Skip to main content
You are viewing content for . View content for other locations.
×

Payment Services Agreement

Jump to section:



Updated Payment Services Agreement

Effective Date: The Payment Services Agreement is effective on 1 December 2020 for Merchants who signed up before 29 September 2020 or immediately for all new Merchants who signed up on or after 29 September 2020.

This Braintree Payment Services Agreement, and the agreements, policies and documents incorporated herein (this “Agreement”) is entered into by and between PayPal Australia Pty Limited (“Braintree,” “PayPal,” “we”, “us” or “our”), a division of PayPal and the entity and/or individual who enters into this Agreement (“Merchant”, “you” or “your”).

This Agreement sets out the terms and conditions under which you may utilise the Braintree Payment Services (defined below).

This Agreement becomes a legally binding contract entered into by you and made effective as of the date you do any of the following (the “Effective Date”):

Create an account on the Braintree website at www.braintreepayments.com (“Braintree Website”); Click-through this Agreement and agree to its terms; or Begin using the Braintree Payment Services. We recommend that you print a copy of this Agreement for your records.

In addition to the terms of this Agreement, as they may be amended or supplemented from time to time you are subject to the terms of:

  • our Privacy Statement;
  • our Acceptable Use Policy;
  • our PayPal Collection Notice; and
  • your Bank Agreement.

You agree to allow PayPal to obtain from a third party your credit history and financial information about your ability to perform your obligations under this Agreement in the manner set out in the Privacy Statement and PayPal Collection Notice. PayPal will review your credit and other risk factors of your account (including but not limited to, reversals and chargebacks, customer complaints, claims) on an ongoing basis. PayPal will store, use and disclose the information obtained in conformity with its Privacy Statement.

All of the above documents are incorporated by reference and form part of this Agreement. Our Privacy Statement, Acceptable Use Policy, PayPal Collection Notice and your Bank Agreement may be viewed at any time by following the “Legal” link on the Braintree Website.

Section 1 - Braintree Payment Services

1.01 “Braintree Payment Services” means:

(a) “Payment Processing Services” The payment processing services offered by PayPal include services that provide Merchants with the ability to accept credit and debit card payments on a website or mobile application. These services include Gateway Services, Bank-sponsored Merchant Account, Fraud Protection Tools (each as defined in this Agreement), recurring billing functionality, payment card storage, foreign currency acceptance, and other software, APIs and services and technology as described on the Braintree Website.

(b) “Gateway Services” The gateway services offered by PayPal include services that provide Merchants with the software and connectivity required to allow real-time secure data transmission for processing of credit and debit card payments and certain other available payment methods on a website or mobile application. The Gateway Services include those additional products and services provided by PayPal, including but not limited to the Forwarding Services and Grant Services, (“PayPal Products and Services”) which are provided subject to the additional PayPal Products and Services as set forth on the Braintree website which are incorporated into this Agreement by reference. In addition, the Gateway Services include certain payment technology services provided by third parties that are used to facilitate your processing of credit and debit card payments (“Payment Technology Services”). In order to use these services, you agree to the applicable Payment Technology Services terms as set forth on the Braintree website which are incorporated into this Agreement by reference. You acknowledge and agree that the Payment Technology Services are provided solely by the relevant third party (and not PayPal) as set forth in the applicable Payment Technology Services terms, and that PayPal will under no circumstances be responsible or liable for any damages, losses or costs whatsoever suffered or incurred by you resulting from any Payment Technology Services.

(c) “Fraud Protection Tools” means the optional fraudulent transaction management tools made available as part of the Braintree Payment Services that, if enabled by you or PayPal on your behalf, allow you to access fraudulent transaction management features to help detect fraudulent transactions based on the settings you may adopt, as described in more detail on the Braintree website (“Fraud Protection Tools”). If you elect to enable and use or disable the Fraud Protection Tools, you are responsible for determining which tools to use and for setting or modifying your filter rules, which instruct us which transactions to accept and decline on your behalf. If you set these filter rules too restrictively, you might lose sales volume. It is your responsibility to monitor your filter rules and settings on an ongoing basis. We may periodically provide helpful tips regarding what filters and settings may be appropriate for your business, based on factors such as your business profile and transaction history, however it is your responsibility to evaluate the usefulness and risk of any information, product or service. It is your sole responsibility to provide any necessary notices and disclosures, and obtain any required consents, on the use of the Fraud Protection Tools to your Customers on your website or mobile application. You shall use the Fraud Protection Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to use information obtained through the use of the Fraud Protection Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described in the applicable documentation for the Fraud Protection Tools. You acknowledge and agree that, subject to Section 7.02, PayPal does not represent or warrant that the Fraud Protection Tools are error free or that they will identify all fraudulent transaction activity. In addition, PayPal shall not be liable whether a Transaction is accepted or rejected using the Fraud Protection Tools. You are responsible for your optional use of the Fraud Protection Tools, including any filters or settings you enable.

Section 2 - Fees, Payouts and Taxes

2.01 Fees

In exchange for us providing you with the Braintree Payment Services, you agree to pay us the fees, including applicable Transaction fees and Chargeback fees: (a) as listed in the fee schedule, available at https://www.braintreepayments.com/au/braintree-pricing, and incorporated into this Agreement by reference; and

(b) as otherwise agreed with you in writing, (together the “Fees”).

Interest on any and all amounts due by you, but not yet paid to PayPal, shall accrue at a rate of the lesser of 1.0% per month or the maximum amount permitted by applicable law (“Late Fee”). In the event of a dispute made in good faith as to the amount of Fees, Merchant agrees to remit payment on any undisputed amount(s), and the Late Fee shall not accrue as to any disputed amounts unless not paid within thirty (30) calendar days after said dispute has been resolved by both parties. We may revise the Fee at any time upon at least thirty (30) days’ prior notice to you.

2.02 Payment of Fees; Payouts; Right to Set-off

Subject to the terms of this Agreement, PayPal will remit, or instruct the Acquirer to remit, to your Bank Account or to a Hyperwallet Settlement Account (if available to you), as duly nominated by you, all amounts due to you from Transactions, following the deduction of any fees, Reversals, Chargebacks, refunds or other amounts that you owe to PayPal under this Agreement. If the Payout Amount is not sufficient to cover the applicable fees or other amounts due to PayPal on any given day, you agree that, in our sole discretion and without the requirement of delivering prior notice, we may take the following actions to recover any fees or other amounts payable by you to PayPal:

(a) debit your Bank Account for the applicable amounts; and/or

(b) recover or set-off the applicable amounts against future Payout Amounts.

Merchant acknowledges and agrees that a Transaction may become subject to a Chargeback even after settlement, or otherwise be invalidated. In the event of a Chargeback or invalidated payment, you are liable for:

(a) the full amount of the original Transaction; and

(b) any Chargeback fees according to this Agreement.

Upon PayPal’s request, Merchant shall provide PayPal with all necessary bank account, routing and related information and grant PayPal any required permission to debit amounts due from your Bank Account.

2.03 Taxes Indemnity

Merchant shall pay, indemnify, and hold PayPal harmless from (i) any sales, use, excise, import or export, Goods and Services Tax, value-added, or similar tax or duty, and any other tax or duty not based on PayPal’s income; and (ii) all government permit fees, customs fees and similar fees which PayPal may incur with respect to this Agreement. Such taxes, fees and duties paid by Merchant shall not be considered a part of, a deduction from, or an offset against, payments due to PayPal hereunder.

Section 3 - Restricted Activities, Representations and Warranties

3.01 Restricted activities

In connection with your use of the Braintree Payment Services, or in the course of your interactions with PayPal, you will comply at all times with the Acceptable Use Policy.

You agree that you will not:

(a) Breach this Agreement, the Bank Agreement or any other agreement that you have entered into with us in connection with the Braintree Payment Services;

(b) Violate any rule, regulation, guideline, or bylaw of any of the Networks (the “Network Rules”), as they may be amended by the Networks from time to time. Some of the Network Rules available are: Visa and Mastercard;

(c) Use the Braintree Payment Services in a manner that could result in a violation of anti-money laundering, counter terrorist financing and similar legal and regulatory obligations (including, without limitation, where we cannot verify your identity or other required information about your business) applicable to you or PayPal;

(d) Fail to provide us with any information that we reasonably request in connection with this Agreement or your use of the Braintree Payment Services about you or your business activities, including updated business records or financial statements, or provide us with false, inaccurate or misleading information;

(e) Refuse to cooperate in an investigation or to provide confirmation of your identity, or refuse to provide any information reasonably requested by us or the Networks in connection with this Agreement or your use of the Braintree Payment Services;

(f) Reveal your access credentials to anyone else or use anyone else’s access credentials for the Braintree Payment Services. We are not responsible for losses incurred by you including, without limitation, the use of your access to the Braintree Payment Services by any person other than you, arising as the result of your misuse of access credentials or your lack of proper security controls;

(g) Integrate or use any of the Braintree Payment Services without fully complying with all requirements communicated to you by PayPal.

(h) Utilize recurring billing or card on file functionality without properly complying with Network Rules and / or applicable laws and obtaining your Customer’s consent to be billed in such a manner and / or obtaining your Customer’s consent to store their card on file for future or recurring transactions and making available a mechanism for your Customer to delete their card on file;

(i) Submit any Transaction for processing through the Braintree Payment Services which does not represent a bona fide, permissible Transaction as outlined in this Agreement and in the Network Rules, or which inaccurately describes the product or services being sold or the charitable donations being made;

(j) Process Transactions or receive payments on behalf of any other party, or (unless required by law) re-direct payments to any other party;

(k) Display with unequal size or prominence, show preference for, or discriminate again one card brand or type over another, including your refund policies for purchases; and

(l) Bill or collect from any cardholder for any purchase or payment on the card unless you have the right to do so under the Network Rules.

3.02 Representations and warranties by Merchant

(a) Merchant has the full power and authority to execute, deliver and perform this Agreement. This Agreement is valid, binding and enforceable against Merchant in accordance with its terms and no provision requiring Merchant’s performance is in conflict with its obligations under any constitutional document, charter or any other agreement (of whatever form or subject) to which Merchant is a party or by which it is bound.

(b) Merchant is duly organised, authorised and in good standing under the laws of the state, region or country of its organisation and is duly authorised to do business in all other states, regions or countries in which Merchant’s business operates.

Section 4 - Liability for Invalidated Payments and other Liabilities

You must compensate and indemnify us, PayPal, and the directors, officers, employees, contractors and related bodies corporate of us and PayPal, for any claims, losses, expenses or liability any of those indemnified may suffer or incur as a result of:

(a) a Transaction or dispute between you and your customer(s);

(b) an invalid Transaction, Refund Transaction, over-payment, Chargeback or any other related expenses, collectively “Invalidated Payments”;

(c) your breach of any applicable law, regulation or Network Rule;

(d) any error, negligence, wilful misconduct or fraud by you or your directors, officers, employees or contractors; or

(e) your failure to comply with any Payment Technology Services terms, provided that your liability under this Section 4 will be proportionately reduced to the extent that PayPal caused or contributed to, or failed to take reasonable steps to mitigate, the relevant claim, loss, expense or liability.

