Contracts
PCI Pal General Terms and Conditons - V1 - 11 October 2023.docx
Effective March 25th 2024
DownloadSummary of changes
Updated higher insurance coverages and SLA link
Table of Contents
PCI PAL GENERAL TERMS AND CONDITIONS
- SCOPE
- Agreement: These General Terms and Conditions (the “General Terms”) govern the licensing of PCI Pal’s ( “PCI Pal”, “we”, “us” or “our”) PCI DSS compliant payment processing solution (“Platform”) and provision of related services, including implementation, integration and support services, collectively and together with Platform access, the “Services”, to a party subscribing to the Services (“Customer”) under a Service Order Form.
- Subscription: Customer will subscribe to the Services as set forth in the relevant Service Order Form and PCI Pal will supply and sell the subscription to the Customer (“Subscription”). Each Subscription is subject to and governed by these General Terms, the applicable Service Order Form, the terms and conditions of the NDA (if any), the Data Privacy and Security Addendum, and any amendments to any of the foregoing as may be agreed upon by the parties, which together constitute the agreement between Customer and PCI Pal (“Agreement”). Each Subscription is a separate agreement between Customer and PCI Pal. In the event of any conflict between the terms and conditions of the various components of this Agreement, the following order of precedence will apply: (a) any amendment agreed upon by the parties; (b) the Privacy and Security Addendum; (c) the NDA (if any); (d) these General Terms; and (e) the Service Order Form.
- LICENSES
- License: Subject to the terms and conditions of this Agreement, during the term of this Agreement, PCI Pal will make the Services available to Customer and its Affiliates and Customer’s and its Affiliates’ authorized users, if any, and grants to Customer, its Affiliates and Customer’s and Customer’s Affiliates’ authorized users, if any, a non-exclusive, non-transferable, non-sublicensable, worldwide, revocable right and license to use the Services solely in connection with Customer’s internal business operations and for no other purpose. Customer accepts sole responsibility for the use of the Services by Customer, Customer’s Affiliates and Customer’s and its Affiliates’ authorized users, and any other user who gains access to the Services through Customer, its Affiliates or its or its Affiliates’ authorized users. PCI Pal may also provide Customer specifications, technical manuals and other materials related to the Platform (“Documentation”) to be used by Customer in accessing and using the Services. Customer shall only use the Documentation in connection with its permitted use of the Services.
- License Restrictions: Except as specifically provided in this Agreement, Customer and its Affiliates and Customer’s and its Affiliates’ authorized users will not: (a) copy the Software and/or the Services, in whole or in part; (b) distribute copies of the Software and/or the Services, in whole or in part, to any third party; (c) modify, adapt, translate, make alterations to or make derivative works based on the Software and/or the Services or any part thereof; (d) except as permitted by Law, decompile, reverse engineer, disassemble or otherwise attempt to derive source code from the Software in the Platform (e) use, rent, loan, sub-license, lease, distribute or attempt to grant other rights to any part of the Services to third parties; (f) use the Services to act as a consultant, service bureau or application service provider; or (g) permit access of any kind to the Services to any third party.
- PROVISION OF SERVICES
- Platform Services: Following purchase by Customer of a Subscription in accordance with the relevant Service Order Form, PCI Pal will provide and continue to provide access to the Services until the expiration or termination of the Subscription in accordance with the terms of this Agreement.
- Professional Services: The Services are a software-as-a-service offering and integration and/or implementation to the Platform may be required. If integration and/or implementation is required, Customer is required to purchase professional services in accordance with the relevant Service Order Form. The professional services may be further described under a Statement of Work provided by PCI Pal.
- Support Services: PCI Pal will provide support services to Customer in accordance with the Service Level Agreement.
- Service Level Agreement: PCI Pal will provide the Services in accordance with the relevant Service Level Agreement.
- Suspension of Services: PCI Pal will be entitled to suspend the provision of the Services: (a) where required to comply with applicable Law or the order or instruction of a regulatory body; (b) as necessary to perform maintenance and improvement works to underlying systems; (c) if Customer has, or PCI Pal reasonably believes that Customer has breached the terms of this Agreement, including the Acceptable Use Policy. PCI Pal will: (i) provide as much notice as reasonably practicable under the circumstances; and (ii) where performing maintenance, use reasonable endeavors to perform such maintenance outside of business hours and in any event, in accordance with the Service Level Agreement.
- Service Updates: PCI Pal may issue changes to the Services including improvements and PCI Pal may update the Agreement accordingly. Any updates will form part of PCI Pal’s intellectual property rights. If any such changes result in a material degradation of the Services, Customer will have the right to terminate this Agreement on 7 days’ written notice.
- Third Party Products: The Services may depend on the use of Third Party Products. Customer’s use of any Third Party Products will be subject to the terms of the shrink-wrap, click-wrap or other accompanying license or terms of service included or provided with or agreed in respect of such Third Party Products. PCI Pal shall have no liability or additional obligations to Customer in connection with Third Party Products. PCI Pal has no authority or ability to negotiate or vary the Third Party Products or the terms that apply to such Third Party Products or enter into any contract on behalf of the provider of Third Party Products. Depending on the nature of the Third Party Products, PCI Pal may receive a commission payment from the provider of Third Party Products for Customer’s use of such Third Party Products.
- FEES
- Fees may comprise set-up, professional services and license fees and will be set out in the relevant Service Order Form. PCI Pal will invoice Customer for the fees in advance upon acceptance of the Service Order Form, either annually in advance or at such different billing frequency agreed under the Service Order Form. All fees paid by Customer are non-refundable and non-prorated unless otherwise noted in this Agreement or agreed to by the parties.
