Effective Date: The Payment Services Agreement is effective on 25 May 2018 for Merchants who signed up before 11 April 2018 or immediately for all new Merchants who signed up on or after 11 April 2018.
This Agreement is provided to you in English. We recommend that you download or print a copy of this Agreement for your records, which is available, as amended from time to time, on the “Legal” tab on the Braintree website (www.braintreepayments.com).
When you apply to become a Braintree customer, we collect information about you and your business, and confirm your identity to satisfy our anti-money laundering requirements and other regulatory obligations (referred to as “know your customer” requirements). By completing your application to become a Braintree customer, you authorise us to obtain financial and credit information (including from third parties) relating to you, your directors, officers and principals. We use this information (and other information available to us) to evaluate you, your directors, officers and principals against our evaluation criteria. Braintree reserves the right to terminate this Agreement with immediate notice to you at any time before the “know your customer” process is completed, or not completed satisfactorily. Braintree reserves the right to refuse or rescind any payment to your customers if such process does not complete satisfactorily and/or to disburse funds to you after this mandatory process is completed.
1.01 “Payment Processing Services”
The payment processing services offered by Braintree include services that provide Merchants with the ability to accept credit and debit card payments on a website or mobile application. These services include the Gateway Services (as defined below), bank-sponsored merchant account, fraud protection tools, recurring billing functionality, payment card storage, foreign currency acceptance, white glove customer support, and other software, APIs and services and technology as described on the Braintree website.
1.02 “Gateway Services”
The gateway services offered by Braintree include services that provide Merchants with the software and connectivity required to allow real-time secure data transmission for processing of credit and debit card payments on a website or mobile application. The Gateway Services include Forwarding Services and Grant API Services which are provided subject to additional terms set out on the Braintree website under “PayPal Products and Services” and incorporated into this Agreement by reference. The Gateway Services also include certain payment technology services provided by third parties that are used to facilitate your processing of credit and debit card payments (“Payment Technology Services”). In order to use these services, you agree to the applicable Payment Technology Services terms as set forth on the Braintree website which are incorporated into this Agreement by reference. You acknowledge and agree that the Payment Technology Services are provided solely by the relevant third party (and not Braintree) as set forth in the applicable Payment Technology Services terms, and that Braintree will under no circumstances be responsible or liable for any damages, losses or costs whatsoever suffered or incurred by you resulting from any Payment Technology Services.
Exhibit A includes a description of the main characteristics of the Braintree Payment Services.
The fees applicable to the Braintree Payment Services are set forth on our website.
In exchange for us providing you with the Braintree Payment Services, you agree to pay us the fees and other amounts shown in your merchant statement. If you are a prospective merchant interested in learning more about fees, please visit our website where you will find all applicable fees for your use of the Braintree Services. We may revise fees at any time upon prior notice to you. You must refer to your statement for your current fees, which prevail over those detailed on our website. Your statement may be accessed through the Braintree Dashboard. All applicable fees are due and payable immediately upon settlement of the applicable Payout Amount.
Interest on any and all amounts due by you, but not yet paid to Braintree, shall accrue at a rate of 1.0% per month ("Late Fee"). In the event of a dispute made in good faith as to the amount of fees, Merchant agrees to remit payment on any undisputed amount(s); and, the Late Fee shall not accrue as to any disputed amounts unless not paid within thirty (30) calendar days after said dispute has been resolved by both parties.
2.02 Blended or Interchange Plus Pricing
You may choose between two pricing models for receiving card payments via Braintree’s payment processing services. You may opt for the Blended pricing model or for the Interchange Plus model by the methods and procedures that Braintree makes available to you. If you do not make an election, you will stay on your existing fee structure.
When you select a pricing model, it may take up to five business days for it to take effect. It will only apply to future transactions, not to past transactions.
2.03 Currency Conversion
If your transaction involves a currency conversion it will be converted at an exchange rate we set for the relevant currency exchange. The exchange rate is sourced from a sponsoring financial institution which is based on the rates available in the wholesale currency markets or, if required by law or regulation, at the relevant governmental reference rate(s) on the conversion date or the prior Business Day.
Where a currency conversion is offered at the point of sale by Merchant, not by Braintree, and Merchant offers the exchange rate and charges, Braintree has no liability for that currency conversion.
2.04 Payment of Fees; Right to Set-off
Braintree will on a daily basis, pay to your Bank Account the aggregate of all Payout Amounts net of the applicable fees and other amounts due to Braintree. If the Payout Amount is not sufficient to cover the applicable fees or other amounts due to Braintree on any given day, you agree that we may debit your Bank Account for the applicable amounts and/or set-off the applicable amounts against future Payouts.
Merchant acknowledges and agrees that a Transaction may become subject to a Chargeback even after settlement, or otherwise be invalidated. In the event of a Chargeback or invalidated payment, you are liable for:
Upon Braintree’s request, you agree to provide Braintree with all necessary bank account, routing and related information and grant Braintree any required permission to debit the applicable amounts from your Bank Account. Braintree reserves the right to charge a fee for providing additional information or for providing the transaction history and other information about our fees in a different way.
Unless otherwise stated, all fees are quoted exclusive of any applicable value added tax (VAT). For the sake of clarity, the Braintree Services are in scope of the exemption from VAT of Art. 135 (1)(d) of the EU VAT Directive 2006/112/EC.
It is your responsibility to determine what, if any, taxes apply to the payments you make or receive, and it is your responsibility to collect, report and remit the correct tax to the appropriate tax authority. PayPal is not responsible for determining whether taxes apply to your transaction, or for collecting, reporting or remitting any taxes arising from any transaction.
2.06 Interchange Fees
Interchange Fees are set by Visa and MasterCard. If you receive card payments under the Interchange Plus pricing model, Braintree shall always charge you the Interchange Fee as set by Visa and MasterCard and as passed on by Braintree’s Acquirer. For more information on Interchange Fees, please see MasterCard’s and Visa’s websites.
3.01 Restricted activities
In connection with your use of the Braintree Payment Services, or in the course of your interactions with Braintree, you will comply at all times with the Braintree Acceptable Use Policy accessible at the following address: https://www.braintreepayments.com/legal/acceptable-use-policy
You agree that you will not:
3.02 Representations and warranties by Merchant
Merchant has the full power and authority to execute, deliver and perform this Agreement. This Agreement is valid, binding and enforceable against Merchant in accordance with its terms and no provision requiring Merchant's performance is in conflict with its obligations under any constitutional document, charter or any other agreement (of whatever form or subject) to which Merchant is a party or by which it is bound.
Merchant is duly organized, authorized and in good standing under the laws of the state, region or country of its organization and is duly authorized to do business in all other states, regions or countries in which Merchant's business make such authorization necessary or required.
You must compensate and indemnify us for any claims, losses, expenses or liability we incur arising out of:
In the event of an Invalidated Payment and other liability, we may deduct the amount of the Invalidated Payment from your Payout Amounts.
5.01 Actions by Braintree
If we have reason to believe that there is a higher than normal risk associated with your Transactions, in particular if we believe you have breached the terms of this Agreement, we may take various actions to avoid Reversals, Chargebacks, fees, fines, penalties and any other liability. The actions we may take include but are not limited to the following:
Braintree, in its sole discretion, may place a Reserve on all or a portion of your Payout Amounts. If Braintree imposes a Reserve, we will provide you with a notice specifying the terms of the Reserve. The terms may require (a) that a certain percentage of your Payout Amounts are held for a certain period of time, (b) that a fixed amount of your Payout Amounts is withheld from payout to you, or (c) such other restrictions that Braintree determines are necessary to protect against the risk to us associated with our business relationship. Braintree may change the terms of the Reserve at any time by providing you with notice of the new terms. Payout Amounts subject to a Reserve are not immediately available for payout to you or for making Refund Transactions. Other restrictions described in (c) above may include: limiting Payout Amounts immediately available to you, changing the speed or method of payouts to you, setting off any amounts owed by you against your Payout Amounts and/or requiring that you, or a person associated with you, enter into other forms of security arrangements with us (for example, by providing a guarantee or requiring you to deposit funds with us as security for your obligations to us or third parties). You also agree to undertake, at your own expense, any further action (including, without limitation, executing any necessary documents and registering any form of document reasonably required by us to allow us to perfect any form of security interest or otherwise) required to establish a Reserve or other form of security in a manner reasonably determined by us.