In the event of an Invalidated Payment or other liability, in addition to our other rights and remedies (all of which are cumulative), we may (or instruct Acquirer to) deduct, setoff or recoup the amounts due to PayPal from your Payouts. You agree to fulfill all of your obligations to each customer for which you submit a Transaction and to resolve any consumer dispute or complaint directly with your customer.

In addition to the above, if you have a past due amount owed to us or any of our affiliates under any other agreement, PayPal may, or may instruct the Acquirer to, deduct the amounts owed from your Payouts. This includes amounts owed by your use of our various products and services which may include PayPal, Xoom and Hyperwallet.

Section 5 - Actions We May Take

5.01 Actions by PayPal

If we believe that your Transactions pose an unacceptable level of risk, that you have breached the terms of this Agreement, or that your account has been compromised, we may take such action as we believe is reasonably necessary in the circumstances. The actions we may take include, but are not limited to:

(a) suspending or limiting your ability to use the Braintree Payment Services;

(b) refusing to process any Transaction;

(c) reversing a Transaction;

(d) holding your Payout Amounts or instructing an Acquirer to the same; and

(e) contacting your customers to verify Transactions and reduce potential fraud and disputes.

If possible, we will provide you with advance notice of our actions and resolution steps. However, advance notice will not be provided if there is an immediate need to take actions such as a security threat, or potential fraud or other illegal activity.

5.02 Reserves

PayPal, in its sole discretion may, or may instruct an Acquirer to, place a Reserve on a portion of your Payouts in the event that we believe there is a high level of risk associated with your business, your Bank-sponsored Merchant Account, your PayPal account or your Transactions. If PayPal imposes a Reserve, we will provide you with a notice specifying the terms of the Reserve. The terms may require: (a) that a certain percentage of your Payout Amounts are held for a certain period of time; (b) that a fixed amount of your Payout Amounts is withheld from payout to you; or (c) such other restrictions that PayPal determines are necessary to protect against the risk to us associated with our business relationship. PayPal may change the terms of the Reserve at any time by providing you with notice of the new terms. Payout Amounts subject to a Reserve are not immediately available for payout to you or for making Refund Transactions. Other restrictions described in (c) above may include: limiting Payout Amounts immediately available to you; changing the speed or method of payouts to you; setting off any amounts owed by you against your Payout Amounts and/or requiring that you, or a person associated with you, enter into other forms of security arrangements with us (for example, by providing a guarantee or requiring you to deposit funds with us as security for your obligations to us or third parties). You also agree to undertake, at your own expense, any further action (including, without limitation, executing any necessary documents and filing any document reasonably required by us to allow us to perfect any form of security interest or otherwise) required to establish a Reserve or other form of security in a manner reasonably determined by us. PayPal may hold a Reserve as long as it deems necessary, in its sole discretion, to mitigate any risks related to your Transactions. You agree that you will remain liable for all obligations related to your Transactions even after the release of any Reserve. In addition, we may require you to keep your Bank Account available for any open settlements, Chargebacks and other adjustments.

5.03 Security Interest

If, in our opinion, the Personal Property Securities Act 2009 (Cth) enables us to improve our security interest over the Reserve, you agree to do all things necessary, including obtaining the appropriate authorisations and executing any document to effect such improvement.

Section 6 - Account Security, Data, Intellectual Property, Publicity

6.01 Security of your access

You agree to:

(a) not allow anyone else to have or use your password details and to comply with all reasonable instructions we may issue regarding account access and security. In the event you share your password details, PayPal will not be liable to you for losses or damages caused by such sharing;

(b) keep your personal details up to date. We may be unable to respond to you if you contact us from an address, telephone number or email account that is not registered with us; and

(c) take all reasonable steps to protect the security of the personal electronic device through which you access the Braintree Payment Services (including, without limitation, using PIN and/or password protected personally configured device functionality to access the Braintree Payment Services and not sharing your device with other people).

6.02 Data Security Compliance.

Merchant agrees to comply with applicable data privacy and security requirements under the Payment Card Industry Data Security Standard (“Network PCI - DSS Requirements”) and any applicable Network data security requirements (including those made available by Visa, MasterCard and American Express) with regards to Merchant’s use, access, and storage of certain credit card non-public personal information (“Cardholder Information”). In order to verify your compliance with Network PCI DCC Requirements, you must complete and demonstrate certification pursuant to the requirements that we notify to you. Additionally, Merchant agrees to comply with its obligations under any applicable law or regulation as may be in effect or as may be enacted, adopted or determined regarding the confidentiality, use, and disclosure of Cardholder Information. You must report any Customer Data breach or incident to PayPal and/or the Networks immediately after discovery of the incident. You also agree to ensure data quality and that you process any Customer Data promptly, accurately and completely, and that Customer Data complies with the Networks’ technical specifications.

PayPal agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). PayPal acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that PayPal could impact the security of the cardholder data environment.

6.03 Data Protection

The parties agree to comply with the data protection addendum found here, which forms part of this Agreement. The terms of the data protection addendum prevail over any conflicting terms in this Agreement relating to data protection and privacy.

6.04 Intellectual Property.

Other than the express licenses granted by this Agreement, PayPal grants no right or license by implication, estoppel or otherwise to the Braintree Payment Service or any Intellectual Property Rights of PayPal. Each party shall retain all ownership rights, title, and interest in and to its own products and services (including in the case of PayPal, in the Braintree Payment Service) and all Intellectual Property Rights therein, subject only to the rights and licenses specifically granted herein.

6.05 Trademarks

Subject to the terms and conditions of this Agreement, PayPal grants Merchant the nonexclusive, non-sublicensable, and non-transferable right and licence to use PayPal’s trademarks used to identify the Braintree Payment Service (the “Trademarks”) during the term of this Agreement solely in conjunction with the use of the Braintree Payment Service. PayPal grants no rights in the Trademarks or in any other trademark, trade name, service mark, business name or goodwill of PayPal except as licensed hereunder or by separate written agreement of the parties. Merchant agrees that it will not at any time during or after this Agreement assert or claim any interest in or do anything that may adversely affect the validity of any Trademark (including, without limitation registering or attempting to register any Trademark). Upon expiration or termination of this Agreement, Merchant will immediately cease all display, advertising and use of all of the Trademarks and will not thereafter use, advertise or display any trademark, trade name or product designation which is, or any part of which is, similar to or confusing with any Trademark.

6.06 Licence Grant.

If you are using our software such as an API, developer’s toolkit or other software application (the “Software”) that you have downloaded to your computer, device, or other platform, then PayPal grants you a revocable, non-exclusive, non-transferable license to use the Software in accordance with the documentation accompanying the Software. This license grant includes the software and all updates, upgrades, new versions and replacement software for your use in connection with the Braintree Payment Service. You may not rent, lease or otherwise transfer your rights in the Software to a third party. You must comply with the implementation and use requirements contained in all PayPal documentation accompanying the Software. If you are not able to comply with such requirements, you must not use the Software and you may terminate this Agreement with immediate effect by notifying us accordingly. If you choose to use the Software and do not comply with PayPal’s instructions, implementation and use requirements you will be liable for all resulting damages suffered by you, PayPal and third parties. You agree not to alter, reproduce, adapt, distribute, display, publish, reverse engineer, translate, disassemble, decompile or otherwise attempt to create any source code that is derived from the Software. Upon expiration or termination of this Agreement, you will immediately cease all use of any Software.

6.07 Publicity.

Merchant hereby grants PayPal permissions to use Merchant’s name and logo in its marketing materials and at PayPal’s absolute discretion during the term of this Agreement, including but not limited to use on Braintree’s website, in customer listings, in interviews and in press releases.

6.08 Confidential Information

The parties acknowledge that in their performance of their duties hereunder either party may communicate to the other (or its designees) certain confidential and proprietary information, including without limitation information concerning the Payment Processing Services and the know-how, technology, techniques, or business or marketing plans related thereto (collectively, the “Confidential Information”) all of which are confidential and proprietary to, and trade secrets of, the disclosing party. Confidential Information does not include information that: (i) is public knowledge at the time of disclosure by the disclosing party; (ii) becomes public knowledge or known to the receiving party after disclosure by the disclosing party other than by breach of the receiving party’s obligations under this section or by breach of a third party’s confidentiality obligations; (iii) was known by the receiving party prior to disclosure by the disclosing party other than by breach of a third party’s confidentiality obligations; or (iv) is independently developed by the receiving party. As a condition to the receipt of the Confidential Information from the disclosing party, the receiving party shall: (i) not disclose in any manner, directly or indirectly, to any third party any portion of the disclosing party’s Confidential Information; (ii) not use the disclosing party’s Confidential Information in any fashion except to perform its duties hereunder or with the disclosing party’s express prior written consent; (iii) disclose the disclosing party’s Confidential Information, in whole or in part, only to its employees and agents who need to have access thereto for the receiving party’s internal business purposes; (iv) take all necessary steps to ensure that its employees and agents are informed of and comply with the confidentiality restrictions contained in this Agreement; and (v) take all necessary precautions to protect the confidentiality of the Confidential Information received hereunder and exercise at least the same degree of care in safeguarding the Confidential Information as it would with its own confidential information, and in no event shall apply less than a reasonable standard of care to prevent disclosure. The receiving party shall promptly notify the disclosing party of any unauthorised disclosure or use of the Confidential Information. The receiving party shall cooperate and assist the disclosing party in preventing or remedying any such unauthorised use or disclosure.

6.09 Data Portability

Upon any termination or expiry of this Agreement, Braintree agrees, upon written request from Merchant, to provide Merchant’s new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to Merchant’s Customers (“Card Information”). In order to do so, Merchant must provide Braintree with all requested information including proof that the Data Recipient is in compliance with the Network PCI-DSS Requirements and is level 1 PCI compliant. Braintree agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) Merchant provides Braintree with proof that the Data Recipient is in compliance with the Network PCI-DSS Requirements (Level 1 PCI compliant) by providing Braintree a certificate or report on compliance with the Network PCI-DSS Requirements from a qualified provider and any other information reasonably requested by Braintree; (b) the transfer of such Card Information is compliant with the latest version of the Network PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Network Rules, and any applicable laws, rules or regulations (including data protection laws and the Privacy Act 1988 (Cth)). Merchant agrees to indemnify, defend, and hold harmless Braintree , its parent, affiliates, officers, directors, agents, employees and suppliers from and against any lawsuit, claim, liability, loss, penalty or other expense (including solicitors’ costs on a solicitor-client basis) they may suffer or incur arising out of or in connection with the transfer of any data to a Data Recipient. The Merchant must duly execute and deliver to Braintree such instruments and documents as Braintree may reasonably require to give effect to this Section 6.09.

Section 7 - Indemnification, Limitation of Liability, Disclaimer of Warranties

7.01 Indemnification

Merchant agrees to indemnify, defend, and hold harmless PayPal, its directors, officers, employees, contractors and related bodies corporate, from and against any lawsuit, claim, loss, liability, damage, penalty or other expense (including solicitors’ fees on a solicitor/client basis, expert witness fees and other costs of defense) they may suffer or incur as a result of: (i) your breach of this Agreement or any other agreement you enter into with PayPal or its supplier in relation to your use of the Braintree Payment Services; (ii) your improper use of the Braintree Payment Services; or (iii) your violation of any applicable law, regulation, or Association Rule and requirement, including under the Privacy Act 1988 (Cth) and/or (iv) your acts or omissions.