- Subject to this Clause 4, all past due payments will bear interest at the rate of 1.5% per month or such lower rate as permitted by law, and Customer will pay all collection costs incurred by PCI Pal. If Customer disputes in good faith any amount on an invoice, Customer will pay the undisputed amount and will notify PCI Pal in writing of the disputed amount no later than the date the payment would otherwise be due, providing reasons.
- Subject to any agreed Initial Subscription Term, PCI Pal reserves the right to increase the fees once, annually. Any increase to the fees will be based on the Consumer Price Index subject to a minimum of 3%.
- Additional charges will automatically apply following any Subscription upgrades, add-ons or increase in the number of authorized users by Customer agreed in writing. Any incremental Subscription charges associated with such upgrade, add-on or increase will be prorated over the remaining time in the relevant payment cycle, charged to the Customer’s account and due and payable on the next payment date. Customer’s future Subscription charges will reflect any such upgrade or increase in full. If Customer procures any services provided by a third party directly through PCI Pal (“Third Party Services”) and such Third Party Services are subject to a price increase, PCI Pal will pass-through such increase at cost and without any uplift.
- PCI Pal reserves the right to introduce special pricing if Customer uses the Services in an excessive manner, including any use contrary to clause 7.1.
- Customer shall be responsible for the payment of any fees and charges payable in respect of any Third Party Products it procures in accordance with the terms and conditions applicable to such Third Party Products.
- Taxes: Each party will be responsible, as required under applicable Law, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest and other additions thereto) that are imposed on that party related to the transactions and payments under this Agreement (which may be due in addition to the fees or rates payable by Customer). PCI Pal may charge, and Customer will pay, where applicable, national, state or local sales or use taxes, or value added or goods and services tax, or withholding or other taxes (“Taxes”). Customer will receive a compliant tax invoice, where required. PCI Pal will be responsible for all other taxes or fees arising (including interest and penalties) from transactions and the documentation of transactions under this Agreement. Upon request, Customer will provide such information to PCI Pal as reasonably required to determine whether it is obligated to collect Taxes from Customer. PCI Pal will not collect, and Customer will not be obligated to pay (or will be refunded), any such tax or duty for which Customer furnishes PCI Pal a properly completed exemption certificate or a direct payment permit certificate or for which claims an available exemption from tax. PCI Pal will provide Customer with any forms, documents or certifications as may be required for Customer to satisfy any information reporting or withholding tax obligations with respect to any payments under this Agreement.
- INTELLECTUAL PROPERTY RIGHTS
- PCI Pal Services: The Services and material or content contained therein including, without limitation, the Software, source code, all graphics, interfaces, features, functions, text, text buttons, design and organization, selection and arrangement, logos, audio and video clips, contain copyright material, trademarks, data, research and other proprietary rights owned by, or licensed to, PCI Pal. PCI Pal will reserve and retain the rights, title, and interest in and, to the Services, including, without limitation, all intellectual property rights therein or relating thereto, except as expressly granted to Customer under this Agreement. Customer does not acquire any ownership interest in the Services under this Agreement, or any other rights thereto other than to use the Services in accordance with the limited license and rights granted under this Agreement, and subject to all terms, conditions, and restrictions, under this Agreement. Customer acknowledges and agrees that the Services are provided under limited license and access rights and are not sold to Customer.
- Customer Feedback: Customer and/or its authorized users and/or its end users may choose to submit comments, questions, ideas, suggestions or other feedback relating to the PCI Pal Services to PCI Pal (“Feedback”). By submitting any Feedback, Customer hereby grants PCI Pal the rights and license to freely use, copy, disclose, license, distribute and exploit such Feedback in any manner without any obligation, royalty or restriction based on intellectual property rights or otherwise.
- Customers are subject to restrictions in Clause 2.2 and must not commercially exploit the Services and material or content contained therein in any way unless express permission is provided by PCI Pal or of the copyright owner, as the case may be, or except as may be expressly authorized by copyright laws. Customers must not remove, delete, alter, or obscure any notices of copyright, trademark, patent or any other intellectual property or proprietary rights from the Services, including any copy thereof.
- WARRANTIES
- Platform Services: PCI Pal represents and warrants that: (a) the Software, and the Platform, will conform, in all material respects, to the Documentation during the Warranty Period; (b) PCI Pal will use industry standard practices to detect and protect the Software, and the Platform against any viruses, “Trojan horses” or other harmful code designed or used for unauthorized access to or use, disclosure, modification or destruction of information within the Software, and the Platform or interference with or harm to the operation of the Software, and the Platform or any systems, networks or data, including using anti-malware software and keeping anti-malware software up to date prior to making the Software (including any Software provided through the Platform) available to Customer, and scanning the Software, and the Platform on a regular basis; and (c) the Software, and the Platform will comply with the then-current version of the PCI DSS.
- Professional and Support Services: PCI Pal warrants that the Services will be performed in a professional manner with a level of care, skill and diligence performed by experienced and knowledgeable professionals in the performance of similar services.
- Warranty Exclusions: PCI Pal will have no liability or obligation with respect to any warranty to the extent attributable to any: (a) use of the Services by Customer in violation of this Agreement or applicable Law; (b) unauthorized modifications to the Services made by Customer or its personnel; (c) use of the Services in combination with third-party equipment or software not provided or made accessible by PCI Pal or contemplated by the Service Order Form or Documentation; or (d) use by Customer of Services in conflict with the Documentation, to the extent that such nonconformity would not have occurred absent such use or modification by Customer.
- Compliance with laws: Each party represents and warrants that it will comply with all applicable international, national, state and local laws, ordinances, rules, regulations and orders, as amended from time to time (“Laws”) applicable to such party in its performance under this Agreement.