Braintree may hold a Reserve as long as it deems necessary, in its sole discretion, to mitigate any risks related to your Transactions. You agree that you will remain liable for all obligations related to your Transactions even after the release of any Reserve. In addition, we may require you to keep your Bank Account available for any open settlements, Chargebacks and other adjustments.
5.03 Security Interest
To secure your performance of this Agreement, you grant to Braintree a legal claim to any Payout Amounts held in Reserve. This is known in legal terms as a “lien” on and “security interest” in these Payout Amounts.
5.04 American Express and Direct Acceptance
American Express may use the information obtained in your application at the time of setup to screen and/or monitor you in connection with card marketing and administrative purposes.
You acknowledge that if you process greater than or equal to the equivalent of $500,000 USD in American Express transactions annually, American Express may require you to enter into a direct contractual relationship with them. In this situation, American Express will set pricing for American Express transactions, and you will pay fees for American Express transactions directly to American Express. By accepting these terms you agree to receive commercial marketing communication from American Express. You may opt out by notifying Braintree via email email@example.com . If you opt out of commercial marketing communications, you will still receive important transactional or relationship messages from American Express.
American Express shall be a third party beneficiary of this Agreement for purposes of American Express Card acceptance. As a third party beneficiary, American Express shall have the right to enforce directly against you the terms of this Agreement as related to American Express Card acceptance. You acknowledge and agree that American Express shall have no responsibility of liability with regard to Braintree’s obligations to you under this Agreement.
American Express may conduct an audit of you at any time, for the purpose of determining compliance with the American Express Rules.
You authorize Braintree to submit transactions to, and receive settlement from, American Express, and to disclose transaction and merchant information to American Express to perform analytics and create reports, and for any other lawful business purposes, including commercial marketing communications purposes and important transactional or relationship communications. Merchant may terminate its acceptance of American Express at any time upon notice.
5.05 UnionPay – Merchant Obligations.
You agree for Braintree to disclose information obtained in your application at the time of setup to UnionPay International Co., Ltd (“UPI”) so that it can manage payment services for Merchants accepting payments utilizing the payment network of UnionPay.
Merchant, or a third party acting on its behalf, shall not use transaction receipts, UnionPay logos or marks for purposes outside of the scope of the Agreement.
Merchant shall not consign or transfer the business of UnionPay card acceptance to a third party without Braintree’s written consent.
Merchant shall not submit third party receipts to Braintree for settlement.
The following actions are not permitted by Merchant and Merchant shall assume full responsibility and liability for, including but not limited to, alteration of the amount on transaction receipts, split transactions, cash out, acceptance of credit cards listed in the card recovery bulletin, excessive usage above the authorized limit, insufficient signature and expiry date checking, refund in case, late presentment, submitting false transactions to Braintree.
Merchant agrees to keep transaction receipts and original records related to transactions for at least one year. Merchant shall bear financial losses incurred due to inappropriate retention or loss of transaction receipts.
In the event that Merchant breaches the requirements listed under this Section 5.05 and/or the Acceptable Use Policy Braintree has the right to terminate Merchant’s use of UnionPay card acceptance.
Merchant shall allow UPI to use its risk information for normal business practices.
Braintree and UPI shall have the right of inquiry and recourse regarding transactions including after the termination of the use of UnionPay card acceptance or termination of the Agreement.
5.06 iDeal – Merchant Obligations.
Supplemental terms related to your use of iDEAL are detailed under Exhibit C.
6.01 Data Security Compliance
Merchant agrees to comply with data privacy and security requirements under the Payment Card Industry (“PCI”) Data Security Standard (“DSS”) ("Association PCI- DSS Requirements") with regards to Merchant's use, access, and storage of certain credit card non-public personal information ("Cardholder Information"). Visa, MasterCard, Discover, American Express, Diners Club card, JCB, UPI (China UnionPay) , any debit network, and the other financial service card organizations shall be collectively known herein as "Associations." Additionally, Merchant agrees to comply with its obligations under any applicable law or regulation as may be in effect or as may be enacted, adopted or determined regarding the confidentiality, use, and disclosure of Cardholder Information. Braintree may, at its discretion, conduct an on-site audit and review of Merchant's data privacy and security procedures upon either (a) five (5) Business Days’ notice for any reason or (b) immediately upon any unauthorized access to, use or disclosure of any Cardholder Information.
Braintree may, with written notice to Merchant, require that Merchant comply with any further requirements of the European Central Bank or the Associations for strong authentication for all or certain specified credit card transactions.
Braintree agrees to comply with the Association PCI-DSS Requirements of Visa and MasterCard. Merchant can verify Braintree's compliance with the PCI DSS by viewing the Global List of PCI DSS Validated Compliant Service Providers on Visa's website at http://www.visa.com/splisting/searchGrsp.do. Merchant may request a copy of Braintree’s attestation of compliance for PCI DSS from Braintree no more frequently than on an annual basis. Braintree acknowledges that it is responsible for the security of customer cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that it could impact the security of the customer cardholder data environment.
6.02 Data Accuracy
Merchant warrants to Braintree that all data and entries delivered to Braintree by Merchant will (a) be correct in form, (b) contain true and accurate information, (c) be fully authorized by the customer, and (d) be timely under the terms and provisions of this Agreement.
6.02 Data Protection
Exhibit B details the Data Protection terms together with EU Standard Contractual Clauses.
6.04 Intellectual Property
"Intellectual Property" means all of the following owned by a party: (a) trademarks and service marks (registered and unregistered) and trade names, and goodwill associated therewith; (b) patents, patentable inventions, computer programs, and software; (c) databases; (d) trade secrets and the right to limit the use or disclosure thereof; (e) copyrights in all works, including software programs; and (f) domain names. The rights owned by a party in its Intellectual Property shall be defined, collectively, as "Intellectual Property Rights." Other than the express licenses granted by this Agreement, Braintree grants no right or license to Merchant by implication, estoppel or otherwise to the Braintree Payment Service or any Intellectual Property Rights of Braintree. Each party shall retain all ownership rights, title, and interest in and to its own products and services (including in the case of Braintree, in the Braintree Payment Service) and all intellectual property rights therein, subject only to the rights and licenses specifically granted herein.
6.05 License Grant
If you are using our software such as an API, developer's toolkit or other software application (the “Software”) that you have downloaded to your computer, device, or other platform, then Braintree grants you a revocable, non-exclusive, non-transferable license to use Braintree's software in accordance with the documentation. This license grant includes the software and all updates, upgrades, new versions and replacement software for your use in connection with the Braintree Payment Service. You may not rent, lease or otherwise transfer your rights in the software to a third party. You must comply with the implementation and use requirements contained in all Braintree documentation accompanying the software. If you do not comply with Braintree’s instructions, implementation and use requirements you will be liable for all resulting damages suffered by you, Braintree and third parties. Unless otherwise provided by applicable law, you agree not to alter, reproduce, adapt, distribute, display, publish, reverse engineer, translate, disassemble, decompile or otherwise attempt to create any source code that is derived from the software. Upon expiration or termination of this Agreement, you will immediately cease all use of any Software.
License to Braintree Trademarks. Subject to the terms and conditions of this Agreement, Braintree grants you a revocable, non-exclusive, non-transferable license to use Braintree's trademarks to identify the Braintree Payment Service (the "Trademarks") during the term of this Agreement solely in conjunction with the use of the Braintree Payment Service. Braintree grants no rights in the Trademarks or in any other trademark, trade name, service mark, business name or goodwill of Braintree except as licensed hereunder or by separate written agreement of the parties. Merchant agrees that it will not at any time during or after this Agreement assert or claim any interest in or do anything that may adversely affect the validity of any Trademark or any other trademark, trade name or product designation belonging to or licensed to Braintree (including, without limitation registering or attempting to register any Trademark or any such other trademark, trade name or product designation). Upon expiration or termination of this Agreement, Merchant will immediately cease all display, advertising and use of all of the Trademarks including the logos and trademarks of the Association.
Merchant hereby grants Braintree permissions to use Merchant's name and logo in its marketing materials including, but not limited to use on Braintree's website, in customer listings, in interviews and in press releases.