Merchant agrees to indemnify PayPal against all costs, expense or other loss incurred by PayPal arising out of or in connection with any Chargeback or invalidated payment in respect of a Transaction in which you are the merchant.

7.02 LIMITATION OF LIABILITY

Except where we are liable by operation of a Consumer Guarantee (defined for the purposes of this Agreement as “a right or guarantee you may have under Schedule 2 of the Competition and Consumer Act 2010 (Cth) (and any equivalent State or Territory legislation) or any other legislation in relation to the supply of goods or services that cannot lawfully be excluded in respect of this Agreement”.

(a) we and our Related Bodies Corporate (as defined under the Corporations Act 2001 (Cth)) will not be liable to you for any Consequential Loss (defined for the purpose of this agreement as “any loss, damage or costs incurred by you that is indirect or consequential, as well as loss of revenue; loss of income; loss of business; loss of profits; loss of production; loss of or damage to goodwill or credit; loss of business reputation, future reputation or publicity; loss of use; loss of interest; losses arising from claims by third parties; loss of or damage to credit rating; loss of anticipated savings and/or loss or denial of opportunity”) or for loss or damage of any kind resulting from or in connection with negligence or breach of a term, condition or warranty that may otherwise be implied into this Agreement, including any such loss arising out of or in connection with our website, our Payment Services or this Agreement; and

(b) to the extent that liability is not excluded by clause 7.02(a), in no event will PayPal’s liability for a claim arising out of this Agreement or the Braintree Payment Services (when aggregated with PayPal’s liability for all other claims arising out of this Agreement and the Braintree Payment Services) exceed the net fees and charges paid or payable by you to us during the six (6) months immediately preceding the date on which the claim arises.

To the extent permitted by law, our liability to you in respect of any breach of or failure to comply with any Consumer Guarantee is limited, at our option:

(a) In the case of goods, to the repair or replacement of the goods, the supply of equivalent goods, or payment of the cost of doing any of those things; or

(b) In the case of services, to supplying the services again or payment of the cost of having the services supplied again.

7.03 Disclaimer of Warranties

We do not give any express warranty as to the suitability of the Braintree Payment Services. We do not give any implied warranties, except for any applicable Consumer Guarantees.

The parties acknowledge that the Braintree Payment Service is a computer network based service which may be subject to outages and delay occurrences. As such, subject to any applicable Consumer Guarantees, PayPal does not guarantee continuous or uninterrupted access to the Braintree Payment Services. Merchant further acknowledges that Merchant’s access to the Braintree website or to the Braintree Payment Services may be restricted to allow for repairs, maintenance, or the introduction of new facilities or services. PayPal will make reasonable efforts to ensure that Transactions are processed in a timely manner, however subject to any applicable Consumer Guarantees, PayPal will not be liable in any manner for any interruptions, outages or delay occurrences relating to the Braintree Payment Service.

Section 8 - Term and Termination; Dormancy

8.01 Term

The term of this Agreement shall commence on the Effective Date and shall continue on until terminated as set forth herein. Either party may terminate this Agreement, without cause, by providing the other party with at least thirty (30) days’ notice of its intention to terminate.

PayPal may immediately terminate this Agreement or suspend services by providing you with notice accordingly:

(a) in the event you: breach the terms of this Agreement; violate any law, regulation, or Network Rule; if, in our sole discretion, we determine your use of the Braintree Payment Services carries an undue amount of risk to PayPal, its customers or others, including credit risk, fraud risk or insolvency risk;

(b) upon request from the Networks or the card issuer; or

(c) upon order by the Acquirer; or, if in our sole discretion, we believe any other legal or risk-based reason exists.

After termination by either party as described above, Merchant shall no longer have access to, and shall cease all use of the Braintree Payment Services. Any termination of this Agreement does not relieve Merchant of any obligations to pay any fees, costs, penalties, Chargebacks or any other amounts owed by you to us as provided under this Agreement, whether accrued prior to or after termination.

8.02 Dormancy

If there is no processing activity through your Bank-sponsored Merchant Account(s) for a period of twelve (12) months or longer, PayPal may close such inactive Bank-sponsored Merchant Account(s) and terminate the Gateway Services upon written notice. You will remain liable for all outstanding obligations under this Agreement related to you Bank-sponsored Merchant Account(s) prior to closure.

Section 9 - General Provisions

9.01 Independent Contractors

The relationship of PayPal and Merchant is that of independent contractors. Neither party nor any of its employees, consultants, contractors or agents are agents, employees, partners or joint venturers of the other party, nor do they have any authority to bind the other party by contract or otherwise to any obligation. None of such parties will represent anything to the contrary, either expressly, implicitly, by appearance or otherwise.

9.02 Severability

If any provision (or part of a provision) of this Agreement is held by a court of competent jurisdiction to be invalid, void or unenforceable for any reason, the remaining provisions (or parts of the relevant provision) not so declared shall nevertheless continue in full force and effect, but shall be construed in a manner so as to effectuate the intent of this Agreement as a whole, notwithstanding such stricken provision or provisions (or parts thereof).

9.03 Waiver

No term or provision of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the party claimed to have waived or consented. Any consent by any party to, or waiver of, a breach by the other party, whether express or implied, shall not constitute a consent to, waiver of, or excuse for any different or subsequent breach.

9.04 Assignment

This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns. Merchant may not assign this Agreement without the prior written consent of PayPal. PayPal may assign this Agreement in its sole discretion without the written consent of Merchant. PayPal will notify Merchant of such an assignment.

9.05 Amendment

We may amend this Agreement at any time by posting a revised version of it on our website under the “Legal” section of our website. The revised version will be effective at the time we post it. In addition, if our changes reduce your rights or increase your responsibilities, we will provide you with at least thirty (30) days’ prior notice by posting notice under the “Policy Updates” section contained in the “Legal” section of our website. If you do not agree to the updated terms, you can terminate your Agreement by providing us with notice in the manner indicated below in Section 9.10. If you provide us with termination notice within thirty (30) days of the date of update, then your current terms and conditions shall apply during this notice period.

9.06 Entire Agreement; Binding Effect

This Agreement, including all schedules, exhibits and attachments thereto, sets forth the entire agreement and understanding of the parties hereto in respect to the subject matter contained herein, and supersedes all prior agreements, promises, covenants, arrangements, communications, representations or warranties, whether oral or written, by any officer, partner, employee or representative of any party hereto. Nothing in this Agreement, however, limits any liability either party may have in connection with any representations or other communications (either verbal or written) made prior to or during the term of these Agreement, where such liability cannot be excluded (including under section 18 of the Australian Consumer Law). This Agreement shall be binding upon and shall inure only to the benefit of the parties hereto and their respective successors and assigns. Nothing in this Agreement, express or implied, is intended to confer or shall be deemed to confer upon any persons or entities not parties to this Agreement, any rights or remedies under or by reason of this Agreement.

9.07 Survival

Merchant remains liable under this Agreement in respect to all charges and other amounts incurred through the use of the Braintree Payment Services at any time, irrespective of termination of this Agreement. All representations, covenants and warranties shall survive the execution of this Agreement, and all terms that by their nature are continuing shall survive the termination or expiration of this Agreement.

9.08 Contact for inquiries, communication and availability of contractual documents

If you have a question or complaint relating to the Braintree Payment Services or your Transactions, please contact the PayPal customer support as defined in the “contact” tab of the Braintree Website.

All information relating to the services described in this Agreement and all customer service support and other communication during the contractual relationship will be provided in the English language only. The general terms and conditions for the Braintree Payment Services will be available at all times on www.braintreepayments.com in the “Legal” tab, and/or be made available during signup process as an electronic copy per e-mail. You may request at any time free of charge an electronic copy of your contractual documents.

9.09 Dispute resolution

Any dispute between the parties in relation to this Agreement (a “Relevant Dispute”) shall be resolved in accordance with the following provisions. In the case of referrals to representatives of the parties, such representatives shall act in good faith and use bona fide efforts to attempt to resolve the Relevant Dispute.

The Relevant Dispute shall in the first instance be referred to each party’s nominated person. If the Relevant Dispute is not resolved within 10 Business Days of its referral, it shall be referred to a senior employee of the Merchant and to a Director of the PayPal management team. If the Relevant Dispute is not resolved following its referral to a senior employee of the Merchant and to a Director of the PayPal management team, the Relevant Dispute will be mediated by the Australian Disputes Centre (“ADC”). The mediation will be conducted in Sydney and in accordance with the ADC Guidelines for Commercial Mediation (the “Guidelines”) operating at the time the matter is referred to ADC.

9.10 Notices, Governing Law, and Jurisdiction

Merchant agrees that PayPal may provide notices and disclosures to Merchant by posting them on Braintree’s website or by emailing them to Merchant. Notices and disclosures posted on Braintree’s website or emailed shall be considered to be received by you within twenty-four (24) hours of the time it is posted to our website or emailed to you, unless we receive notice that the email was not delivered. Furthermore, you understand and agree that if PayPal sends you an email but you do not receive it because your primary email address on file is incorrect, out of date, blocked by your service provider, or you are otherwise unable to receive electronic communications, PayPal will still be deemed to have provided the communication to you. You also agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy. In addition, PayPal may send Merchant emails, including, but not limited to in relation to product updates, new features and offers and Merchant hereby consents to such email notification.

Notice to PayPal must be sent by postal mail to PayPal Australia Pty Limited, Attention: Head of Legal, Locked Bag 10, Australia Square PO, Sydney NSW 1215.

The Parties choose the law in force in New South Wales, Australia as the governing law of this Agreement. The competent courts of New South Wales, Australia shall have exclusive jurisdiction over all disputes arising out of or in connection with this Agreement, subject to the mediation requirements as set forth in Section 9.09.

Definitions

“Acceptable Use Policy” means the policy set out at https://www.braintreepayments.com/legal/acceptable-use-policy

“Acquirer” means the financial institution that provides acquiring services to Merchant under the terms of the Bank Agreement.

“Agreement”: means this Braintree Payment Services Agreement, including all other agreements, policies and documents incorporated herein.

“Bank Account” means the bank account that you specify to receive your Payout Amounts.

“Bank Agreement”: means the agreement between you and National Australia Bank Limited set out at https://www.braintreepayments.com/legal/bank-agreement.

“Bank-sponsored Merchant Account” means the merchant account(s) provisioned to Merchant by Acquirer for use as part of the Braintree Payment Services under the terms of the Bank Agreement.

“Braintree Dashboard” is the web view where you can access, view and create your PayPal Transactions.

“Business Day” means a day on which banks are open for general business in New South Wales, Australia, other than a Saturday or Sunday or a public holiday.

“Cardholder Information” has the definition ascribed to such term in Section 6.02.

“Chargeback” means a challenge to a payment that a buyer files directly with his or her credit card issuer or company.

