Subjects) of Client and/or Other Controllers in relation to the Personal Data Breach.
9. COMPLIANCE WITH EU DATA PROTECTION LAW
9.1 Both Parties represent and warrant that they will comply with Data Protection Law when Processing Personal Data in the context of the execution of the PDPA.
9.2 Both parties have to notify each over when any law or legal requirement prevents them from fulfilling its obligations under this PDPA or Data Protection Law. In this situation, any Party is entitled to suspend the Personal Data Processing and to terminate any further Personal Data Processing and Client Service Agreement this PDPA concurrently, if doing so is required to comply with Data Protection Law.
9.3 Company agrees and warrants that it is prohibited from transferring Personal Data outside of Europe except if the Personal Data are transferred to a country which has been considered to provide an adequate level of protection under Data Protection Law or to a data recipient which has implemented adequate safeguards under Data Protection Law such as approved Binding Corporate Rules, Standard Contractual Clauses or the EU-U.S./Swiss-U.S. Privacy Shield Frameworks.
10. REPRESENTATIONS AND WARRANTIES OF COMPANY
10.1 Company has implemented and maintains a comprehensive written information security program that complies with Data Protection Law, including appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
11. THE COMPANY’S DPO
11.1 Kirill Dmitriev was appointed as Company’s Data Protection Officer. Client’s staff and customers may contact Company’s DPO via e-mail: email@example.com and firstname.lastname@example.org.