6.08 Confidential Information
The parties acknowledge that in their performance of their duties hereunder either party may communicate to the other (or its designees) certain confidential and proprietary information, including without limitation information concerning the Payment Processing Services and the know how, technology, techniques, or business or marketing plans related thereto (collectively, the “Confidential Information”) all of which are confidential and proprietary to, and trade secrets of, the disclosing party. Confidential Information does not include information that: (i) is public knowledge at the time of disclosure by the disclosing party; (ii) becomes public knowledge or known to the receiving party after disclosure by the disclosing party other than by breach of the receiving party’s obligations under this section or by breach of a third party’s confidentiality obligations; (iii) was known by the receiving party prior to disclosure by the disclosing party other than by breach of a third party’s confidentiality obligations; or (iv) is independently developed by the receiving party. As a condition to the receipt of the Confidential Information from the disclosing party, the receiving party shall: (i) not disclose in any manner, directly or indirectly, to any third party any portion of the disclosing party’s Confidential Information; (ii) not use the disclosing party’s Confidential Information in any fashion except to perform its duties hereunder or with the disclosing party’s express prior written consent; (iii) disclose the disclosing party’s Confidential Information, in whole or in part, only to employees and agents who need to have access thereto for the receiving party’s internal business purposes; (iv) take all necessary steps to ensure that its employees and agents are informed of and comply with the confidentiality restrictions contained in this Agreement; and (v) take all necessary precautions to protect the confidentiality of the Confidential Information received hereunder and exercise at least the same degree of care in safeguarding the Confidential Information as it would with its own confidential information, and in no event shall apply less than a reasonable standard of care to prevent disclosure. The receiving party shall promptly notify the disclosing party of any unauthorised disclosure or use of the Confidential Information. The receiving party shall cooperate and assist the disclosing party in preventing or remedying any such unauthorised use or disclosure.
Merchant agrees to defend, indemnify, and hold harmless PayPal, Braintree, our affiliates and subsidiaries, the people who work for us or who are authorised to act on our behalf from any claim or demand (including legal fees) made or incurred by any third party due to or arising out of (i) your breach of this Agreement, your Bank Agreement or any other agreement you enter into with Braintree or its suppliers (ii) your use of the Braintree Payment Services (iii) your acts or omissions and/or (iv) your breach of any law, regulation, Association Rules or the rights of a third party.
7.02 LIMITATION OF LIABILITY
NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR TO ANY OTHER THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE BRAINTREE PAYMENT SERVICE, WHETHER FORESEEABLE OR UNFORESEEABLE, AND WHETHER BASED ON BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, MISREPRESENTATION, NEGLIGENCE, STRICT LIABILITY IN TORT, OR OTHER CAUSE OF ACTION (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF DATA, GOODWILL, PROFITS, INVESTMENTS, USE OF MONEY, OR USE OF FACILITIES; INTERRUPTION IN USE OR AVAILABILITY OF DATA; STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS; OR LABOR CLAIMS), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
UNDER NO CIRCUMSTANCES SHALL BRAINTREE'S TOTAL AGGREGATE LIABILITY TO MERCHANT OR ANY THIRD PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE AMOUNTS PAID BY MERCHANT TO BRAINTREE UNDER THIS AGREEMENT DURING THE FIRST TWELVE MONTH PERIOD AFTER THE EFFECTIVE DATE OF THIS AGREEMENT.
FOR THE AVOIDANCE OF ANY DOUBT, NOTHING IN THIS AGREEMENT SHALL LIMIT THE LIABILITY OF EITHER PARTY FOR GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR TORT NOR SHALL IT LIMIT MERCHANT’S LIABILITY ARISING UNDER AGREEMENTS WITH BRAINTREE’S BANKING PARTNERS OR THE ASSOCIATION RULES MENTIONED IN THOSE AGREEMENTS, OR TO ANY LIABILITY IMPOSED BY THE ASSOCIATIONS.
7.03 Disclaimer of Warranties
THE BRAINTREE PAYMENT SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY WHATSOEVER. BRAINTREE DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, TO MERCHANT AS TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY BRAINTREE OR ITS EMPLOYEES OR REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF BRAINTREE'S OBLIGATIONS.
During the term of this Agreement, Braintree shall use its commercially reasonable efforts to provide the Braintree Payment Service without interruption. However, the parties acknowledge that the Braintree Payment Service is a computer network based service which may be subject to outages and delay occurrences. As such, Braintree does not guarantee continuous or uninterrupted access to the Braintree Payment Services. Braintree shall not be liable for any delay in the failure in our provision of the Braintree Payment Services under this Agreement. Merchant acknowledges that Merchant’s access to the Braintree website may be occasionally restricted to allow for repairs, maintenance or the introduction of new facilities or services. Braintree will make reasonable efforts to ensure that Transactions are processed in a timely manner. Braintree will not be liable in any manner for any interruptions, outages, or other delay occurrences relating to the Braintree Payment Service.
8.01 Term and Termination
The term of this Agreement shall commence on the Effective Date and shall continue on until terminated as set forth herein. Notwithstanding any other provisions in this Agreement,
9.01 Independent Contractors
The relationship of Braintree and Merchant is that of independent contractors. Neither Merchant nor its employees, consultants, contractors or agents are agents, employees, partners or joint ventures of Braintree, nor do they have any authority to bind Braintree by contract or otherwise to any obligation. They will not represent to the contrary, either expressly, implicitly, by appearance or otherwise.
If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, void or unenforceable for any reason, the remaining provisions not so declared shall nevertheless continue in full force and effect, but shall be construed in a manner so as to effectuate the intent of this Agreement as a whole, notwithstanding such stricken provision or provisions.
No term or provision of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the party claimed to have waived or consented. Any consent by any party to, or waiver of, a breach by the other party, whether express or implied, shall not constitute a consent to, waiver of, or excuse for any different or subsequent breach.
This Agreement will bind and inure to the benefit of each party's permitted successors and assigns. Merchant may not assign this Agreement without the written consent of Braintree. Braintree may assign this Agreement in its sole discretion without the written consent of Merchant.
To be valid, any amendment or waiver of this Agreement must be in writing, but an email suffices as writing for a waiver by Braintree. Changes to this Agreement will be offered to you in text-form, e.g. by way of sending you an e-mail, with a minimum of 2 months prior notice before the suggested effective date of such change. You will be deemed to have consented to these changes unless you explicitly dissent before the effective date. In case you do not agree to the changes, you may terminate this Agreement without any extra cost at any time before the effective date of the change. In such an e-mail, we shall specifically inform you about your right to dissent, the effective date, and your option to terminate this Agreement. We also publish the amended version of this Agreement on the Braintree website(s) at www.braintreepayments.com. In cases where we add extra functionality to the existing services or any other change which we believe in our reasonable opinion to neither reduce your rights nor increase your responsibilities, we may make an announcement with only 1 month prior notice. You shall have 3 weeks to express your dissent in such a case.
9.06 Entire Agreement; Binding Effect
This Agreement, including all schedules, exhibits and attachments thereto, sets forth the entire agreement and understanding of the parties hereto in respect to the subject matter contained herein, and supersedes all prior agreements, promises, covenants, arrangements, communications, representations or warranties, whether oral or written, by any officer, partner, employee or representative of any party hereto. This Agreement shall be binding upon and shall inure only to the benefit of the parties hereto and their respective successors and assigns. Nothing in this Agreement, express or implied, is intended to confer or shall be deemed to confer upon any persons or entities not parties to this Agreement, any rights or remedies under or by reason of this Agreement. This Section 9.06 does not prevent the parties from entering into further agreements for additional payment services provided for by PayPal.
In the event that there are conflicting terms between this Agreement and Exhibit B - Data Protection (Customer Data), Attachment 1, Standard Contractual Clauses then the terms of the Standard Contractual Clauses shall prevail.
Merchant remains liable under this Agreement in respect to all charges and other amounts incurred through the use of the Braintree Payment Services at any time, irrespective of termination of this Agreement.
All representations, covenants and warranties shall survive the execution of this Agreement, and all terms that by their nature are continuing shall survive the termination or expiration of this Agreement.
9.08 Contact for enquiries, complaints, communication and availability of contractual documents
If you have a question or complaint relating to the Braintree Payment Services or your Transactions, please contact the Braintree customer support as defined in the “contact” tab of the Braintree website.
All information relating to the services described in this Agreement and all customer service support and other communication during the contractual relationship will be provided in the English language only.