- Power and authority: Each party represents and warrants that: (a) it has full power and authority to enter in and perform this Agreement and that the execution and delivery of this Agreement has been duly authorized; and (b) this Agreement and such party’s performance hereunder will not breach any other agreement to which the party is a party or is bound or violate any obligation owed by such party to any third party.
- Disclaimer: EXCEPT FOR THE WARRANTIES SPECIFIED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE SERVICES, CUSTOMER MATERIALS AND CUSTOMER DATA, AND EACH PARTY HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. PCI Pal does not warrant: (a) that the Services will meet Customer’s requirements; or (b) that the operation of the Software will be uninterrupted or error free.
- OBLIGATIONS AND RESPONSIBILITIES
- Acceptable Use: Customer must use the Services in accordance with the Acceptable Use Policy and the Subscription including with respect of usage rights. Customer will not intentionally use the Services to: (a) store, download or transmit infringing or illegal content, or any viruses, “Trojan horses” or other harmful code; (b) engage in phishing, spamming, denial-of-service attacks or fraudulent or criminal activity; (c) interfere with or disrupt the integrity or performance of the Platform or data contained therein or on PCI Pal’s system or network; or (d) perform penetration testing, vulnerability testing or other security testing on the Platform or PCI Pal’s systems or networks or otherwise attempt to gain unauthorized access to the Platform or PCI Pal’s systems or network or (e) for any other purpose other than as intended by this Agreement.
- Confidentiality
- “Confidential Information” means any nonpublic information directly or indirectly disclosed by either party (the “Disclosing Party”) to the other party (the “Receiving Party”) or accessible to the Receiving Party pursuant to this Agreement that is designated as confidential or that, given the nature of the information or the circumstances surrounding its disclosure, reasonably should be considered as confidential, including without limitation technical data, trade secrets, know-how, research, inventions, processes, designs, drawings, strategic roadmaps, product plans, product designs and architecture, security information, marketing plans, pricing and cost information, marketing and promotional activities, business plans, customer and supplier information, employee and user information, business and marketing plans, and business processes, and other technical, financial or business information, and any third party information that the Disclosing Party is required to maintain as confidential. Confidential Information will not, however, include any information which: (a) was publicly known or made generally available to the public prior to the time of disclosure; (b) becomes publicly known or made generally available after disclosure through no fault of the Receiving Party; (c) is in the possession of the Receiving Party, without restriction as to use or disclosure, at the time of disclosure by the Disclosing Party; (d) was lawfully received, without restriction as to use or disclosure, from a third party (who does not have an obligation of confidentiality or restriction on use itself); or (e) is developed by the Receiving Party independently from this Agreement and without use of or reference to the Disclosing Party’s Confidential Information or Proprietary Rights.
- Feedback will not be considered Customer’s Confidential Information, and nothing in this Agreement limits PCI Pal’s right to independently use, develop, evaluate, or market products or services, whether incorporating Feedback or otherwise. Except for rights expressly granted in this Agreement, each party reserves all rights in and to its Confidential Information. The parties agree that the Services are Confidential Information of PCI Pal.
- Obligations: The parties will maintain as confidential and will avoid disclosure and unauthorized use of Confidential Information of the other party using reasonable precautions. Each party will protect such Confidential Information with the same degree of care that a prudent person would exercise to protect its own confidential information of a like nature, and to prevent the unauthorized, negligent, or inadvertent use, disclosure, or publication thereof or access thereto. Each party will restrict Confidential Information to individuals who need to know such Confidential Information and who are bound to confidentiality obligations at least as protective as the restrictions described in this Clause 7.2. Except as necessary for the proper use of the Software, the exercise of a party’s rights under this Agreement, performance of a party’s obligations under this Agreement or as otherwise permitted under this Agreement, neither party will use Confidential Information of the other party for any purpose except in fulfilling its obligations or exercising its rights under this Agreement. Each party will promptly notify the other party if it becomes aware of any unauthorized use or disclosure of the other party’s Confidential Information, and reasonably cooperate with the other party in attempts to limit disclosure.
- Compelled Disclosure: If and to the extent required by law, including regulatory requirements, discovery request, subpoena, court order or governmental action, the Receiving Party may disclose or produce Confidential Information but will give reasonable prior notice (and where prior notice is not permitted by applicable Law, notice will be given as soon as the Receiving Party is legally permitted) to the Disclosing Party to permit the Disclosing Party to intervene and to request protective orders or confidential treatment therefore or other appropriate remedy regarding such disclosure. Disclosure of any Confidential Information pursuant to any legal requirement will not be deemed to render it non-confidential, and the Receiving Party’s obligations with respect to Confidential Information of the Disclosing Party will not be changed or lessened by virtue of any such disclosure.
- NDA: Customer and PCI Pal may agree that a separate nondisclosure agreement between Customer and PCI Pal (“NDA”) will apply to the Subscription, in which case the terms and conditions thereof are incorporated herein by reference and will apply instead of Clauses 7.2.1 to 7.2.4.
- Customer Data and Customer Materials:
- Customer acknowledges that PCI Pal may, directly or indirectly, collect and store Aggregated Data and De-identified Data regarding Customer’s use of the Services. Customer agrees that PCI Pal may use such information for any purpose related to any use of the Services, including, without limitation, improving the performance of the Platform or developing any improvement on, modification or alteration of, or enhancement to any part or all of the Services or any matter relating to the Services whether directly or indirectly (“Improvements”), and verifying compliance with the terms of this Agreement and enforcing PCI Pal’s rights, including all Proprietary Rights in and to the Services, including the Software.