“Customer(s)” means the customer(s) of the Merchant.

“Customer Data” means all information, including personal data, that (i) Customer provides to Merchant and Merchant passes on to PayPal through the use by Merchant of the Braintree Payment Services and (ii) PayPal collects from the Customer’s device and browser through use by Merchant of the Braintree Payment Services.

“Hyperwallet” means Hyperwallet Systems Australia Pty Ltd (ABN 38 616 937 716) and its affiliates and assigns.

“Hyperwallet Customer Funds Account” means a pooled Hyperwallet funds account designated for the benefit of merchants and segregated from Hyperwallet’s proprietary operating accounts where your funds are held in accordance with the Hyperwallet terms of service.

“Intellectual Property” means all of the following owned by a party: (a) trademarks and service marks (registered and unregistered) and trade names, and goodwill associated therewith; (b) patents, patentable inventions, computer programs, and software; (c) databases; (d) trade secrets and the right to limit the use or disclosure thereof; (e) copyrights in all works, including software programs; and (f) domain names.

“Intellectual Property Rights” means the rights owned by a party in its Intellectual Property.

“Invalidated Payment” means an invalid Transaction, refund Transaction, over-payment, Chargeback or any other expenses.

“Merchant”, “you” or “your” means the entity and/or individual who enters into this Agreement.

“Networks” means, collectively, Visa, Mastercard, Discover, American Express, any ATM or debit network, and the other financial service card organisations.

“Network PCI-DSS Requirements” means the data privacy and security requirements under the Payment Card Industry Data Security Standard.

“Network Rules” means any rule, regulation, guideline, or bylaw of any of the Networks.

“PayPal”, “Braintree”, “we”, “us” or “our” means PayPal Australia Pty Limited (ABN 93 111 195 389) whose address is Level 24, 1 York Street, Sydney NSW 2000.

“Payout Amount” means any amount due and recorded by the acquiring bank as a Transaction (less the sum of all Refund Transactions, Chargebacks, Reversals and any applicable charges or fees).

“Privacy Statement” means the policy set out at https://www.braintreepayments.com/legal/braintree-privacy-policy

“Reversal”: means any payment that PayPal reverses, or instructs Acquirer to reverse, to your customer because the payment: (a) violates, or we reasonably suspect such payment may violate, the Acceptable Use Policy; and/or (b) has been categorised for reversal by PayPal’s risk models. The term “Reversed” shall be construed accordingly.

“Refund Transaction” is any refund issued by you through the Braintree Dashboard or through your API access.

“Reserve” means an amount or percentage of your Payout Amounts that we hold or we instruct Acquirer to hold as permitted under Section 5.02 in order to protect against the risk of Reversals, Chargebacks, or any other risk, exposure and/or potential liability to us related to your use of the Braintree Payment Services.

“Restricted Activities” means any breaches of our Acceptable Use Policy and any activity specified in Section 3.01 above.

“Transaction” means a transfer of funds between you and a Customer using the Braintree Payment Services.




Current Payment Services Agreement

Effective Date: The Payment Services Agreement is effective on 23 December 2019 for Merchants who signed up before 19 November 2019 or immediately for all new Merchants who signed up on or after 19 November 2019.

This Braintree Payment Services Agreement, and the agreements, policies and documents incorporated herein (this “Agreement”) is entered into by and between Braintree (“Braintree,” “we”, “us” or “our”), a division of PayPal and the entity and/or individual who enters into this Agreement (“Merchant”, “you” or “your”).

This Agreement sets out the terms and conditions under which you may utilise the Braintree Payment Services (defined below).

This Agreement becomes a legally binding contract entered into by you and made effective as of the date you do any of the following (the “Effective Date”):

Create an account on the Braintree website at www.braintreepayments.com (“Braintree Website”); Click-through this Agreement and agree to its terms; or Begin using the Braintree Payment Services. We recommend that you print a copy of this Agreement for your records.

In addition to the terms of this Agreement, as they may be amended or supplemented from time to time you are subject to the terms of:

  • our Privacy Policy;
  • our Acceptable Use Policy; and
  • your Bank Agreement.

All of the above documents are incorporated by reference and form part of this Agreement. Our Privacy Policy, Acceptable Use Policy and your Bank Agreement may be viewed at any time by following the “Legal” link on the Braintree Website.

Section 1 - Braintree Payment Services

1.01 “Braintree Payment Services” means:

(a) “Payment Processing Services” The payment processing services offered by Braintree include services that provide Merchants with the ability to accept credit and debit card payments on a website or mobile application. These services include Gateway Services, Bank-sponsored Merchant Account, Fraud Maintenance Tools (each as defined in this Agreement), recurring billing functionality, payment card storage, foreign currency acceptance, and other software, APIs and services and technology as described on the Braintree Website.

(b) “Gateway Services” The gateway services offered by Braintree include services that provide Merchants with the software and connectivity required to allow real-time secure data transmission for processing of credit and debit card payments and certain other available payment methods on a website or mobile application. The Gateway Services include those additional products and services provided by Braintree, including but not limited to the Forwarding Services and Grant Services, (“PayPal Products and Services”) which are provided subject to the additional PayPal Products and Services as set forth on the Braintree website which are incorporated into this Agreement by reference. In addition, the Gateway Services include certain payment technology services provided by third parties that are used to facilitate your processing of credit and debit card payments (“Payment Technology Services”). In order to use these services, you agree to the applicable Payment Technology Services terms as set forth on the Braintree website which are incorporated into this Agreement by reference. You acknowledge and agree that the Payment Technology Services are provided solely by the relevant third party (and not PayPal) as set forth in the applicable Payment Technology Services terms, and that PayPal will under no circumstances be responsible or liable for any damages, losses or costs whatsoever suffered or incurred by you resulting from any Payment Technology Services.

(c) “Fraud Maintenance Tools” means the optional fraudulent transaction management tools made available as part of the Braintree Payment Services that, if enabled by you or Braintree on your behalf, allow you to access fraudulent transaction management features to help detect fraudulent transactions based on the settings you may adopt, as described in more detail on the Braintree website (“Fraud Maintenance Tools”). If you elect to enable and use or disable the Fraud Maintenance Tools, you are responsible for determining which tools to use and for setting or modifying your own filter rules, which instruct us which transactions to accept and decline on your behalf. If you set these filter rules too restrictively, you might lose sales volume. It is your responsibility to monitor your filter rules and settings on an ongoing basis. We may periodically provide helpful tips regarding what filters and settings may be appropriate for your business, based on factors such as your business profile and transaction history, however it is your responsibility to evaluate the usefulness and risk of any information, product or service. It is your sole responsibility to provide any necessary notices and disclosures, and obtain any required consents, on the use of the Fraud Maintenance Tools to your Customers on your website or mobile application. You shall use the Fraud Maintenance Tools in accordance with the applicable guides and other documentation made available by us, and you shall not use or permit others to use information obtained through the use of the Fraud Maintenance Tools for any purpose other than in conjunction with the Payment Processing Services and in a manner described in the applicable documentation for the Fraud Maintenance Tools. You acknowledge and agree that, subject to Section 7.02, Braintree does not represent or warrant that the Fraud Maintenance Tools are error free or that they will identify all fraudulent transaction activity. In addition, Braintree shall not be liable whether a Transaction is accepted or rejected using the Fraud Maintenance Tools. You are responsible for your optional use of the Fraud Maintenance Tools, including any filters or settings you enable.

Section 2 - Fees, Payouts and Taxes

2.01 Fees

In exchange for us providing you with the Braintree Payment Services, you agree to pay us the fees, including applicable Transaction fees and Chargeback fees: (a) as listed in the fee schedule, available at https://www.braintreepayments.com/au/braintree-pricing, and incorporated into this Agreement by reference; and

(b) as otherwise agreed with you in writing, (together the “Fees”).

Interest on any and all amounts due by you, but not yet paid to Braintree, shall accrue at a rate of the lesser of 1.0% per month or the maximum amount permitted by applicable law (“Late Fee”). In the event of a dispute made in good faith as to the amount of Fees, Merchant agrees to remit payment on any undisputed amount(s), and the Late Fee shall not accrue as to any disputed amounts unless not paid within thirty (30) calendar days after said dispute has been resolved by both parties. We may revise the Fee at any time upon at least thirty (30) days’ prior notice to you.

2.02 Payment of Fees; Payouts; Right to Set-off

Subject to the terms of this Agreement, Braintree will remit, or instruct the Acquirer to remit, to your Bank Account or to a Hyperwallet Settlement Account (if available to you), as duly nominated by you, all amounts due to you from Transactions, following the deduction of any fees, Reversals, Chargebacks, refunds or other amounts that you owe to Braintree under this Agreement. If the Payout Amount is not sufficient to cover the applicable fees or other amounts due to Braintree on any given day, you agree that, in our sole discretion and without the requirement of delivering prior notice, we may take the following actions to recover any fees or other amounts payable by you to Braintree:

(a) debit your Bank Account for the applicable amounts; and/or

(b) recover or set-off the applicable amounts against future Payout Amounts.

Merchant acknowledges and agrees that a Transaction may become subject to a Chargeback even after settlement, or otherwise be invalidated. In the event of a Chargeback or invalidated payment, you are liable for:

(a) the full amount of the original Transaction; and

(b) any Chargeback fees according to this Agreement.

Upon Braintree’s request, Merchant shall provide Braintree with all necessary bank account, routing and related information and grant Braintree any required permission to debit amounts due from your Bank Account.

2.03 Taxes Indemnity

Merchant shall pay, indemnify, and hold Braintree harmless from (i) any sales, use, excise, import or export, Goods and Services Tax, value-added, or similar tax or duty, and any other tax or duty not based on Braintree’s income; and (ii) all government permit fees, customs fees and similar fees which Braintree may incur with respect to this Agreement. Such taxes, fees and duties paid by Merchant shall not be considered a part of, a deduction from, or an offset against, payments due to Braintree hereunder.

Section 3 - Restricted Activities, Representations and Warranties

3.01 Restricted activities

In connection with your use of the Braintree Payment Services, or in the course of your interactions with Braintree, you will comply at all times with the Acceptable Use Policy.

You agree that you will not:

(a) Breach this Agreement, the Bank Agreement or any other agreement that you have entered into with us in connection with the Braintree Payment Services;

(b) Violate any rule, regulation, guideline, or bylaw of any of the Networks (the “Network Rules”), as they may be amended by the Networks from time to time. Some of the Network Rules available are: Visa and Mastercard;

(c) Use the Braintree Payment Services in a manner that could result in a violation of anti-money laundering, counter terrorist financing and similar legal and regulatory obligations (including, without limitation, where we cannot verify your identity or other required information about your business) applicable to you or Braintree;

(d) Fail to provide us with any information that we reasonably request in connection with this Agreement or your use of the Braintree Payment Services about you or your business activities, including updated business records or financial statements, or provide us with false, inaccurate or misleading information;

(e) Refuse to cooperate in an investigation or to provide confirmation of your identity, or refuse to provide any information reasonably requested by us or the Networks in connection with this Agreement or your use of the Braintree Payment Services;

(f) Reveal your access credentials to anyone else or use anyone else’s access credentials for the Braintree Payment Services. We are not responsible for losses incurred by you including, without limitation, the use of your access to the Braintree Payment Services by any person other than you, arising as the result of your misuse of access credentials or your lack of proper security controls;

(g) Integrate or use any of the Braintree Payment Services without fully complying with all requirements communicated to you by Braintree.