The general terms and conditions for the Braintree Payment Services will be available at all times on www.braintreepayments.com in the “Legal” tab, and/or be made available during signup process as an electronic copy per e-mail. You may request at any time free of charge electronic copy of your contractual documents.
9.10 Governing Law and Jurisdiction.
The Parties choose Luxembourg law as the governing law of this Agreement. The competent courts of Luxembourg City shall have non-exclusive jurisdiction over all disputes arising out of or in connection with this Agreement.
Braintree provides Merchants with the ability to accept credit and debit card payments on a website or mobile application. The Braintree Payment Services include payout of funds to a bank account defined by you, fraud protection tools, recurring billing functionality, payment card storage, foreign currency acceptance, white glove customer support, and other software, APIs and other services and technology as described on the Braintree website. Braintree also provides Merchants with the software and connectivity required to allow real-time secure data transmission and processing of credit and debit card payments.
How to receive payments
You can create and submit one-time or recurring transactions in your Braintree Dashboard or by API access for your customers and store the customer and card payment details with Braintree.
At the time of your sign up as a Braintree customer, Braintree needs to collect information about you and your business, and confirm your identity in accordance with its anti-money laundering and other regulatory obligations before you have full access to the Braintree Payment Services and disbursement of funds is possible. Braintree will notify you immediately when this mandatory process is completed. Braintree may let you create transactions before this process is complete. Any transactions you create before such time are subject to satisfactory completion of such process and subject to reversal in case the process is not complete within 30 Business Days.
Any proceeds from settled card transactions initiated by you will be received by Braintree from the sponsoring acquiring bank and settled to your Bank Account or directed to your Bank Account at our request by the sponsoring acquiring bank.
Subject to the terms of this Agreement, Braintree will pay to your Bank Account all amounts due to you and recorded by the sponsoring acquiring bank as Transactions, minus any fees, Reversals, Chargebacks, refunds or other amounts that you owe to Braintree under this Agreement.
Merchant acknowledges and agrees that a Transaction may become subject to a Chargeback even after settlement, or be invalidated for any other reason. Any of Merchant’s Payout Amounts are subject to any such event and the Merchant is required to pay to Braintree:
You must designate at least one bank account for the deposit and settlement of funds associated with Braintree’s processing of the Transactions. Your Bank Account must be part of the SWIFT network and be able to receive the currency received from us.
With prior notice, you can change your Bank Account by way of contacting Braintree’s customer service. You authorize Braintree to initiate electronic credit and debit entries and adjustments to the Bank Account and you shall execute any documentation necessary to give effect to such authorization under the applicable legal framework of your Bank Account. Braintree will not be liable for any delays in receipt of funds or errors in the Bank Account entries caused by third parties, including but not limited to delays or errors by the payment brands or your bank.
If we are responsible for a processing error, we will rectify the error. If the error resulted in you receiving less money than you were entitled to, Braintree will credit your Bank Account for the difference. If the error results in you receiving more money than you were entitled to, Braintree may debit the extra funds from your Payout Amount or send you an invoice. Notwithstanding any other term of this Agreement, Braintree will not be held liable for the non-rectification of a payment transaction if you have failed to notify Braintree of such an incorrectly executed payment transaction without undue delay on becoming aware of such incorrectly executed payment transaction, or in any event no later than within 13 months after the debit date.
If Braintree is managing your settlement, you agree that we will make commercially reasonable efforts to settle to your Bank Account, at the latest, by the end of the next Business Day following the date we have received the funds from your acquiring bank
Our obligation to execute payment orders within the time period set out above in this section only applies to payments executed in the currency of Pounds Sterling, Euro or the currency of the EEA State that has not adopted Euro as its currency, and to Bank Accounts within the European Union.
Braintree is under no obligation to execute your payment order if you do not have sufficient funds or in any of the cases described in Section 5.01. Braintree reserves the right not to effect a payment made by you until it receives cleared funds.
You may issue refunds in relation to a Transaction (“Refund Transaction”) in the Braintree Dashboard or through your API access. Unless specifically approved otherwise by Braintree, Refund Transactions encompass the original amount and currency of the Transaction plus shipping cost.
You agree to:
You may check at any time in your Braintree Dashboard your processed Transactions, as well as your Refunds, Chargebacks and amounts settled to your Bank Account, and their respective status, and credit / debit date. Such statements will also display fees and their breakdown. If you have agreed to a monthly settlement of fees, your fees will be shown in your monthly settlement statement and a detailed spreadsheet will be made available in the “statements” section of the control panel. In case you need a permanent file, we also offer your transaction overview for download.
The way in which we provide the transaction information will allow you to store and reproduce the information unchanged from the Braintree Dashboard, for example by printing a copy. Braintree will ensure that the details of each transaction will be made available to you to view online for at least 13 months from when it is first made available. You agree to review your transactions though the Braintree Dashboard instead of receiving periodic statements by mail or email.
In addition to viewing the Transactions from the Braintree Payment Services, the Braintree Dashboard may also offer you the ability to see your PayPal payments. This functionality requires that you connect your existing PayPal business account through the Braintree Dashboard.Please note that the functionality is for your convenience only and is not part of the Braintree Payment Services. You should refer to your PayPal account and information on www.paypal.com for full view and functionalities relating to your PayPal payments.
Braintree does not encourage surcharging because it is a commercial practice that can penalize the consumer and create unnecessary confusion, friction and abandonment at checkout. You agree that you will only surcharge for the use of Braintree Services in compliance with any law applicable to you and not in excess of the surcharges that you apply for the use of other payment methods. You further agree you are fully responsible for liabilities that arise out of your chose to surcharge and Braintree has no liability to you or any third party. You acknowledge that you could be committing a criminal offence if you fail to disclose any form of surcharge to a consumer.
3.01 Regulatory notice
For merchants with seats in the European Union, Liechtenstein, Vatican City, Isle of Man, Guernsey, Jersey and San Marino or Norway, Braintree is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., (R.C.S. Luxembourg B 118 349) (“PayPal”). PayPal is duly licensed as a Luxembourg credit institution in the sense of Article 2 of the law of 5 April 1993 on the financial sector as amended (the “Law”) and is under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier (the “CSSF”).The CSSF has its registered office in L-1150 Luxembourg. Because the funds processed by Braintree for you do not legally qualify as a deposit or an investment service, you are not protected by the Luxembourg deposit guarantee schemes provided by the Association pour la Garantie des Dépôts Luxembourg
We will attempt to resolve any complaint relating to the provision of the Braintree services or to the Payment Services Agreement via our customer service center. In addition, you may make a complaint to the following:
“Agreement”: means this Braintree Payment Services Agreement, including all exhibits and other agreements and documents incorporated herein.
"Associations": has the definition ascribed to such term in Section 6.01.
"Association PCI-DSS Requirements": has the definition ascribed to such term in Section 6.01.
“Association Rule”: has the definition ascribed to such term in Section 6.01.
“Bank Account”: means the bank account that you specify, according to Exhibit A, 1.02, to receive your Payout Amounts.
“Braintree Dashboard” is the web view where you can access, view and create your Braintree Transactions (“Control Panel”).
“Braintree Payment Service”: means the Payment Processing Services and/or Gateway Services provided by Braintree to its users.
“Business Day” means a day where banks are generally open in Luxembourg. "Cardholder Information": has the definition ascribed to such term in Section 6.01.
"Chargeback" means a challenge to a payment that a buyer files directly with his or her credit card issuer or company.
“Gateway Services”: has the definition ascribed to such term in Section 1.02.
“Intellectual Property”: has the definition ascribed to such term in Section 6.03.
“Intellectual Property Rights”: has the definition ascribed to such term in Section 6.03.
“Invalidated Payment”: has the definition ascribed to such term in Section 4.
“Merchant” or “you”: means the entity and/or individual who enters into this Agreement.
“PayPal” or “Braintree”: means PayPal (Europe) S.à r. l. et Cie, S.C.A., a limited liability partnership registered as number R.C.S. Luxembourg B 118 349 having a registered office at 22-24 Boulevard Royal, L-2449, Luxembourg.
“Payment Processing Services”: has the definition ascribed to such term in Section 1.01. “Payout Amount”: means any amount due and recorded by the acquiring bank as a Transaction (less the sum of all Refund Transactions, Chargebacks, Reversals and any applicable charges or fees).