- Customer is and will continue to be the sole and exclusive owner of all Customer Materials, Customer Data and other Confidential Information of Customer, including all Proprietary Rights therein. Nothing in this Agreement will be construed or interpreted as granting to PCI Pal any rights of ownership in or to the Customer Data and Customer Materials.
- Customer Data will reside in the AWS region selected by Customer throughout the Subscription Term of the relevant Service Order Form. PCI Pal will not change the AWS region without Customer’s prior written consent. Customer Data may be accessed outside the selected AWS region solely for the purposes of providing Services, including maintenance, support and/or responding to a troubleshooting request, provided however, PCI Pal must always comply with its obligations under applicable privacy legislation and the Data Privacy and Security Addendum.
- Customer will obtain all necessary consents, authorizations and rights and provide all necessary notifications in order to provide Customer Data to PCI Pal and for PCI Pal to use Customer Data in the performance of its obligations in accordance with the terms and conditions of this Agreement, including any access or transmission to third parties with whom Customer shares or permits access to Customer Data.
- PCI DSS Compliance:
- As used in this Clause 7.5, the following terms shall have the following meaning: (a) “Cardholder Data” shall have the meaning provided in the PCI DSS, which shall include all data elements described therein; (b)“PCI DSS” shall mean the then-current and in effect Payment Card Industry Data Security Standard, as such may be amended, modified, supplemented, or replaced from time to time.
- In connection with its performance of the Services hereunder, PCI Pal acknowledges that PCI Pal: (i) is responsible for the security of any and all Cardholder Data that PCI Pal, at any time, stores, processes, transmits, or possesses; and (ii) shall comply with the PCI DSS.
- Customer acknowledges and agrees that: (i) it is responsible for the security of any and all Cardholder Data that it, at any time, stores, processes, transmits, or possesses outside of the Services; and (ii) it shall, at all times, comply with the PCI DSS.
- PCI Pal shall remain as being compliant with the PCI DSS to the extent applicable and required by the PCI DSS. Upon sixty (60) days written request from the Customer to PCI Pal, and once per year, PCI Pal shall provide Customer with such evidence, information, and documentation as is reasonably necessary to confirm either PCI Pal’s compliance with the PCI DSS or exemption therefrom.
- Security: PCI Pal will, consistent with industry standard practices, implement and maintain physical, administrative and technical safeguards and other security measures: (a) to maintain the security and confidentiality of Customer Data; and (b) to protect Customer Data from known or reasonably anticipated threats or hazards to its security, availability and integrity, including accidental loss, unauthorized use, access, alteration or disclosure. Without limiting the foregoing, PCI Pal will provide the Services in compliance with the Data Privacy and Security Addendum.
- Data Protection Legislation
- Each party will comply with all data protection Laws, and any implementation of such laws, applicable to its performance under this Agreement and the Data Privacy and Security Addendum. The parties acknowledge and agree that they will consider in good faith implementing any codes of practice and best practice guidance issued by relevant authorities as they apply to applicable country specific data protection laws or their implementation.
- Injunctive Relief: Both parties agree that a breach of any Proprietary Rights, including Intellectual Property, Confidentiality or Data Protection provisions of this Agreement may cause irreparable damage, for which the award of damages may not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and the non-breaching party may seek the entry of an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.
- LIMITATION OF LIABILITY
- Disclaimer; General CAP: SUBJECT TO CLAUSES 8.2, 8.3 and 8.4, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL: (A) EITHER PARTY, OR THEIR AFFILIATES, BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST SALES OR BUSINESS, LOSS OF DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, COMPUTER FAILURE OR MALFUNCTION, OR ANY OTHER CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, OR PUNITIVE DAMAGES ARISING FROM THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND (B) EITHER PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, EXCEED AN AMOUNT EQUAL TO THE AGGREGATE OF ALL FEES ACTUALLY PAID AND PAYABLE BY CUSTOMER DURING THE 12-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO SUCH DAMAGES.
- Exception for Fraud, Gross Negligence or Willful Misconduct: THE FOREGOING EXCLUSIONS OF AND LIMITATIONS OF LIABILITY IN CLAUSE 8.1(A) AND (B) WILL NOT APPLY TO EITHER PARTY’S FRAUD, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.
- Exception for Certain Indemnification Obligations: THE FOREGOING EXCLUSIONS OF AND LIMITATIONS OF LIABILITY IN CLAUSE 8.1(A) AND (B) WILL NOT APPLY TO ANY COSTS OF DEFENSE AND ANY AMOUNTS AWARDED AGAINST THE INDEMNIFIED PARTY BY A COURT OF COMPETENT JURISDICTION OR AGREED UPON PURSUANT TO A SETTLEMENT AGREEMENT THAT IS SUBJECT TO SUCH PARTY’S INDEMNIFICATION AND DEFENSE OBLIGATIONS UNDER THIS AGREEMENT.