(h) Utilize recurring billing or card on file functionality without properly complying with Network Rules and / or applicable laws and obtaining your Customer’s consent to be billed in such a manner and / or obtaining your Customer’s consent to store their card on file for future or recurring transactions and making available a mechanism for your Customer to delete their card on file;

(i) Submit any Transaction for processing through the Braintree Payment Services which does not represent a bona fide, permissible Transaction as outlined in this Agreement and in the Network Rules, or which inaccurately describes the product or services being sold or the charitable donations being made;

(j) Process Transactions or receive payments on behalf of any other party, or (unless required by law) re-direct payments to any other party;

(k) Display with unequal size or prominence, show preference for, or discriminate again one card brand or type over another, including your refund policies for purchases; and

(l) Bill or collect from any cardholder for any purchase or payment on the card unless you have the right to do so under the Network Rules. 

3.02 Representations and warranties by Merchant

(a) Merchant has the full power and authority to execute, deliver and perform this Agreement. This Agreement is valid, binding and enforceable against Merchant in accordance with its terms and no provision requiring Merchant’s performance is in conflict with its obligations under any constitutional document, charter or any other agreement (of whatever form or subject) to which Merchant is a party or by which it is bound.

(b) Merchant is duly organised, authorised and in good standing under the laws of the state, region or country of its organisation and is duly authorised to do business in all other states, regions or countries/regions in which Merchant’s business operates.

Section 4 - Liability for Invalidated Payments and other Liabilities

You must compensate and indemnify us, PayPal, and the directors, officers, employees, contractors and related bodies corporate of us and PayPal, for any claims, losses, expenses or liability any of those indemnified may suffer or incur as a result of:

(a) a Transaction or dispute between you and your customer(s);

(b) an invalid Transaction, Refund Transaction, over-payment, Chargeback or any other related expenses, collectively “Invalidated Payments”;

(c) your breach of any applicable law, regulation or Network Rule;

(d) any error, negligence, wilful misconduct or fraud by you or your directors, officers, employees or contractors; or

(e) your failure to comply with any Payment Technology Services terms, provided that your liability under this Section 4 will be proportionately reduced to the extent that Braintree caused or contributed to, or failed to take reasonable steps to mitigate, the relevant claim, loss, expense or liability.

In the event of an Invalidated Payment or other liability, in addition to our other rights and remedies (all of which are cumulative), we may (or instruct Acquirer to) deduct, setoff or recoup the amounts due to Braintree from your Payouts. You agree to fulfill all of your obligations to each customer for which you submit a Transaction and to resolve any consumer dispute or complaint directly with your customer.

In addition to the above, if you have a past due amount owed to us or any of our affiliates under any other agreement, Braintree may, or may instruct the Acquirer to, deduct the amounts owed from your Payouts. This includes amounts owed by your use of our various products and services which may include PayPal, Xoom and Hyperwallet.

Section 5 - Actions We May Take

5.01 Actions by Braintree

If we believe that your Transactions pose an unacceptable level of risk, that you have breached the terms of this Agreement, or that your account has been compromised, we may take such action as we believe is reasonably necessary in the circumstances. The actions we may take include, but are not limited to:

(a) suspending or limiting your ability to use the Braintree Payment Services;

(b) refusing to process any Transaction;

(c) reversing a Transaction;

(d) holding your Payout amounts or instructing an Acquirer to do the same; and

(e) contacting your customers to verify Transactions and reduce potential fraud and disputes.

If possible, we will provide you with advance notice of our actions and resolution steps. However, advance notice will not be provided if there is an immediate need to take actions such as a security threat, or potential fraud or other illegal activity.

5.02 Reserves

Braintree, in its sole discretion may, or may instruct an Acquirer to, place a Reserve on a portion of your Payouts in the event that we believe there is a high level of risk associated with your business, your Bank-sponsored Merchant Account, your PayPal account or your Transactions. If Braintree imposes a Reserve, we will provide you with a notice specifying the terms of the Reserve. The terms may require: (a) that a certain percentage of your Payout Amounts are held for a certain period of time; (b) that a fixed amount of your Payout Amounts is withheld from payout to you; or (c) such other restrictions that Braintree determines are necessary to protect against the risk to us associated with our business relationship. Braintree may change the terms of the Reserve at any time by providing you with notice of the new terms. Payout Amounts subject to a Reserve are not immediately available for payout to you or for making Refund Transactions. Other restrictions described in (c) above may include: limiting Payout Amounts immediately available to you; changing the speed or method of payouts to you; setting off any amounts owed by you against your Payout Amounts and/or requiring that you, or a person associated with you, enter into other forms of security arrangements with us (for example, by providing a guarantee or requiring you to deposit funds with us as security for your obligations to us or third parties). You also agree to undertake, at your own expense, any further action (including, without limitation, executing any necessary documents and filing any document reasonably required by us to allow us to perfect any form of security interest or otherwise) required to establish a Reserve or other form of security in a manner reasonably determined by us. Braintree may hold a Reserve as long as it deems necessary, in its sole discretion, to mitigate any risks related to your Transactions. You agree that you will remain liable for all obligations related to your Transactions even after the release of any Reserve. In addition, we may require you to keep your Bank Account available for any open settlements, Chargebacks and other adjustments.

5.03 Security Interest

If, in our opinion, the Personal Property Securities Act 2009 (Cth) enables us to improve our security interest over the Reserve, you agree to do all things necessary, including obtaining the appropriate authorisations and executing any document to effect such improvement.

Section 6 - Account Security, Data, Intellectual Property, Publicity

6.01 Security of your access

You agree to:

(a) not allow anyone else to have or use your password details and to comply with all reasonable instructions we may issue regarding account access and security. In the event you share your password details, Braintree will not be liable to you for losses or damages caused by such sharing;

(b) keep your personal details up to date. We may be unable to respond to you if you contact us from an address, telephone number or email account that is not registered with us; and

(c) take all reasonable steps to protect the security of the personal electronic device through which you access the Braintree Payment Services (including, without limitation, using PIN and/or password protected personally configured device functionality to access the Braintree Payment Services and not sharing your device with other people).

6.02 Data Security Compliance.

Merchant agrees to comply with applicable data privacy and security requirements under the Payment Card Industry Data Security Standard (“Network PCI - DSS Requirements”) and any applicable Network data security requirements (including those made available by Visa, MasterCard and American Express) with regards to Merchant’s use, access, and storage of certain credit card non-public personal information (“Cardholder Information”). In order to verify your compliance with Network PCI DCC Requirements, you must complete and demonstrate certification pursuant to the requirements that we notify to you. Additionally, Merchant agrees to comply with its obligations under any applicable law or regulation as may be in effect or as may be enacted, adopted or determined regarding the confidentiality, use, and disclosure of Cardholder Information. You must report any Customer Data breach or incident to Braintree and/or the Networks immediately after discovery of the incident. You also agree to ensure data quality and that you process any Customer Data promptly, accurately and completely, and that Customer Data complies with the Networks’ technical specifications.

Braintree agrees to comply with the applicable Payment Card Industry Data Security Standard ("PCI DSS"). Braintree acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that Braintree could impact the security of the cardholder data environment.

6.03 Ownership of Data

All Customer Data shall be owned by Merchant and Merchant hereby grants Braintree a perpetual, irrevocable, sub-licensable, assignable, worldwide, royalty-free license to use, reproduce, electronically distribute, and display the Customer Data for the purposes of (i) providing and improving the Braintree Payment Services, including the collection, processing and use of Customer Data for the purposes of Braintree providing and improving the Fraud Maintenance Tools as part of the Braintree Payment Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymised and aggregated with other customer data; (iii) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws; and (iv) any other purpose for which consent has been provided by the Customer. Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Customer Data as described in sub-paragraphs (i) to (iii) above.

6.04 Data Protection

The data protection terms applicable to this Agreement are set out in Exhibit A (Data Protection Addendum) and are incorporated by reference into this Agreement.

6.05 Intellectual Property.

Other than the express licenses granted by this Agreement, Braintree grants no right or license by implication, estoppel or otherwise to the Braintree Payment Service or any Intellectual Property Rights of Braintree. Each party shall retain all ownership rights, title, and interest in and to its own products and services (including in the case of Braintree, in the Braintree Payment Service) and all Intellectual Property Rights therein, subject only to the rights and licenses specifically granted herein.

6.06 Trademarks

Subject to the terms and conditions of this Agreement, Braintree grants Merchant the nonexclusive, non-sublicensable, and non-transferable right and licence to use Braintree’s trademarks used to identify the Braintree Payment Service (the “Trademarks”) during the term of this Agreement solely in conjunction with the use of the Braintree Payment Service. Braintree grants no rights in the Trademarks or in any other trademark, trade name, service mark, business name or goodwill of Braintree except as licensed hereunder or by separate written agreement of the parties. Merchant agrees that it will not at any time during or after this Agreement assert or claim any interest in or do anything that may adversely affect the validity of any Trademark (including, without limitation registering or attempting to register any Trademark). Upon expiration or termination of this Agreement, Merchant will immediately cease all display, advertising and use of all of the Trademarks and will not thereafter use, advertise or display any trademark, trade name or product designation which is, or any part of which is, similar to or confusing with any Trademark.

6.07 Licence Grant.

If you are using our software such as an API, developer’s toolkit or other software application (the “Software”) that you have downloaded to your computer, device, or other platform, then Braintree grants you a revocable, non-exclusive, non-transferable license to use the Software in accordance with the documentation accompanying the Software. This license grant includes the software and all updates, upgrades, new versions and replacement software for your use in connection with the Braintree Payment Service. You may not rent, lease or otherwise transfer your rights in the Software to a third party. You must comply with the implementation and use requirements contained in all Braintree documentation accompanying the Software. If you are not able to comply with such requirements, you must not use the Software and you may terminate this Agreement with immediate effect by notifying us accordingly. If you choose to use the Software and do not comply with Braintree’s instructions, implementation and use requirements you will be liable for all resulting damages suffered by you, PayPal and third parties. You agree not to alter, reproduce, adapt, distribute, display, publish, reverse engineer, translate, disassemble, decompile or otherwise attempt to create any source code that is derived from the Software. Upon expiration or termination of this Agreement, you will immediately cease all use of any Software.

6.08 Publicity.

Merchant hereby grants Braintree permissions to use Merchant’s name and logo in its marketing materials and at Braintree’s absolute discretion during the term of this Agreement, including but not limited to use on Braintree’s website, in customer listings, in interviews and in press releases.