“Reversal”: means any payment that Braintree may in exceptional cases have to reverse to your customer because the payment: (a) violates the Acceptable Use Policy, or which we reasonably suspect of violating the Acceptable Use Policy; and/or (b) has been categorized by Braintree’s risk models as involving a as a risky payment required to be reversed to mitigate the risk associated with the payment. The term “Reversed” shall be construed accordingly.
“Refund Transaction” is any refund issued by you through the Braintree Dashboard or through your API access.
“Reserve” means an amount or percentage of your Payout Amounts that we hold in order to protect against the risk of Reversals, Chargebacks, or any other risk, exposure and/or liability related to your use of the Braintree Payment Services.
“Restricted Activities” any breaches of our Acceptable Use Policy and any activity specified in Section 4.01
“SEPA” means Single European Payments Area. “Trademarks”: has the definition ascribed to such term in Section 6.05.
“Transaction”: means any proceeds from settled card transactions initiated by you that are received by Braintree from your acquiring bank. A Transaction shall be deemed to be complete when we have control of the funds related to the applicable transaction.
“Transaction Data”: has the definition ascribed to such term in Section 6.02.
“UnionPay” means China UnionPay
“UPI” means China UnionPay International
Data Protection Terms and EU Standard Contractual Clauses are set out in the EU Personal Data Standard Contractual Clauses Addendum and are hereby incorporated by reference into this Agreement.
This EU Personal Data Standard Contractual Clauses Addendum (“Addendum”) is entered into between the entity identified as the “merchant” on the signature page to the Payment Services Agreement or whose details have been input as part of the online registration process (“Merchant ”) and PayPal (Europe) S.á.r.l. et Cie, S.C.A. (“Braintree”) (collectively the “Parties”). This Addendum shall form part of the Payment Services Agreement between Merchant and PayPal (the “Agreement”) in accordance with the Execution of this Addendum section below.
PayPal, Inc., a Delaware corporation with offices located at 2211 North First Street, San Jose, CA 95131 (“PayPal”) is a party to the EU Standard Contractual Clauses as set out below.
Capitalized terms used but not defined in this Addendum shall have the meaning set out in the Agreement.
EXECUTION OF THIS ADDENDUM
This Addendum amends and forms part of your Payments Services Agreement. The Addendum has been electronically pre-executed for and on behalf of Braintree and the EU Standard Contractual Clauses at Attachment 1 has been electronically pre-executed for and on behalf of PayPal through the application of Braintree’s e-signature to the Addendum and PayPal’s e-signature to the EU Standard Contractual Clauses. Both documents will only come into effect as set out below.
Automatic execution option
Provided that Merchant is a party to an executed and effective Payment Services Agreement with Braintree, this Addendum shall take effect, as between Braintree and that Merchant only, and the EU Standard Contractual Clauses shall take effect, as between PayPal and that Merchant only:
for Merchants who have entered into a Payments Services Agreement on or after 18 April 2016,
automatically on execution of the Payment Services Agreement (and the name, address and contact details that Merchant provided when entering into the Payment Services Agreement shall be deemed to be inserted into the data exporter section on page 23 of the Addendum and Merchant to have signed as Merchant on page 22 and as data exporter on pages 31 and 33 of the Addendum); and
for Merchants who entered into a Payments Services Agreement before 18 April 2016,
automatically on execution of the Payment Services Agreement (and the name, address and contact details that Merchant provided when entering into the Payment Services Agreement shall be deemed to be inserted into the data exporter section on page 30 of the Addendum and Merchant to have signed as Merchant on page 29 and as data exporter on pages 36 and 38 of the Addendum); and for Merchants who entered into a Payments Services Agreement before 18 April 2016 in accordance with Section 9.05 (Amendments) of the Payments Services Agreement (and the name, address and contact details that Merchant provided when entering into the Payment Services Agreement shall be deemed to be inserted into the data exporter section on page 30 of the Addendum and Merchant to have signed as Merchant on page 29 and as data exporter on pages 36 and 38 of the Addendum), or (if earlier) on the date that Merchant completes the physical execution actions set out below:
Physical execution option (Merchant may require this option for the purposes of obtaining prior approval of transfers from Merchant’s local data protection authority)
Notwithstanding the foregoing, provided Merchant is a party to an executed and effective Payment Services Agreement with Braintree, this Addendum shall take effect, as between Braintree and that Merchant only, and the EU Standard Contractual Clauses shall take effect, as between PayPal and that Merchant only upon completion of the following steps:
(i) Merchant to complete the information relating to the Data Exporter and execute the signature page at pages 29 and 30;
(ii) Merchant to complete and execute the signature pages at pages 36 and 38; and
(iii) Merchant to submit the completed and fully executed Addendum to Braintree and send it to our Data Protection Officer at PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg with a copy via email to firstname.lastname@example.org
1.1 The following terms have the following meanings when used in this Addendum:
Customer means an EU customer of Merchant and for the purposes of this Addendum, is a data subject.
Customer Data means the personal data that the Customer provides to Merchant and Merchant passes on to Braintree through the use by Merchant of the Braintree Payment Services.
Data Controller (or simply “controller” and "data processor" (or simply "processor") and "data subject" have the meanings given to those terms under the Data Protection Laws
Data Exporter means Merchant
Data Importer means PayPal
Data Protection Laws means:
EU Standard Contractual Clauses means the agreement executed by and between Merchant and PayPal and attached hereto as Attachment 1 pursuant to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Merchant Data means any personal data relating to business contact details of Merchant or its employees, officers or contractors provided to or obtained by Braintree in the provision of the Braintree Payment Services
PayPal Group means PayPal and all companies in which PayPal or its successor directly or indirectly from time to time owns or controls.
personal data has the meaning given to it in the Data Protection Laws.
processing has the meaning given to it in the Data Protection Laws and "process", "processes" and "processed" will be interpreted accordingly.
Security Incident means the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Braintree.
Services means the "Braintree Payment Services" as defined in the Agreement.
Sub-processor means any processor engaged by PayPal and/or its affiliates in the processing of personal data
1.2 Addendum. This Addendum comprises: (i) paragraphs 1 to 5, being the main body of the Addendum; and (ii) Attachment 1 (EU Standard Contractual Clauses).
1.3 Conflict. If and to the extent that there is any inconsistency between this Addendum and the EU Standard Contractual Clauses in Attachment 1, the EU Standard Contractual Clauses shall prevail.
2 PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE SERVICES
2.1 Braintree is the controller in respect of Merchant Data and may use it for the following purposes:
2.1.1 as reasonably necessary to provide the Services to Merchant and its Customer;
2.1.2 to conduct anti-money laundering, know your customer and fraud checks on the Merchant;
2.1.3 to market to the employees and contractors of Merchant; and
2.1.4 any other purpose that it notifies (or Merchant agrees to notify on its behalf) to the employees and contractors of Merchant in accordance with Data Protection Laws.
2.2 Braintree shall comply with the requirements of the Data Protection Laws applicable to controllers in respect of the use of Merchant Data under this Agreement (including without limitation, by implementing and maintaining at all times all appropriate security measures in relation to the processing of Merchant Data and by maintaining a record of all processing activities carried out in respect of Merchant Data) and shall not knowingly do anything or permit anything to be done with respect to the Merchant Data which might lead to a breach by the Merchant of the Data Protection Laws.
2.3 With regard to any Customer Data to be processed by Braintree in connection with this Agreement, Merchant will be a controller and Braintree will be a processor in respect of such processing. Merchant will be solely responsible for determining the purposes for which and the manner in which Customer Data are, or are to be, processed.
2.4. Braintree shall only process Customer Data on behalf of and in accordance with Merchant’s written instructions. The Parties agree that this Addendum is Merchant's complete and final written instruction to Braintree in relation to Customer Data. Additional instructions outside the scope of this Addendum (if any) require prior written agreement between Braintree and Merchant, including agreement of any additional fees payable by Merchant to Braintree for carrying out such additional instructions. Merchant shall ensure that its instructions comply with all applicable laws, including Data Protection Laws, and that the processing of Customer Data in accordance with Merchant's instructions will not cause Braintree to be in breach of Data Protection Laws. Merchant hereby instructs Braintree to process Customer Data for the following purposes:
2.4.1 as reasonably necessary to provide the Services to Merchant and its Customer;
2.4.2 after anonymising the Customer Data, to use that anonymised Customer Data directly or indirectly, which is no longer identifiable personal data,for any purpose whatsoever.