- Special Cap for Security Breach
- THE FORGOING EXCLUSIONS OF AND LIMITATIONS ON LIABILITY SET FORTH IN SECTIONS 8.1(A) AND (B) WILL NOT APPLY TO, AND INSTEAD CLAUSE 8.4.2 WILL APPLY TO: (A) CUSTOMER’S COSTS OF INVESTIGATION, NOTIFICATION, REMEDIATION AND MITIGATION RESULTING FROM ANY UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF CUSTOMER DATA RESULTING FROM BREACH OF PCI PAL’S OBLIGATIONS UNDER THE PRIVACY AND SECURITY ADDENDUM, INCLUDING NOTICE OF BREACH TO AFFECTED INDIVIDUALS, INDUSTRY SELF-REGULATORY AGENCIES, GOVERNMENT AUTHORITIES AND THE PUBLIC, AND CREDIT AND IDENTITY THEFT MONITORING SERVICES FOR AFFECTED INDIVIDUALS AND PCI PAL’S OBLIGATIONS WITH RESPECT THERETO PURSUANT TO THE PRIVACY AND SECURITY ADDENDUM; AND (B) ANY LIABILITIES ARISING FROM CLAIMS BROUGHT BY THIRD PARTIES AGAINST CUSTOMER ARISING FROM ANY UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF CUSTOMER DATA RESULTING FROM BREACH OF PCI PAL’S OBLIGATIONS UNDER ANY PRIVACY AND SECURITY TERMS, INCLUDING OUT-OF-POCKET COSTS OF DEFENSE AND ANY AMOUNTS AWARDED AGAINST CUSTOMER BY A COURT OF COMPETENT JURISDICTION OR AGREED UPON PURSUANT TO A SETTLEMENT AGREEMENT.
- PCI PAL’S AGGREGATE LIABILITY UNDER THIS AGREEMENT FOR ANY UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF CUSTOMER DATA RESULTING FROM BREACH OF PCI PAL’S OBLIGATIONS UNDER ANY PRIVACY AND SECURITY TERMS, INCLUDING CUSTOMER’S COSTS SET FORTH IN CLAUSE 8.4.1 AND ITS OBLIGATIONS PURSUANT TO THE PRIVACY AND SECURITY ADDENDUM, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, WILL NOT EXCEED (IN LIEU OF AND NOT IN ADDITION TO THE AMOUNT SET FORTH IN CLAUSE 8.1) THE GREATER OF (i) FOUR TIMES THE FEES AND OTHER AMOUNTS PAID AND REQUIRED TO BE PAID UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE DAMAGES OR (ii) $1 MILLION (OR EQUIVALENT VALUE OF THE CURRENCY STIPULATED ON THE RELEVANT SERVICE ORDER FORM(S)).
- CUSTOMER ACKNOWLEDGES THAT CLAUSE 8 IS AN ESSENTIAL PART OF THIS AGREEMENT. Some jurisdictions do not allow the exclusion of implied warranties or limitation of liability for incidental or consequential damages, which means that some of the above limitations may not apply to Customer. In those jurisdictions, PCI Pal’s liability will be limited to the maximum extent permitted by applicable Law. The limitations set forth in this clause will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose.
- INDEMNIFICATION
- PCI Pal Indemnity: PCI Pal will, at its expense, indemnify, defend and hold harmless Customer and its Affiliates and their respective officers, directors, employees, agents and representatives (collectively “Customer Indemnified Parties”) from and against any and all claims, actions, proceedings and suits brought by a third party, and any and all liabilities, losses, damages, settlements, penalties, fines, costs and expenses (including reasonable attorneys’ fees) (“Claims”), to the extent arising out of or relating to an allegation of any infringement, misappropriation or violation of any intellectual property rights by the Services or Customer’s use thereof as permitted under this Agreement.
- Customer Indemnity: Customer will, at its expense, indemnify, defend and hold harmless PCI Pal and its Affiliates and their respective officers, directors, employees, agents and representatives (collectively “PCI Pal Indemnified Parties”) from and against any and all claims, actions, proceedings and suits brought by a third party, and any and all liabilities, losses, damages, settlements, penalties, fines, costs and expenses (including reasonable attorneys’ fees) (“Claims”) to the extent arising out of or relating to an allegation of any infringement, misappropriation or violation of any intellectual property rights by the Customer Materials or Data or PCI Pal’s use thereof as permitted under this Agreement.
- Process: The party(ies) seeking indemnification pursuant to this Clause 9 (each, an “Indemnified Party” and collectively, the “Indemnified Parties”) will give the other party (the “Indemnifying Party”) prompt notice of each Claim for which it seeks indemnification, provided that failure or delay in providing such notice will not release the Indemnifying Party from any obligations hereunder except to the extent that the Indemnifying Party is prejudiced by such failure. The Indemnified Parties will give the Indemnifying Party their reasonable cooperation in the defense of each Claim for which indemnity is sought, at the Indemnifying Party’s expense. The Indemnifying Party will keep the Indemnified Parties informed of the status of each Claim. An Indemnified Party may participate in the defense at its own expense. The Indemnifying Party will control the defense or settlement of the Claim, provided that the Indemnifying Party, without the Indemnified Parties’ prior written consent: (a) will not enter into any settlement that; (i) includes any admission of guilt or wrongdoing by any Indemnified Party; (ii) imposes any financial obligations on any Indemnified Party that Indemnified Party is not obligated to pay under this Clause 9; (iii) imposes any non-monetary obligations on any Indemnified Party; and (iv) does not include a full and unconditional release of any Indemnified Parties; and (b) will not consent to the entry of judgment, except for a dismissal with prejudice of any Claim settled as described in (a). The Indemnifying Party will ensure that any settlement into which it enters for any Claim is made confidential, except where not permitted by applicable Law.