6.09 Confidential Information

The parties acknowledge that in their performance of their duties hereunder either party may communicate to the other (or its designees) certain confidential and proprietary information, including without limitation information concerning the Payment Processing Services and the know-how, technology, techniques, or business or marketing plans related thereto (collectively, the “Confidential Information”) all of which are confidential and proprietary to, and trade secrets of, the disclosing party. Confidential Information does not include information that: (i) is public knowledge at the time of disclosure by the disclosing party; (ii) becomes public knowledge or known to the receiving party after disclosure by the disclosing party other than by breach of the receiving party’s obligations under this section or by breach of a third party’s confidentiality obligations; (iii) was known by the receiving party prior to disclosure by the disclosing party other than by breach of a third party’s confidentiality obligations; or (iv) is independently developed by the receiving party. As a condition to the receipt of the Confidential Information from the disclosing party, the receiving party shall: (i) not disclose in any manner, directly or indirectly, to any third party any portion of the disclosing party’s Confidential Information; (ii) not use the disclosing party’s Confidential Information in any fashion except to perform its duties hereunder or with the disclosing party’s express prior written consent; (iii) disclose the disclosing party’s Confidential Information, in whole or in part, only to its employees and agents who need to have access thereto for the receiving party’s internal business purposes; (iv) take all necessary steps to ensure that its employees and agents are informed of and comply with the confidentiality restrictions contained in this Agreement; and (v) take all necessary precautions to protect the confidentiality of the Confidential Information received hereunder and exercise at least the same degree of care in safeguarding the Confidential Information as it would with its own confidential information, and in no event shall apply less than a reasonable standard of care to prevent disclosure. The receiving party shall promptly notify the disclosing party of any unauthorised disclosure or use of the Confidential Information. The receiving party shall cooperate and assist the disclosing party in preventing or remedying any such unauthorised use or disclosure.

Section 7 - Indemnification, Limitation of Liability, Disclaimer of Warranties

7.01 Indemnification

Merchant agrees to indemnify, defend, and hold harmless Braintree, PayPal, its directors, officers, employees, contractors and related bodies corporate, from and against any lawsuit, claim, loss, liability, damage, penalty or other expense (including solicitors’ fees on a solicitor/client basis, expert witness fees and other costs of defense) they may suffer or incur as a result of: (i) your breach of this Agreement or any other agreement you enter into with Braintree or its supplier in relation to your use of the Braintree Payment Services; (ii) your improper use of the Braintree Payment Services; or (iii) your violation of any applicable law, regulation, or Association Rule and requirement, including under the Privacy Act 1988 (Cth) and/or (iv) your acts or omissions.

Merchant agrees to indemnify Braintree against all costs, expense or other loss incurred by Braintree arising out of or in connection with any Chargeback or invalidated payment in respect of a Transaction in which you are the merchant.

7.02 LIMITATION OF LIABILITY

Except where we are liable by operation of a Consumer Guarantee (defined for the purposes of this Agreement as “a right or guarantee you may have under Schedule 2 of the Competition and Consumer Act 2010 (Cth) (and any equivalent State or Territory legislation) or any other legislation in relation to the supply of goods or services that cannot lawfully be excluded in respect of this Agreement”.

(a) we and our Related Bodies Corporate (as defined under the Corporations Act 2001 (Cth)) will not be liable to you for any Consequential Loss (defined for the purpose of this agreement as “any loss, damage or costs incurred by you that is indirect or consequential, as well as loss of revenue; loss of income; loss of business; loss of profits; loss of production; loss of or damage to goodwill or credit; loss of business reputation, future reputation or publicity; loss of use; loss of interest; losses arising from claims by third parties; loss of or damage to credit rating; loss of anticipated savings and/or loss or denial of opportunity”) or for loss or damage of any kind resulting from or in connection with negligence or breach of a term, condition or warranty that may otherwise be implied into this Agreement, including any such loss arising out of or in connection with our website, our Payment Services or this Agreement; and

(b) to the extent that liability is not excluded by clause 7.02(a), in no event will PayPal’s liability for a claim arising out of this Agreement or the Braintree Payment Services (when aggregated with PayPal’s liability for all other claims arising out of this Agreement and the Braintree Payment Service) exceed the net fees and charges paid or payable by you to us during the six (6) months immediately preceding the date on which the claim arises.

To the extent permitted by law, our liability to you in respect of any breach of or failure to comply with any Consumer Guarantee is limited, at our option:

(a) In the case of goods, to the repair or replacement of the goods, the supply of equivalent goods, or payment of the cost of doing any of those things; or

(b) In the case of services, to supplying the services again or payment of the cost of having the services supplied again.

7.03 Disclaimer of Warranties

We do not give any express warranty as to the suitability of the Braintree Payment Services. We do not give any implied warranties, except for any applicable Consumer Guarantees.

The parties acknowledge that the Braintree Payment Service is a computer network based service which may be subject to outages and delay occurrences. As such, subject to any applicable Consumer Guarantees, Braintree does not guarantee continuous or uninterrupted access to the Braintree Payment Services. Merchant further acknowledges that Merchant’s access to the Braintree website or to the Braintree Payment Services may be restricted to allow for repairs, maintenance, or the introduction of new facilities or services. Braintree will make reasonable efforts to ensure that Transactions are processed in a timely manner, however subject to any applicable Consumer Guarantees, Braintree will not be liable in any manner for any interruptions, outages or delay occurrences relating to the Braintree Payment Service.

Section 8 - Term and Termination; Dormancy

8.01 Term

The term of this Agreement shall commence on the Effective Date and shall continue on until terminated as set forth herein. Either party may terminate this Agreement, without cause, by providing the other party with at least thirty (30) days’ notice of its intention to terminate.

PayPal may immediately terminate this Agreement or suspend services by providing you with notice accordingly:

(a) in the event you: breach the terms of this Agreement; violate any law, regulation, or Network Rule; if, in our sole discretion, we determine your use of the Braintree Payment Services carries an undue amount of risk to PayPal, its customers or others, including credit risk, fraud risk or insolvency risk;

(b) upon request from the Networks or the card issuer; or

(c) upon order by the Acquirer; or, if in our sole discretion, we believe any other legal or risk-based reason exists.

After termination by either party as described above, Merchant shall no longer have access to, and shall cease all use of the Braintree Payment Services. Any termination of this Agreement does not relieve Merchant of any obligations to pay any fees, costs, penalties, Chargebacks or any other amounts owed by you to us as provided under this Agreement, whether accrued prior to or after termination.

8.02 Dormancy

If there is no processing activity through your Bank-sponsored Merchant Account(s) for a period of twelve (12) months or longer, PayPal may close such inactive Bank-sponsored Merchant Account(s) and terminate the Gateway Services upon written notice. You will remain liable for all outstanding obligations under this Agreement related to you Bank-sponsored Merchant Account(s) prior to closure.

Section 9 - General Provisions

9.01 Independent Contractors

The relationship of PayPal and Merchant is that of independent contractors. Neither party nor any of its employees, consultants, contractors or agents are agents, employees, partners or joint venturers of the other party, nor do they have any authority to bind the other party by contract or otherwise to any obligation. None of such parties will represent anything to the contrary, either expressly, implicitly, by appearance or otherwise.

9.02 Severability

If any provision (or part of a provision) of this Agreement is held by a court of competent jurisdiction to be invalid, void or unenforceable for any reason, the remaining provisions (or parts of the relevant provision) not so declared shall nevertheless continue in full force and effect, but shall be construed in a manner so as to effectuate the intent of this Agreement as a whole, notwithstanding such stricken provision or provisions (or parts thereof).

9.03 Waiver

No term or provision of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the party claimed to have waived or consented. Any consent by any party to, or waiver of, a breach by the other party, whether express or implied, shall not constitute a consent to, waiver of, or excuse for any different or subsequent breach.

9.04 Assignment

This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns. Merchant may not assign this Agreement without the prior written consent of Braintree. Braintree may assign this Agreement in its sole discretion without the written consent of Merchant. Braintree will notify Merchant of such an assignment.

9.05 Amendment

We may amend this Agreement at any time by posting a revised version of it on our website under the “Legal” section of our website. The revised version will be effective at the time we post it. In addition, if our changes reduce your rights or increase your responsibilities, we will provide you with at least thirty (30) days’ prior notice by posting notice under the “Policy Updates” section contained in the “Legal” section of our website. If you do not agree to the updated terms, you can terminate your Agreement by providing us with notice in the manner indicated below in Section 9.10. If you provide us with termination notice within thirty (30) days of the date of update, then your current terms and conditions shall apply during this notice period.

9.06 Entire Agreement; Binding Effect

This Agreement, including all schedules, exhibits and attachments thereto, sets forth the entire agreement and understanding of the parties hereto in respect to the subject matter contained herein, and supersedes all prior agreements, promises, covenants, arrangements, communications, representations or warranties, whether oral or written, by any officer, partner, employee or representative of any party hereto. Nothing in this Agreement, however, limits any liability either party may have in connection with any representations or other communications (either verbal or written) made prior to or during the term of these Agreement, where such liability cannot be excluded (including under section 18 of the Australian Consumer Law). This Agreement shall be binding upon and shall inure only to the benefit of the parties hereto and their respective successors and assigns. Nothing in this Agreement, express or implied, is intended to confer or shall be deemed to confer upon any persons or entities not parties to this Agreement, any rights or remedies under or by reason of this Agreement.

9.07 Survival

Merchant remains liable under this Agreement in respect to all charges and other amounts incurred through the use of the Braintree Payment Services at any time, irrespective of termination of this Agreement. All representations, covenants and warranties shall survive the execution of this Agreement, and all terms that by their nature are continuing shall survive the termination or expiration of this Agreement.

9.08 Contact for inquiries, communication and availability of contractual documents

If you have a question or complaint relating to the Braintree Payment Services or your Transactions, please contact the Braintree customer support as defined in the “contact” tab of the Braintree Website.

All information relating to the services described in this Agreement and all customer service support and other communication during the contractual relationship will be provided in the English language only. The general terms and conditions for the Braintree Payment Services will be available at all times on www.braintreepayments.com in the “Legal” tab, and/or be made available during signup process as an electronic copy per e-mail. You may request at any time free of charge an electronic copy of your contractual documents.

9.09 Dispute resolution

Any dispute between the parties in relation to this Agreement (a “Relevant Dispute”) shall be resolved in accordance with the following provisions. In the case of referrals to representatives of the parties, such representatives shall act in good faith and use bona fide efforts to attempt to resolve the Relevant Dispute.

The Relevant Dispute shall in the first instance be referred to each party’s nominated person. If the Relevant Dispute is not resolved within 10 Business Days of its referral, it shall be referred to a senior employee of the Merchant and to a Director of the PayPal management team. If the Relevant Dispute is not resolved following its referral to a senior employee of the Merchant and to a Director of the PayPal management team, the Relevant Dispute will be mediated by the Australian Disputes Centre (“ADC”). The mediation will be conducted in Sydney and in accordance with the ADC Guidelines for Commercial Mediation (the “Guidelines”) operating at the time the matter is referred to ADC.