2.5 In relation to Customer Data processed by Braintree under this Agreement, Braintree shall co-operate with Merchant to the extent reasonably necessary to enable Merchant to adequately discharge its responsibility as a controller under Data Protection Laws, including without limitation that Braintree shall cooperate and provide Merchant with such reasonable assistance as Merchant requires in relation to:
2.5.1. assisting Merchant in the preparation of data protection impact assessments to the extent required of Merchant under Data Protection Laws; and
2.5.2 responding to binding requests for the disclosure of information as required by local laws, provided always that where the request is from a non-EEA law enforcement agency Braintree will (a) inform Merchant of the request, the data concerned, response time, the identity of the requesting body and the legal basis for the request; (b) wait for Merchant’s instructions provided the instruction and the opinion are received within a reasonable period of time, which shall be assessed in light of the time period afforded by the law enforcement agency to Braintree; (c) where Braintree is prohibited from informing Merchant about the law enforcement agency’s request, take reasonable steps to have this prohibition waived and to make available relevant information about the request as soon as possible to Merchant (these efforts will be documented); and (d) where the prohibition cannot be waived, compile a list, in compliance with its national law and on an annual basis, of the number of such requests received, the type of Customer Data requested and the identity of the law enforcement agency concerned and make it available to the Customer’s data protection authority annually on request (in which circumstances Braintree will be acting as a controller).
2.6 Scope and Details of Customer Data processed by Braintree. The objective of processing Customer Data by Braintree is the performance of the Services pursuant to the Agreement. Braintree shall process Customer Data in accordance with the specific duration, purpose, type and categories of data subjects as set out in Attachment 3 (Data Processing of Customer Data).
2.7 Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.
2.8 The Parties will at all times comply with Data Protection Laws.
This paragraph 3 applies only to the extent that Braintree acts as a processor or Sub-processor to Merchant. It does not apply where Braintree acts as a controller.3.1 Correction, Blocking and Deletion. To the extent Merchant, in its use of the Services, does not have the ability to correct, amend, block or delete Customer Data, as required by Data Protection Laws, Braintree shall comply with any commercially reasonable request by Merchant to facilitate such actions to the extent Braintree is legally permitted to do so. To the extent legally permitted, Merchant shall be responsible for any costs arising from Braintree’s provision of such assistance.
3.2 Data Subject Requests. Braintree shall, to the extent legally permitted, promptly notify Merchant if it receives a request from a Customer for access to, correction, amendment or deletion of that Customer’s personal data. Braintree shall not respond to any such Customer Data Subject request without Merchant’s prior written consent except to confirm that the request relates to Merchant to which Merchant hereby agrees. Braintree shall provide Merchant with commercially reasonable cooperation and assistance in relation to handling of a Customer’s request for access to that person’s personal data, to the extent legally permitted and to the extent Merchant does not have access to such Customer Data through its use of the Services. If legally permitted, Merchant shall be responsible for any costs arising from Braintree’s provision of such assistance.
3.3 Confidentiality. Braintree shall ensure that its personnel engaged in the processing of Customer Data are informed of the confidential nature of the Customer Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Braintree shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
3.4 Training. Braintree undertakes to provide training as necessary from time to time to the Braintree personnel with respect to Braintree's obligations in this Addendum to ensure that the Braintree personnel are aware of and comply with such obligations.
3.5 Limitation of Access. Braintree shall ensure that access by Braintree’s personnel to Customer Data is limited to those personnel performing Services in accordance with the Agreement.
3.6 Data Protection Officer. Members of the PayPal Group have appointed a data protection officer where such appointment is required by Data Protection Laws. The appointed person may be reached at PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
3.7 Sub-processors. Merchant specifically authorizes the engagement of members of the PayPal Group as Sub-processors in connection with the provision of the Services. In addition, Merchant generally authorises the engagement of any other third parties as Sub-processors in connection with the provision of the Services. When engaging any Sub-processor, Braintree will execute a written contract with the Sub-processor which contains terms for the protection of Customer Data which are no less protective than the terms set out in this Addendum.
3.7.1 List of Current Sub-processors and Notification of New Sub-processors. Braintree shall make available to Merchant a current list of Sub-processors for the respective Services with the identities of those Sub-processors (“Sub-processor List”). The Sub-processor List is included in Attachment 2 to this Addendum. Where a Sub-processor is proposed to be changed Braintree shall provide prior notice by email to Merchant before implementing such change
3.7.2 Objection Right for new Sub-processors. If Merchant has a reasonable basis to object to Braintree’s use of a new Sub-processor, Merchant shall notify Braintree promptly in writing within two (2) months after receipt of Braintree’s notice. In the event Merchant objects to a new Sub-processor(s) and that objection is not unreasonable Braintree will use reasonable efforts to make available to Merchant a change in the affected Services or recommend a commercially reasonable change to Merchant’s configuration or use of the affected Services to avoid processing of personal data by the objected-to new Sub-processor without unreasonably burdening Merchant. If Braintree is unable to make available such change within a reasonable period of time, which shall not exceed sixty (60) days, Merchant may terminate the Agreement in respect only of those Services which cannot be provided by Braintree without the use of the objected-to new Sub-processor, by providing no less than sixty (60) days’ written notice to Braintree. Merchant shall receive a refund of any prepaid fees for the period following the effective date of termination in respect of such terminated Services.
3.9 Security. Braintree shall, as a minimum, implement and maintain appropriate technical and organizational measures as described in Attachment 1, Appendix 2 of the Addendum to keep Customer Data secure and protect it against unauthorised or unlawful processing and accidental loss, destruction or damage in relations to the provision of the Services. Since Braintree provides the Services to all Merchants uniformly via a hosted, web-based application, all appropriate and then-current technical and organisational measures apply to Braintree’s entire customer base hosted out of the same data centre and subscribed to the same service. Merchant understands and agrees that the technical and organizational measures are subject to technical progress and development. In that regard, Braintree is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained in relation to the provision of the Services. In the event of any detrimental change Braintree shall provide a notification together with any necessary documentation to Merchant by email or publication on a website easily accessible by Merchant.
3.10 Data Transfers. Merchant agrees that Braintree may, subject to paragraph 4 (EU Standard Contractual Clauses Related Terms), store and process Customer Data in the United States of America and any other country in which Braintree or any of its Sub-processors maintains facilities.
3.11 Security Incident Notification. If Braintree becomes aware of a Security Incident in connection with the processing of Customer Data, Braintree will: (a) notify Merchant of the Security Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimise harm and secure Customer Data.
3.12 Details of Security Incident. Notifications made under paragraph 3.11 (Security Incident Notification) will describe, to the extent possible, reasonable details of the Security Incident, including steps taken to mitigate the potential risks.
3.13 Communication. Braintree will deliver its notification of any Security Incident to one or more of Merchant's administrators by any means Braintree selects, including via email. Merchant is solely responsible for maintaining accurate contact information and ensuring that any contact information is current and valid.
3.14 Deletion. Upon termination or expiry of the Agreement, Braintree will delete or return to Merchant all Customer Data processed on behalf of the Merchant, and Braintree shall delete existing copies of such Customer Data except where necessary to retain such Customer Data strictly for the purposes of compliance with applicable law.
3.14 Data Portability. Upon any termination or expiry of this Agreement, Braintree agrees, upon written request from Merchant, to provide Merchant’s new acquirer or payment service provider (“Data Recipient”), as applicable, with any available credit card information (including personal data) relating to Merchant's Customers, subject to the following conditions: (i) Merchant must provide Braintree with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (level 1 PCI compliant) by giving Braintree a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by Braintree; (ii) the transfer of such information is compliant with the latest version of the Association PCI-DSS Requirements; and (iii) the transfer of such information is allowed under the applicable card association rules, and any applicable laws, rules or regulations (including Data Protection Laws).
4.1 Application. The EU Standard Contractual Clauses are set out in Attachment 1 (the “EU Standard Contractual Clauses”). The EU Standard Contractual Clauses apply only to Customer Data that is transferred by Merchants established in the European Economic Area (“EEA”) or Switzerland to any country outside the EEA that is not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR) in which Braintree may store and process Customer Data.
4.2 Instructions. This Addendum and the Agreement are Data Exporter’s complete and final instructions to Data Importer for the processing of Customer Data. Any additional or alternate instructions must be agreed upon separately. For the purposes of Clause 5(a) of the EU Standard Contractual Clauses, the Data Exporter gives the following instructions: (a) to process Customer Data in accordance with the Agreement; and (b) to process Customer Data initiated by Merchants in their use of the Services during the Term. These instructions also describe the duration, object, scope and purpose of the processing.