- Infringement Remedy: In addition to PCI Pal’s obligations under Clause 9.1, if the Software or other feature within Services is held, or in PCI Pal’s opinion is likely to be held, to infringe, misappropriate or violate any Proprietary Rights, or, if based on any claimed infringement, misappropriation or violation of Proprietary Rights, an injunction is obtained, or in PCI Pal’s opinion an injunction is likely to be obtained, that would prohibit or interfere with Customer’s use of the Services under this Agreement, then PCI Pal will at its option and expense either: (a) procure for Customer the right to continue using the affected Services in accordance with the license granted under this Agreement; or (b) modify or replace the affected Services so that the modified or replacement Services are reasonably comparable in functionality, interoperability with other software and systems, and levels of security and performance and do not infringe, misappropriate or violate any third-party Proprietary Rights. If, in such circumstances, PCI Pal cannot successfully accomplish any of the foregoing actions on a commercially reasonable basis, PCI Pal will notify Customer and either party may terminate the Subscription and this Agreement, in which case PCI Pal will refund Customer any fees prepaid to PCI Pal by Customer prorated for the unused portion of the Subscription. For clarity, PCI Pal’s indemnification and defense obligations under this clause include infringement Claims based on use of the Services by Customer Indemnified Parties following an initial infringement Claim except that, if PCI Pal responds to an infringement Claim by accomplishing the solution in (b), PCI Pal will have no obligation to defend and indemnify Customer for infringement Claims arising from Customer’s use after the accomplishment of (b) of the infringing Services for which PCI Pal provided modified or replacement Services.
- Limitations
- PCI Pal will have no liability or obligation under this Clause 9 with respect to any infringement Claim to the extent attributable to any: (a) modifications to the Services not provided by PCI Pal or its personnel; (b) use of the Software in combination with third-party equipment or software not provided or made accessible by PCI Pal or not specifically referenced for use with the Services under the Service Order Form or Documentation; or (c) use of the Services by Customer in breach of this Agreement. PCI Pal’s liability under this Clause 9 with respect to any infringement Claim that is attributable to use of the Software in combination with third-party equipment or software provided or made accessible by PCI Pal or specifically referenced under the Service Order Form or Documentation is limited to PCI Pal’s proportional share of defense costs and indemnity liability based on the lesser of: (i) the value of the contribution of the Services to the total value of the actual or allegedly infringing combination; or the (relative contribution of the Services to the actual or allegedly infringed claims (e.g., the Services are alleged to satisfy one limitation of a claim with five separate limitations and PCI Pal would be responsible for a 20% share of the defense and indemnity obligations).
- Customer will have no liability or obligation under this Clause 9 with respect to any infringement Claim to the extent attributable to any: (a) modifications to the Customer Materials or Customer Data not provided by Customer or its personnel; or (b) use of the Customer Materials or Customer Data by PCI Pal in breach of this Agreement.
- This Clause 9 states the entire liability of PCI Pal with respect to infringement, misappropriation or violation of any intellectual property rights or proprietary rights of third parties by the Services or any part thereof or by any use thereof by Customer, and this Clause 9 states the entire liability of Customer with respect to infringement, misappropriation or violation of any intellectual property rights or proprietary rights of third parties by any Customer Materials, Customer Data or any part thereof or by any use, receipt, storage or processing thereof by PCI Pal.
- Not Limiting: The foregoing indemnities will not be limited in any manner whatsoever by any required or other insurance coverage maintained by a party.
- TERM AND TERMINATION
- Term: The term of this Agreement will start on the Effective Date and continue until expiration of all outstanding Service Order Forms issued hereunder (“Term”). The initial subscription period will be specified in the first Service Order Form agreed by the Customer (“Initial Subscription Term”), which, except as otherwise specified in the applicable Service Order Form, will automatically renew for successive periods equal to the Initial Subscription Term (each, a “Renewal Subscription Term”), unless either party notifies the other party in writing of its intent not to renew at prior to the start date of the upcoming Renewal Subscription Term in accordance with the termination notice period specified under the relevant Service Order Form. Pricing for Renewal Subscription Terms is subject to change. The Initial Subscription Term, the Renewal Subscription Term, are herein collectively referred as the Subscription Term.
- Termination for breach: If there is a material breach of the Agreement, by either party, which is not cured within 30 days (to the extent that such breach is capable of remedy) following receipt of written notification by the non-breaching party, then this Agreement will be terminated. Termination by PCI Pal of this Clause does not prejudice Customer’s right, and PCI Pal’s obligation, to extract or assist with the retrieval or deletion of Customer Data as set forth in Clause 10.5 following termination.
- Termination of Third Party Products: If Customer’s use of Third Party Products is terminated during the Term for any reason, Customer will promptly notify PCI Pal of such termination and either PCI Pal reserves the right to terminate this Agreement and/or any impacted Service Order Form(s) on written notice to Customer.
- Effect of termination: Upon termination or expiration of this Agreement, any licenses granted by PCI Pal to Customer shall also terminate meaning that Customers will no longer have the right to use the Software licensed under the Subscription. Customer’s access to the Platform may also be disabled and discontinued. Termination or expiration of any Subscription purchased by Customer from PCI Pal will not terminate or modify any other Subscription purchased by Customer from PCI Pal.
- Termination of this Agreement shall not affect the rights of the parties to the Agreement that may have accrued up to the date of termination.
- Clause 5 (Intellectual Property Rights), 7.2 (Confidentiality), 7.4 (Customer Data and Customer Materials), 8 (Limitations of Liability), 9 (Indemnification), 10.5 (Effect of Termination), 12 (General) and Schedule A (Definitions), together with all other provisions of this Agreement that may reasonably be interpreted or construed as surviving expiration or termination, will survive the expiration or termination of this Agreement for any reason; but the nonuse and nondisclosure obligations of Clause 7.2 will expire five years following the expiration or termination of this Agreement, except with respect to, and for as long as, any Confidential Information constitutes a trade secret.