9.10 Notices, Governing Law, and Jurisdiction

Merchant agrees that Braintree may provide notices and disclosures to Merchant by posting them on Braintree’s website or by emailing them to Merchant. Notices and disclosures posted on Braintree’s website or emailed shall be considered to be received by you within twenty-four (24) hours of the time it is posted to our website or emailed to you, unless we receive notice that the email was not delivered. Furthermore, you understand and agree that if Braintree sends you an email but you do not receive it because your primary email address on file is incorrect, out of date, blocked by your service provider, or you are otherwise unable to receive electronic communications, Braintree will still be deemed to have provided the communication to you. You also agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy. In addition, Braintree may send Merchant emails, including, but not limited to in relation to product updates, new features and offers and Merchant hereby consents to such email notification.

Notice to Braintree must be sent by postal mail to PayPal Australia Pty Limited, Attention: Head of Legal, Locked Bag 10, Australia Square PO, Sydney NSW 1215.

The Parties choose the law in force in New South Wales, Australia as the governing law of this Agreement. The competent courts of New South Wales, Australia shall have exclusive jurisdiction over all disputes arising out of or in connection with this Agreement, subject to the mediation requirements as set forth in Section 9.09.

Definitions

“Acceptable Use Policy” means the policy set out at https://www.braintreepayments.com/legal/acceptable-use-policy

“Acquirer” means the financial institution that provides acquiring services to Merchant under the terms of the Bank Agreement.

“Agreement”: means this Braintree Payment Services Agreement, including all other agreements, policies and documents incorporated herein.

“Bank Account” means the bank account that you specify to receive your Payout Amounts.

“Bank Agreement”: means the agreement between you and National Australia Bank Limited set out at https://www.braintreepayments.com/legal/bank-agreement.

“Bank-sponsored Merchant Account” means the merchant account(s) provisioned to Merchant by Acquirer for use as part of the Braintree Payment Services under the terms of the Bank Agreement.

“Braintree Dashboard” is the web view where you can access, view and create your Braintree Transactions.

“Business Day” means a day on which banks are open for general business in New South Wales, Australia, other than a Saturday or Sunday or a public holiday.

“Cardholder Information” has the definition ascribed to such term in Section 6.02.

“Chargeback” means a challenge to a payment that a buyer files directly with his or her credit card issuer or company.

“Customer(s)” means the customer(s) of the Merchant.

“Customer Data” means all information, including personal data,that (i) Customer provides to Merchant and Merchant passes on to Braintree through the use by Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by Merchant of the Braintree Payment Services.

“Hyperwallet” means Hyperwallet Systems Australia Pty Ltd (ABN 38 616 937 716) and its affiliates and assigns.

“Hyperwallet Settlement Account” means a pooled Hyperwallet funds account designated for the benefit of merchants and segregated from Hyperwallet’s proprietary operating accounts where your funds are held in accordance with the Hyperwallet terms of service.

“Intellectual Property” means all of the following owned by a party: (a) trademarks and service marks (registered and unregistered) and trade names, and goodwill associated therewith; (b) patents, patentable inventions, computer programs, and software; (c) databases; (d) trade secrets and the right to limit the use or disclosure thereof; (e) copyrights in all works, including software programs; and (f) domain names.

“Intellectual Property Rights” means the rights owned by a party in its Intellectual Property.

“Invalidated Payment” means an invalid Transaction, refund Transaction, over-payment, Chargeback or any other expenses.

“Merchant”, “you” or “your” means the entity and/or individual who enters into this Agreement.

“Networks” means, collectively, Visa, Mastercard, Discover, American Express, any ATM or debit network, and the other financial service card organisations.

“Network PCI-DSS Requirements” means the data privacy and security requirements under the Payment Card Industry Data Security Standard.

“Network Rules” means any rule, regulation, guideline, or bylaw of any of the Networks.

“PayPal”, “Braintree”, “we”, “us” or “our” means PayPal Australia Pty Limited (ABN 93 111 195 389) whose address is Level 24, 1 York Street, Sydney NSW 2000.

“Payout Amount” means any amount due and recorded by the acquiring bank as a Transaction (less the sum of all Refund Transactions, Chargebacks, Reversals and any applicable charges or fees).

“Privacy Policy” means the policy set out at https://www.braintreepayments.com/legal/braintree-privacy-policy

“Reversal”: means any payment that Braintree reverses, or instructs Acquirer to reverse, to your customer because the payment: (a) violates, or we reasonably suspect such payment may violate, the Acceptable Use Policy; and/or (b) has been categorised for reversal by Braintree’s risk models. The term “Reversed” shall be construed accordingly.

“Refund Transaction” is any refund issued by you through the Braintree Dashboard or through your API access.

“Reserve” means an amount or percentage of your Payout Amounts that we hold or we instruct Acquirer to hold as permitted under Section 5.02 in order to protect against the risk of Reversals, Chargebacks, or any other risk, exposure and/or potential liability to us related to your use of the Braintree Payment Services.

“Restricted Activities” means any breaches of our Acceptable Use Policy and any activity specified in Section 3.01 above.

“Transaction” means a transfer of funds between you and a Customer using the Braintree Payment Services.

EXHIBIT A – Data Protection Addendum

This Data Protection Addendum (“Addendum”) is entered into between Merchant and PayPal and forms part of and is incorporated into the Agreement.

Capitalised terms used but not defined by this Addendum shall have the meaning set out in the main body of the Agreement.

EFFECT OF THIS ADDENDUM

This Addendum amends and forms part of the Agreement, and is effective as of the Effective Date of the Agreement.

1 DEFINITIONS AND INTERPRETATION

1.1 The following terms have the following meanings when used in this Addendum:

  • Card Information” is defined in Section 3.14 of this Addendum.
  • Customer" means an EU customer of Merchant and for the purposes of this Addendum, is a data subject.
  • Customer Data" means the personal data that (i) the Customer provides to Merchant and Merchant passes on to Braintree through the useby Merchant of the Braintree Payment Services and (ii) Braintree collects from the Customer’s device and browser through use by the Merchant of the Braintree Payment Services.
  • data controller" (or simply "controller") and "data processor" (or simply "processor") and "data subject" have the meanings given to those terms under the Data Protection Laws.
  • Data Protection Laws"  means EU Directive 95/46/EC or Regulation (EU) 2016/679 (GDPR) and any associated regulations or instruments and any other data protection laws, regulations, regulatory requirements and codes of conduct of EU Member States applicable to Braintree's provision of the Services.
  • Data Recipient” is defined in Section 3.14 of this Addendum.
  • Merchant Data" means any personal data relating to business contact details of Merchant or its employees, officers or contractors provided to or obtained by Braintree in the provision of the Services.
  • PayPal Group" means PayPal and all companies in which PayPal or its successor directly or indirectly from time to time owns or controls.
  • personal data" has the meaning given to it in the Data Protection Laws.
  • processing" has the meaning given to it in the Data Protection Laws and "process", "processes" and "processed" will be interpreted accordingly. 
  • Security Incident" means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Braintree.
  • Services" means the "Braintree Payment Services" as defined in the Agreement.
  • Sub-processor" means any processor engaged by PayPal and/or its affiliates in the processing of personal data.

1.2 Addendum. This Addendum comprises (i) sections 1 to 4, being the main body of the Addendum; (ii) Attachment 1; (iii) Attachment 2; and (iv) Attachment 3.

2 PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE SERVICES

2.1 Braintree is the controller in respect of Merchant Data and may use it for the following purposes as provided for in the Braintree Privacy Policy:

2.1.1 as reasonably necessary to provide the Services to Merchant;

2.1.2 to conduct anti-money laundering, know your customer and fraud checks on the Merchant;

2.1.3 to market to the employees and contractors of Merchant; and

2.1.4 any other purpose that it notifies (or Merchant agrees to notify on its behalf) to the employees and contractors of Merchant in accordance with Data Protection Laws.

2.2 Braintree shall comply with the requirements of the Data Protection Laws applicable to controllers in respect of the use of Merchant Data under this Agreement (including without limitation, by implementing and maintaining at all times all appropriate security measures in relation to the processing of Merchant Data and by maintaining a record of all processing activities carried out in respect of Merchant Data) and shall not knowingly do anything or permit anything to be done with respect to the Merchant Data which might lead to a breach by the Merchant of the Data Protection Laws.

2.3 With regard to any Customer Data to be processed by Braintree in connection with this Agreement, Merchant will be a controller and Braintree will be a processor in respect of such processing. Merchant will be solely responsible for determining the purposes for which and the manner in which Customer Data are, or are to be, processed.

2.4. Braintree shall only process Customer Data on behalf of and in accordance with Merchant’s written instructions. The Parties agree that this Addendum is Merchant's complete and final written instruction to Braintree in relation to Customer Data. Additional instructions outside the scope of this Addendum (if any) require prior written agreement between Braintree and Merchant, including agreement of any additional fees payable by Merchant to Braintree for carrying out such additional instructions. Merchant shall ensure that its instructions comply with all applicable laws, including Data Protection Laws, and that the processing of Customer Data in accordance with Merchant's instructions will not cause Braintree to be in breach of Data Protection Laws. Merchant hereby instructs Braintree to process Customer Data for the following purposes:

2.4.1 as reasonably necessary to provide the Services to Merchant;

2.4.2 after anonymising the Customer Data, to use that anonymised Customer Data, directly or indirectly, which is no longer identifiable personal data, for any purpose whatsoever.

2.5 In relation to Customer Data processed by Braintree under this Agreement, Braintree shall co-operate with Merchant to the extent reasonably necessary to enable Merchant to adequately discharge its responsibility as a controller under Data Protection Laws, including without limitation that Braintree shall cooperate and provide Merchant with such reasonable assistance as Merchant requires in relation to:

2.5.1. assisting Merchant in the preparation of data protection impact assessments to the extent required of Merchant under Data Protection Laws; and

2.5.2 responding to binding requests for the disclosure of information as required by local laws, provided always that where the request is from a non-EEA law enforcement agency Braintree will (a) subject to subclause (c), inform Merchant of the request, the data concerned, response time, the identity of the requesting body and the legal basis for the request; (b) wait for Merchant’s instructions provided the instruction and the opinion are received within a reasonable period of time, which shall be assessed in light of the time period afforded by the law enforcement agency to Braintree; (c) where Braintree is prohibited from informing Merchant about the law enforcement agency’s request, take reasonable steps to have this prohibition waived and to make available relevant information about the request as soon as possible to Merchant (these efforts will be documented); and (d) where the prohibition cannot be waived, compile a list, in compliance with its national law and on an annual basis, of the number of such requests received, the type of Customer Data requested and the identity of the law enforcement agency concerned and make it available to the Customer’s data protection authority annually on request (in which circumstances Braintree will be acting as a controller).

2.6 Scope and Details of Customer Data processed by Braintree. The objective of processing Customer Data by Braintree is the performance of the Services pursuant to the Agreement. Braintree shall process the Customer Data in accordance with the specified duration, purpose, type and categories of data subjects as set out in Attachment 3 (Data Processing of Customer Data).

2.7 The Parties will at all times comply with Data Protection Laws.

2.8 Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.

3 DATA PROCESSOR TERMS

This section 3 applies only to the extent that Braintree acts as a processor or Sub-processor to Merchant. It does not apply where Braintree acts as a controller.