4.3 Sub-processors. Pursuant to Clause 5(h) of the EU Standard Contractual Clauses, the Data Exporter acknowledges and expressly agrees that the provisions of paragraph 3.7 of this Addendum shall also apply to the Data Importer as if it were Braintree.
4.3.1 The Parties agree that the copies of the sub-processor agreements that must be sent by the Data Importer to the Data Exporter pursuant to Clause 5(j) of the EU Standard Contractual Clauses may have all commercial information, or clauses unrelated to the EU Standard Contractual Clauses or their equivalent, removed by the Data Importer beforehand; and, that such copies will be provided by Data Importer only upon reasonable request by Data Exporter.
4.4 Audits and Certifications. The Parties agree that the audits described in Clause 5(f), Clause 11 and Clause 12(2) of the EU Standard Contractual Clauses shall be fulfilled in the following manner: the provisions of paragraph 3.8 of this Addendum shall also apply to the Data Importer as if it were Braintree.
4.5 Certification of Deletion. The Parties agree that the certification of deletion of personal data that is described in Clause 12(1) shall be provided by the Data Importer to the Data Exporter only upon Data Exporter’s request.
4.6 Liability. The Parties agree that all liabilities between them (and in respect of PayPal, such liabilities shall be aggregated with those of Braintree so that collectively their cumulative joint liability is capped at the level set out in the Agreement) under this Addendum and the EU Standard Contractual Clauses will be subject to the terms of the Agreement (including as to limitation of liability), except that such limitations of liability will not apply to any liability that PayPal may have to data subjects under the third party rights provisions of the EU Standard Contractual Clauses.
4.7 Exclusion of third party rights. Subject to paragraph 4.6, PayPal shall be granted third party rights in relation to obligations expressed to be for the benefit of the Data Importer or PayPal in this Addendum and Data Subjects are granted third party rights under the EU Standard Clauses. All other third party rights are excluded.
5 LEGAL EFFECT
This Addendum shall take effect between, and become legally binding on the Parties and the EU Standard Contractual Clauses shall take effect between, and become legally binding between PayPal and Merchant, on the date determined by “Execution of this Addendum” section above.
For and on behalf of (insert Merchant legal name)…………………………………
Name of signatory…………………………………….
Title of signatory……………………………………
For and on behalf of PayPal (Europe) S.á.r.l. et Cie, S.C.A.
Name of signatory……………………………………..
Title of signatory…………………………………….
Controller to Processor export of personal data (from EEA countries)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organisation: ………………………………………..
Other information needed to identify the organisation: …………………………… (the data exporter)
Name of the data importing organisation: Paypal, Inc
Address: 2211 North First Street, San Jose, CA 95131
Other information needed to identify the organisation: …………………………… (the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
Obligations of the data exporter
The data exporter agrees and warrants:
Obligations of the data importer
The data importer agrees and warrants:
Mediation and jurisdiction
Cooperation with supervisory authorities
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Obligation after the termination of personal data processing services
On behalf of the data exporter:
Name (written out in full): …………………………………………….
Other information necessary in order for the contract to be binding (if any):
Signature…………………………………………….(stamp of organisation)
On behalf of the data importer (Paypal, Inc):
Name (written out in full): …………………………………………….
Address: 2211 North First Street, San Jose, CA 95131
Signature…………………………………………….(stamp of organisation)
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
The data exporter is: Merchant
An entity that uses the Data importer’s services in respect of its Customers
The data importer is: Paypal, Inc
A payment services provider which in relation to the Braintree services provides a payment gateway so that Merchant can provide Customer credit card and other details to banks and other payment service providers to process payments from Customers
The personal data transferred concern the following categories of data subjects:
The data exporter’s Customers
Categories of data
The personal data transferred concern the following categories of data:
Customer name, amount to be charged, card number, CSV, post code, country code, address, email address, fax, phone, website, expiry date, shipping details, tax status
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
Not applicable, unless Merchant configures the service to capture such data.
The personal data transferred will be subject to the following basic processing activities:
The receipt and storage of Personal Data in the performance of the Services during the Term of the Agreement.
Authorised Signature …………………………………………….
Authorised Signature …………………………………………….
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The following technical and organizational measures will be implemented:
Subject-matter of the processing
The payment processing services offered by Braintree which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.
Nature and purpose of the processing
Braintree processes Customer Data that is sent by the Merchant to Braintree for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.
Type of personal data
Merchant shall inform Braintree of the type of Customer Data Braintree is required to process under this Agreement. Should there be any changes to the type of Customer Data Braintree is required to process then Merchant shall notify Braintree immediately.
Braintree processes the following Customer Data, as may be provided by the Merchant to Braintree from time to time:
Full name …………………………………………….
Date of birth …………………………………………….
Home address …………………………………………….
Shipping address …………………………………………….
Work address …………………………………………….
Billing address …………………………………………….
Email address …………………………………………….
Telephone number …………………………………………….
Fax number …………………………………………….
Government ID …………………………………………….
Bank account number and bank routing number …………………………………………….
Financial account number …………………………………………….
Card or payment instrument type …………………………………………….
Card Primary Account Number (PAN) or Device-specific Primary Account Number (DPAN)
Card Verification Value (CVV) …………………………………………….
Card expiration date …………………………………………….
IP address …………………………………………….
Device ID …………………………………………….
Browser data …………………………………………….
Business TAX ID …………………………………………….
Special categories of data (if relevant)
The transfer of special categories of data is not anticipated.
Duration of Processing
The term of the Agreement.
This Exhibit C supplements the Braintree Payment Services Agreement EU in relation to Your use of the iDEAL Payment Product provided by Braintree for Your app / website (as listed under your application).
The iDEAL Payment Product enables You to accept SEPA credit transfer from third parties, as specified in more detail herein.
We provide only payment services, i.e. We will only disburse any payments to You if and to the extent We have received the respective payments from the Payor. We do not guarantee the identity of any Payor or ensure that a buyer will complete a transaction. Please note that there is a risk of dealing with underage persons or people acting under false pretenses. Any losses following such events are solely Your risk and You are liable to Braintree for any fees, expenses or losses incurred by Braintree due to any failed direct iDEAL payments or Reversals.
1. Interpretation and definitions
The provision of the iDEAL Payment Product shall be governed by this Exhibit C as well as the Braintree Payment Services Agreement EU and the Braintree Acceptable Use Policy as supplemented or modified by this Exhibit C.
iDEAL payments have a different functionality than credit or debit card payments. Therefore, unless otherwise specified therein, the terms of the Braintree Payment Services Agreement EU and the Braintree Acceptable Use Policy shall apply mutatis mutandis to the iDEAL Payment Product.
In case of inconsistencies between the Braintree Payment Services Agreement EU and the Braintree Acceptable Use Policy, and for purposes of the iDEAL Payment Product only, this Exhibit C shall prevail.
In addition to the definitions from the Braintree Payment Services Agreement EU that are applicable mutatis mutandis, the following modifications and new terms shall apply to the iDEAL Payment Product:
“Certificate Agreement” means the certificate agreement between Braintree and the iDEAL scheme owner Currence iDEAL B.V. which allows Braintree to provide the iDEAL Payment Product to You.
“Currence Third Parties” means third parties which participate in iDEAL Payment Solution and list of which can be found at https://www.currence.nl/en/products/ideal/licences-ideal/ as updated from time to time.
“Fees” means the fees as set out under Section 4 of this Exhibit C.
“High Risk Profile Sales” means the sale of anonymous financial products that are not traceable or difficult to trace, such as telephone credits (pay-as-you-go), gambling credits or prepaid credit cards.
“iDEAL Payment Product” or “Product” means the iDEAL payment services that are provided by Braintree under this Exhibit C.
“iDEAL Payment Solution” shall have the meaning as defined in Section 2 of this Exhibit C.
“Initial Information” shall have the meaning as defined in Section 3(c) of this Exhibit C
“Invalidated Payment”, when used in the context of the iDEAL Payment Product, shall also include Reversals as defined in this Exhibit C.
“Issuer Bank” means a bank that has entered into a certification agreement with Currence iDEAL B.V. which authorizes the bank to allow their customers to make iDEAL payments from a bank account held with the bank.