- INSURANCE
- Coverage: Each party will obtain and maintain appropriate insurance coverage necessary to for the implementation or performance of this Agreement. PCI Pal will, at its own cost and expense, provide and maintain the following insurance coverages during the term of the Agreement and for one year after:
- public and products liability insurance that includes in an amount at least $10 million per occurrence and in the aggregate;
- workers’ compensation insurance as required by any applicable Law or regulation as well as employer’s liability insurance in an amount at least $10 million per accident;
- professional liability insurance in the amount at least $5 million in the aggregate; and
- privacy and network security (cyber) liability insurance coverage with limits of at least $5 million in the aggregate.
- Certificates: Upon reasonable request from Customer, PCI Pal will furnish Customer with certificate of insurance to evidence coverages.
- Coverage: Each party will obtain and maintain appropriate insurance coverage necessary to for the implementation or performance of this Agreement. PCI Pal will, at its own cost and expense, provide and maintain the following insurance coverages during the term of the Agreement and for one year after:
- GENERAL
- Governing Law: This Agreement shall be governed by the respective governing law, and any dispute related to this Agreement shall be subject to the exclusive jurisdiction of the respective courts, listed at https://legal.pcipal.com/termsandconditions.html#governinglaw, without reference to conflicts of law provisions. The parties agree to submit to the personal and exclusive jurisdiction and venue of such courts. The terms of the United Nations Convention on Contracts for the Sale of Goods do not apply to this Agreement. The Uniform Computer Information Transactions Act (UCITA) will not apply to this Agreement regardless of when or where adopted. The prevailing party to any dispute shall be entitled to recover its costs of enforcing a claim, including but not limited to attorney’s fees.
- Assignment: Neither party may, directly or indirectly, by operation of law or otherwise, assign (in whole or in part) this Agreement or any rights under this Agreement or delegate performance of its duties under this Agreement, without the other party’s prior written consent. This Agreement is binding and inures to the benefit of the parties’ respective successors and permitted assigns.
- Entire Agreement: This Agreement constitutes the entire agreement between Customer and PCI Pal with respect to the Services and supersedes all prior and contemporaneous agreements of the parties regarding such subject matter. This Agreement is solely between the Customer and PCI Pal. NEITHER PARTY WILL BE BOUND BY, AND EACH SPECIFICALLY OBJECTS TO, ANY PROVISION THAT IS DIFFERENT FROM OR IN ADDITION TO THIS AGREEMENT (WHETHER PROFFERED ORALLY OR IN ANY QUOTATION, PURCHASE ORDER, INVOICE, SHIPPING DOCUMENT, ONLINE TERMS AND CONDITIONS, ACCEPTANCE, CONFIRMATION, CORRESPONDENCE, OR OTHERWISE), UNLESS SUCH PROVISION IS SPECIFICALLY AGREED TO IN A WRITING.
- Force Majeure: Neither party shall be considered in default of performance under this Agreement to the extent that such performance is delayed or prevented by pandemics, epidemics, fire, flood, earthquake or similar natural disasters, riot, war, terrorism, civil strife, labor disputes or disturbances, material shortages or rationing, governmental regulations, communication or utility failures, or any other act of God, political action or causes beyond the reasonable control of the parties (a “Force Majeure Event”). If a Force Majeure Event continues for more than 30 days either party may terminate the Agreement.
- Export Laws: Each party will comply with all applicable customs and export control laws and regulations of the United States and/or such other country, in the case of the Customer, where Customer or it users use the Services and in the case of PCI Pal, where PCI Pal provides the Services. Each Party certifies that it and its personnel are not on any of the relevant U.S. Government Lists of prohibited persons, including but not limited to the Treasury Department’s List of Specially Designated Nationals and the Commerce Department’s list of Denied Persons. Neither party will export, re-export, ship, or otherwise transfer the Services or Customer Data to any country subject to an embargo or other sanction by the United States.
- Government Rights: As defined in FARS §2.101, the Software and Documentation are “commercial items” and according to Defense Federal Acquisition Regulation Supplement DFARS §252.227 and 7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation”. Consistent with FARS §12.212 and DFARS §227.7202, any use, modification, reproduction, release, performance, display or discourse of such commercial software or commercial software documentation by the U.S. government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.
- Headings: The headings throughout this Agreement are for reference purposes only, and the words contained therein will in no way be held to explain, modify, amplify or aid in the interpretation, construction or meaning of the provisions of this Agreement.
- Non-waiver: Any failure or delay by either party to exercise or partially exercise any right, power or privilege under this Agreement will not be deemed a waiver of any such right, power or privilege under this Agreement. No waiver by either party of a breach of any term, provision or condition of this Agreement by the other party will constitute a waiver of any succeeding breach of the same or any other provision hereof. No such waiver will be valid unless executed in writing by the Party making the waiver.
- Publicity: PCI Pal may use Customer’s logo on its website for publicity. Customer must not issue any publicity materials or press releases that refer to PCI Pal or use any trade name, trademark or logo of PCI Pal in any advertising, promotions or otherwise, without PCI Pal’s prior consent. PCI Pal will seek Customer’s prior written consent prior to issuing any publicity materials or press releases that refer to Customer.
- Notices: All notices under this Agreement shall be in writing and deemed to be have given when: (a) personally delivered; (b) sent by registered mail, postage prepaid (which shall be deemed to have been received on the third business day following the date on which it is mailed); or (c) sent overnight by a commercial overnight courier that provides a receipt (which shall be deemed to be received on the next business day after mailing). In the case of PCI Pal, notice shall be sent to the address for the applicable PCI Pal entity as set forth at https://legal.pcipal.com/termsandconditions.html#governinglaw. PCI Pal will send notices to Customer at the address associated with Customer’s account.
- Relationship of Parties: The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency or other relationship between the parties.
- Severability: If any provision of this Agreement is found to be illegal, invalid or unenforceable by a court of competent jurisdiction, such provision will be deleted from these Terms and the remaining provisions will continue with full force and effect.