3.1 Correction, Blocking and Deletion. To the extent Merchant, in its use of the Services, does not have the ability to correct, amend, block or delete Customer Data, as required by Data Protection Laws, Braintree shall comply with any commercially reasonable request by Merchant to facilitate such actions to the extent Braintree is legally permitted to do so. To the extent legally permitted, Merchant shall be responsible for any costs arising from Braintree’s provision of such assistance.

3.2 Data Subject Requests. Braintree shall, to the extent legally permitted, promptly notify Merchant if it receives a request from a Customer for access to, correction, amendment or deletion of that Customer’s personal data. Braintree shall not respond to any such Customer request without Merchant’s prior written consent except to confirm that the request relates to Merchant to which Merchant hereby agrees. Braintree shall provide Merchant with commercially reasonable cooperation and assistance in relation to handling of a Customer's request for access to that person’s personal data, to the extent legally permitted and to the extent Merchant does not have access to such Customer Data through its use of the Services. If legally permitted, Merchant shall be responsible for any costs arising from Braintree’s provision of such assistance.

3.3 Confidentiality. Braintree shall ensure that its personnel engaged in the processing of Customer Data are informed of the confidential nature of the Customer Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Braintree shall ensure that such confidentiality obligations survive the termination of the personnel engagement.

3.4 Training. Braintree undertakes to provide training as necessary from time to time to the Braintree personnel with respect to Braintree's obligations in this Addendum to ensure that the Braintree personnel are aware of and comply with such obligations.

3.5 Limitation of Access. Braintree shall ensure that access by Braintree's personnel to Customer Data is limited to those personnel performing Services in accordance with the Agreement.

3.6 Data Protection Officer. Members of the PayPal Group have appointed a data protection officer where such appointment is required by Data Protection Laws. The appointed person may be reached at:

Email:
auexecutiveescalations@paypal.com

Mail:
Privacy Officer
PayPal Australia
GPO Box 351
Sydney NSW 2001

3.7 Sub-processors.  Merchant specifically authorises the engagement of members of the PayPal Group as Sub-processors in connection with the provision of the Services. In addition, Merchant generally authorises the engagement of any other third parties as Sub-processors in connection with the provision of the Services. When engaging any Sub-processor, Braintree will execute a written contract with the Sub-processor which contains terms for the protection of Customer Data which are no less protective than the terms set out in this Addendum.

3.7.1 List of Current Sub-processors and Notification of New Sub-processors. Braintree shall make available to Merchant a current list of Sub-processors for the respective Services with the identities of those Sub-processors (“Sub-processor List”). The Sub-processor List is included in Attachment 1 to this Addendum. Where a Sub-processor is proposed to be changed Braintree shall provide prior notice by email to Merchant before implementing such change.

3.7.2 Objection Right for new Sub-processors. If Merchant has a reasonable basis to object to Braintree’s use of a new Sub-processor, Merchant shall notify Braintree promptly in writing within two (2) months after receipt of Braintree’s notice. In the event Merchant objects to a new Sub-processor(s) and that objection is not unreasonable Braintree will use reasonable efforts to make available to Merchant a change in the affected Services or recommend a commercially reasonable change to Merchant’s configuration or use of the affected Services to avoid processing of personal data by the objected-to new Sub-processor without unreasonably burdening Merchant. If Braintree is unable to make available such change within a reasonable period of time, which shall not exceed sixty (60) days, Merchant may terminate the Agreement in respect only of those Services which cannot be provided by Braintree without the use of the objected-to new Sub-processor, by providing no less than sixty (60) days' written notice to Braintree. Merchant shall receive a refund of any prepaid fees for the period following the effective date of termination in respect of such terminated Services.

3.8 Audits and Certifications. Where requested by Merchant, subject to the confidentiality obligations set forth in the Agreement, Braintree shall make available to Merchant (or Merchant’s independent, third-party auditor that is not a competitor of Braintree or any members of PayPal or the PayPal Group) information regarding Braintree’s compliance with the obligations set forth in this Addendum in the form of the third-party certifications and audits (if any) set forth in the Privacy Policy set out on our website. Merchant may contact Braintree in accordance with the “Notices” Section of the Agreement to request an on-site audit of the procedures relevant to the protection of personal data. Merchant shall reimburse Braintree for any time expended for any such on-site audit at Braintree’s then-current professional services rates, which shall be made available to Merchant upon request. Before the commencement of any such on-site audit, Merchant and Braintree shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Merchant shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Braintree. Merchant shall promptly notify Braintree with information regarding any non-compliance discovered during the course of an audit.

3.9 Security. Braintree shall, as a minimum, implement and maintain appropriate technical and organisational measures as described in Attachment 2 to this Addendum to keep Customer Data secure and protect it against unauthorised or unlawful processing and accidental loss, destruction or damage in relation to the provision of the Services. Since Braintree provides the Services to all Merchants uniformly via a hosted, web-based application, all appropriate and then-current technical and organisational measures apply to Braintree’s entire customer base hosted out of the same data centre and subscribed to the same service. Merchant understands and agrees that the technical and organisational measures are subject to technical progress and development. In that regard, Braintree is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained in relation to the provision of the Services. In the event of any detrimental change Braintree shall provide a notification together with any necessary documentation to Merchant by email or publication on a website easily accessible by Merchant.

3.10 Security Incident Notification. If Braintree becomes aware of a Security Incident in connection with the processing of Customer Data, Braintree will: (a) notify Merchant of the Security Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimise harm and secure Customer Data.

3.11 Details of Security Incident. Notifications made under section 3.10 (Security Incident Notification) will describe, to the extent possible, reasonable details of the Security Incident, including steps taken to mitigate the potential risks.

3.12 Communication. Braintree will deliver its notification of any Security Incident to one or more of Merchant's administrators by any means Braintree selects, including via email. Merchant is solely responsible for maintaining accurate contact information and ensuring that any contact information is current and valid.

3.13 Deletion. Upon termination or expiry of the Agreement, Braintree will delete or return to Merchant all Customer Data processed on behalf of the Merchant, and Braintree shall delete existing copies of such Customer Data except where necessary to retain such Customer Data strictly for the purposes of compliance with applicable law.

3.14 Data Portability. Upon any termination or expiry of this Agreement, Braintree agrees, upon written request from Merchant, to provide Merchant’s new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to Merchant’s Customers (“Card Information”). In order to do so, Merchant must provide Braintree with all requested information including proof that the Data Recipient is in compliance with the Network PCI-DSS Requirements and is level 1 PCI compliant. Braintree agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) Merchant provides Braintree with proof that the Data Recipient is in compliance with the Network PCI-DSS Requirements (Level 1 PCI compliant) by providing Braintree a certificate or report on compliance with the Network PCI-DSS Requirements from a qualified provider and any other information reasonably requested by Braintree; (b) the transfer of such Card Information is compliant with the latest version of the Network PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Network Rules, and any applicable laws, rules or regulations (including Data Protection Laws and the Privacy Act 1988 (Cth)). Merchant agrees to indemnify, defend, and hold harmless Braintree , its parent, affiliates, officers, directors, agents, employees and suppliers from and against any lawsuit, claim, liability, loss, penalty or other expense (including solicitors’ costs on a solicitor-client basis) they may suffer or incur arising out of or in connection with the transfer of any data to a Data Recipient. The Merchant must duly execute and deliver to Braintree such instruments and documents as Braintree may reasonably require to give effect to this Section 3.14.

This Addendum shall take effect between, and become legally binding on the Parties on the date determined by “Effect of this Addendum” section above.

Attachment 1

Sub-processor List

  1. Kount Inc: 917 South Lusk, 3rd Floor, Boise, ID 83706

  2. Amazon Web Services, Inc.: 410 Terry Avenue, North Seattle, WA 98109-5210

  3. CardinalCommerce Corporation: 8100 Tyler Blvd., Mentor, OH 44060

Attachment 2

The following technical and organizational measures will be implemented:

  1. Measures taken to prevent any unauthorized person from accessing the facilities used for data processing (e.g. secured access, badges);
  2. Measures taken to prevent data media from being read, copied, amended or moved by any unauthorized persons (e.g. data kept in locked premises);
  3. Measures taken to prevent the unauthorized introduction of any data into the information system, as well as any unauthorized knowledge, amendment or deletion of the recorded data (e.g. restricted access to the IT infrastructure);
  4. Measures taken to prevent data processing systems from being used by unauthorized person using data transmission facilities (e.g. firewalls);
  5. Measures taken to guarantee that authorized persons when using an automated data processing system may access only data that are within their competence (e.g. specific users accounts);
  6. Measures taken to guarantee the checking and recording of the identity of third parties to whom the data can be transmitted by transmission facilities (e.g. VPN, encryption of data);
  7. Measures taken to guarantee that the identity of the persons having had access to the information system and the data introduced into the system can be checked and recorded ex post facto at any time and by any authorized person;
  8. Measures taken to prevent data from being read, copied, amended or deleted in an unauthorized manner when data are disclosed and data media transported;
  9. Measures taken to safeguard data by creating backup copies (encryption of data back-ups).

Attachment 3

Data Processing of Customer Data

Categories of data subjects

Customer Data – The personal data that the Customer provides to Merchant and Merchant passes on to Braintree through the use by the Customer of the Braintree Payment Services.

Subject-matter of the processing

The payment processing services offered by Braintree which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.

The payment processing services include the optional use of Fraud Maintenance Tools by Merchant to detect fraudulent transactions.

Nature and purpose of the processing

Braintree processes Customer Data that is sent by the Merchant to Braintree for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.

Braintree processes Customer Data that is collected by Braintree or sent from Merchant to Braintree for the purposes of Braintree making the Fraud Maintenance Tools available to Merchant. Braintree collects, processes and uses Customer Data on behalf of Merchant in order to analyze the Customer Data and use it to identify fraudulent transactions on Merchant's websites or mobile applications as further described in the Payment Services Agreement.

Type of personal data

Customer Data – Merchant shall inform Braintree of the type of Customer Data Braintree is required to process under this Agreement. Should there be any changes to the type of Customer Data Braintree is required to process then Merchant shall notify Braintree immediately. Braintree processes the following Customer Data, as may be provided by the Merchant to Braintree from time to time:

Full name……………………………………………

Date of birth……………………………………………

Home address……………………………………………

Shipping address……………………………………………

Work address……………………………………………

Billing address……………………………………………

Email address……………………………………………

Telephone number……………………………………………

Fax number……………………………………………

Government ID number……………………………………………

Bank account number and bank routing number……………………………………………

Financial account number……………………………………………

Card or payment instrument type……………………………………………

Card Primary Account Number (PAN) or Device-specific Primary Account Number (DPAN)

……………………………………………

Card Verification Value (CVV)……………………………………………

Card expiration date……………………………………………

Business tax ID……………………………………………

Username……………………………………………

Password……………………………………………

IP address……………………………………………

Device data*……………………………………………

Browser data*……………………………………………

*As further detailed in the Fraud Maintenance Tools documentation made available by Braintree from time to time.

Special categories of data (if relevant)

The transfer and processing of special categories of data is not anticipated.

Duration of Processing

The term of the Agreement.