Schedule A
Definitions and Interpretation
Definitions and Interpretation
The definitions and rules or interpretation in this section apply to this Agreement.
DEFINITIONS
“Acceptable Use Policy” | means the Acceptable Use Policy available here: https://www.pcipal.com/acceptable-use-policy/; |
“Affiliate”: | means, with respect to a party, any entity that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with such party; |
“Agreement”: | has the meaning given to it under Clause 1.2; |
“Aggregated Data”: | means numerical or non-numerical information that is collected from multiple sources and/or on multiple measures, variables, or individuals and compiled into a summary; |
“Claims”: | has the meaning given to it under Clause 9.1; |
“Confidential Information”: | has the meaning given to it under Clause 7.2; |
“Customer”: | has the meaning given to it under Clause 1.1; |
“Customer Data”: | means data, records, files, information or content, including text, sound, video, images and software, that is (a) input or uploaded by Customer or its users to or collected, received, transmitted, processed, or stored by Customer or its users using the Services in connection with this Agreement, or (b) derived from (a); |
“Customer Indemnified Parties”: | has the meaning given to it under Clause 9.1; |
“Customer Materials”: | means any property, items or materials, including Customer Data, furnished by Customer to PCI Pal for PCI Pal’s use in the performance of its obligations under this Agreement; |
“Data Privacy and Security Addendum” | means the Data Privacy and Security Addendum available here: https://legal.pcipal.com/privacy-center.html#dpsa; |
“De-identified data”: | means data where any direct or indirect identifiers or codes linking the data to the individual subject’s identity are destroyed or there is no potential for deductive disclosure; |
“Disclosing Party”: | has the meaning given to it under Clause 7.2.1; |
“Documentation”: | means the user guides, manuals, instructions, specifications, notes, documentation, printed updates, “read-me” files, release notes and other materials related to the Software (including all information included or incorporated by reference under the relevant Service Order Form), its use, operation or maintenance, together with all enhancements, modifications, derivative works, and amendments to those documents, that PCI Pal publishes or provides under this Agreement; |
“Effective Date” | means the earlier of: (a) the Subscription start date indicated on the relevant Service Order Form; (b) the date of last signature to the relevant Service Order Form; (c) or the date on which Customer uses the Services; |
“Feedback”: | has the meaning given to it under Clause 5.2; |
“Indemnified Party”: | has the meaning given to it under Clause 9.3; |
“Indemnifying Party”: | has the meaning given to it under Clause 9.3; |
“Improvements”: | has the meaning given to it under Clause 7.4.1; |
“PCI DSS”: | means Payment Card Industry Data Security Standard; |
“PCI Pal”: | means the PCI Pal entity which has signed the Service Order Form; |
“PCI Pal Indemnified Parties”: | has the meaning given to it under Clause 9.2; |
“Platform”: | has the meaning given to it under Clause 1.1; |
“Proprietary Rights”: | means all intellectual property and proprietary rights throughout the world, whether now known or hereinafter discovered or invented, including, without limitation, all: (a) patents and patent applications; (b) copyrights and mask work rights; (c) trade secrets; (d) trademarks; (e) rights in data and databases; and (f) analogous rights throughout the world; |
“Receiving Party”: | has the meaning given to it under Clause 7.2.1; |
“Service Order Form”: | means the service order form describing the Subscription and executed between the parties; |
“Service Level Agreement”: | means the PCI Pal service level agreement applicable to the Services, available here: https://www.pcipal.com/pci-pal-sla-standard-2023-v1-1-002/ or the service level agreement and associated link agreed under the applicable Service Order Form; |
“Services”: | has the meaning given to it under Clause 1.1; |
“Software”: | means the computer software in the Platform, including any patches, bug fixes, corrections, remediations, updates, upgrades, modifications, enhancements, derivative works, new releases and new versions of the Software that PCI Pal provides, or is obligated to provide, under this Agreement; |
“Statement of Work”: | means the statement of work describing the integration and/or implementation services to be delivered by PCI Pal and executed between the parties; |
“Subscription”: | means a subscription ordered by Customer under the relevant Service Order Form and fulfilled by PCI Pal for the licensing and provision of the Services described under the relevant Service Order Form; |
“Taxes”: | has the meaning given to it under Clause 1.3; |
“Term” | has the meaning given to it under Clause 10.1; |
“Third Party Products”: | means any software or service proprietary to an entity other than PCI Pal or its Affiliates that is sold or licensed separately and that may integrate or interoperate with the Services, including Customer’s payment service provider; |
“Users”: | means an employee, non-employee worker or other member of Customer or any of its Affiliates’ workforces, contractor of Customer or any of its Affiliates or other person or software program or computer systems authorized by Customer or any of its Affiliates to access and use the Software as permitted under this Agreement; and |
“Warranty Period”: | means the Subscription Term. |
INTERPRETATION
Clause, Schedule and paragraph headings shall not affect the interpretation of this Agreement.
A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this agreement. Any reference to this agreement includes the Schedules.
A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
This Agreement shall be binding on, and enure to the benefit of, the parties to this Agreement and their respective personal representatives, successors and permitted assigns, and references to any party shall include that party's personal representatives, successors and permitted assigns.
Unless expressly provided otherwise in this Agreement a reference to legislation or a legislative provision is a reference to it as amended, extended or re-enacted from time to time.
Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
A reference to this Agreement or to any other agreement or document referred to in this Agreement is a reference of this Agreement or such other agreement or document, in each case as varied from time to time.
References to clauses and Schedules are to the clauses and Schedules of this Agreement and references to paragraphs are to paragraphs of the relevant Schedule.
Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.