“Payor” means Your customer / the buyer of the goods and/or services for which payment is made using the Product, and/or as the context requires, the holder of the bank account whose account is charged using the Product.
“Payout Amount”, when used in the context of the iDEAL Payment Product, means the amounts of all Transactions recorded by the iDEAL Payment Solution that have already been received by Braintree from the Payors but have not yet been disbursed to Merchant by Braintree, less the sum of all amounts due to Braintree.
“Reversal”, when used in the context of the iDEAL Payment Product, means a payment that Braintree may and/or is obliged to refund to the Payor because the payment (a) violates the Acceptable Use Policy; (b) is reasonably suspected by Braintree of violating the Acceptable Use Policy; or (c) has been categorized by Braintree as involving a transaction risk and is required to be reversed to mitigate the risk associated with the payment or (d) where the Merchant has failed to confirm payment within the requirement timeframe as notified to the Merchant.
“Reversal Fee” means the Reversal Fee set out in Section 4 (referred to as Invalidated Payment) which Merchant shall pay to Braintree for every case of Reversal.
“Transaction”, when used in the context of the iDEAL Payment Product, means the iDEAL payment process initiated by Payor upon the conclusion of an agreement with Merchant on the purchase of goods and/or services by which Braintree (i) forwards Payor to the online banking interface offered by an Issuer Bank selected by Payor, (ii) allows Payor to login to his bank account with the Issuer Bank and make from his bank account a SEPA credit transfer for the respective Transaction Amount, (iii) provides Merchant with a payment confirmation or, as the case may be, a notification that payment was not successful, (iv) accepts the Transaction Amount and (v) disburses the Payout Amount to Merchant. Transactions will be deemed complete when Braintree receives the Transaction Amount and accepted such funds.
“Transaction Amount” means the amount owed by a Payor to Merchant under an agreement for the purchase of goods or services.
“Transaction Expiry Period” means the amount of time given to the Payor to complete a Transaction.
“Transaction Information” means any information collected by Braintree in relation to Transaction for the purposes of enabling the iDEAL Payment Product as agreed in the Braintree Payment Services Agreement EU.
a. The iDEAL Payment Product includes the following features:
**Payment processing. Upon initiation of a Transaction by Payor, Braintree shall (i) forward Payor to the online banking offered by the Issuer Bank selected by Payor, (ii) allow Payor to login to his bank account with the Issuer Bank and make from his bank account a SEPA credit transfer for the respective Transaction Amount, (iii) provide Merchant with a payment confirmation or, as the case may be, a notification that payment was not successful (as applicable), (iv) accept the Transaction Amount and (v) disburse the Payout Amount to Merchant.
iDEAL Payment Solution. Braintree shall provide the Merchant with an application programming interface (API) solution that allows the Merchant to enable its Payors to initiate Transactions (the “iDEAL Payment Solution”). In addition, Braintree shall provide Merchant with access to all payments processed via the Braintree Dashboard.
The iDEAL Payment Product is only available if the Payor’s bank account with an Issuer Bank from which the Transaction Amount shall be charged was established in one of the countries listed in Schedule 1.
By allowing Payor to initiate a Transaction, Merchant authorizes Braintree to receive the Transaction Amount in Braintree’s own name.
The Transaction Expiry Period shall be set to 30 minutes unless the Merchant requests a period which is less than 30 minutes in which case the Transaction Expiry Period shall be as requested by the Merchant. Best practice on Transaction Expiry Period is detailed under the Braintree Merchant Developer Documentation.
c. Settlement; Reversals
Braintree shall, on a weekly basis or as otherwise agreed between Braintree and the Merchant, pay to the Merchant’s bank account the aggregate of all Payout Amounts (net of Reversals, Refunds, and any other amounts due to Braintree). The time of settlement for the Payout Amount is based on the date Braintree has received the cleared funds in Braintree’s bank account from the Payor’s Issuer Bank.
Merchant acknowledges that, even after the respective settlement, any Payout Amounts may become subject to a Reversal or may be invalidated for any other reason. The terms of the Braintree Payment Services Agreement EU regarding Reversals shall apply mutatis mutandis.
For each case of Reversal or Refund, Merchant shall pay the Reversal or Refund Fee set out in Section 4. In addition, Merchant shall reimburse Braintree for any cost incurred by Braintree with regard to the Reversal.
d. Invoicing and Fees.
You agree to pay to Braintree the Fees (Section 4) as consideration for the use of the iDEAL Payment Product. Braintree will invoice any Fees to Merchant. Such invoices become due seven days after receipt by Merchant. Merchant agrees to pay the invoices as they become due without set-offs or deduction.
e. Development of the iDEAL Payment Product.
Braintree may, at any time, modify, update, improve or otherwise change the current iDEAL Payment Product including the iDEAL Payment Solution at its own discretion. If such change requires an amendment of this Exhibit C, such amendment shall be agreed upon between Braintree and Merchant pursuant to the respective provisions in the Braintree Payment Services Agreement EU. In order to constantly improve the iDEAL Payment Product, Braintree welcomes feedback from Merchants. However, Braintree is not bound to act in accordance with any such feedback. In providing Braintree with feedback on the iDEAL Payment Product, Merchant agrees to waive any intellectual property rights in such feedback as well as any claims for remuneration (if any).
a. Merchant Website/App.
Merchant shall - integrate in the payment pages of its website or app a drop-down menu which displays, in an equally conspicuous way, all Issuer Banks that allow their customers to make iDEAL payments. Braintree will provide Merchant with an updated list of all relevant Issuer Banks that must be included in the drop-down menu; that list can be found at www.developers.braintreepayments.com; - display an order confirmation on its website or in its app to which the Payor is redirected after having successfully made an iDEAL payment;
Merchant shall - implement the iDEAL Payment Product in accordance with the technical specifications set forth in the Braintree Merchant Developer Documentation which can be accessed at https://developers.braintreepayments.com/ and which may be updated from time to time by Braintree providing Merchant with an updated version of the Braintree Merchant Developer Documentation; - only allow Payor to initiate Transactions - for which the respective Transaction Amount is due, payable and undisputedverify the status of a Transaction with Braintree before supplying the goods or services purchased; if Merchant fails to do so, it may not receive any payment should the Transaction not have the status “successful”; - deliver the goods or services for which a Transaction has been successfully made within seven (7) days after having received a payment confirmation for that Transaction or make its customer aware of an alternative delivery date at the time of placing the order - in case of a Reversal, promptly comply with all requests from Braintree; - notify Braintree in writing and obtain Braintree’s prior written approval, if it wishes to sell goods or services other than the goods and services mentioned to Braintree during the application process for becoming a Braintree customer and/or the application process for using the iDEAL Payment Product. Merchant guarantees that the sale of the goods or services and the usage of the iDEAL Payment Product for obtaining the relevant Transaction Amount does not violate any applicable statutes, laws, rules or other regulations.
Merchant may not interfere with the authentication process initiated and operated by the Issuer Bank to authenticate the Payor.
c. Initial Information
Prior to using the iDEAL Payment Product Merchant shall provide Braintree with the following information: * Legal name and trading name(s) of the Merchant * Full address including postcode of the Merchant’s place of domicile/registered office * Full postal address including postcode of the Merchant (if different) * General e-mail address of the Merchant (and/or the signer’s email) * Company registration number with the Chamber of Commerce or equivalent official body in another country if the Merchant is not based in the Netherlands * Domain names of the Merchant * Forenames and surnames of the legal representatives of the Merchant * Full addresses including postcode of the legal representatives * Telephone numbers and e-mail addresses of the legal representatives * Identity details of the legal representative(s): nationality, identification document number (driving license or passport) and date and place of issue of identification document. * Name of bank * Business account number * Business account name
d. Data sharing
Merchant herby consents and agrees that Braintree may share Initial Information as well as Transaction Information, including information in this Exhibit C, with Currence iDEAL B.V. or any other Currence Third Party.
e. Email Link Service.
If Merchant wishes to use an email link service for the sale of goods or services in connection with the iDEAL Payment Product, it must request Braintree’s prior written approval to do so and comply with the following requirements: * The email which is sent, containing the link, must be a solicited email which is agreed in advance between Merchant and Payor and must be sent within the agreed period of time, or must be sent with a certain frequency, or must be expected, as part of the reminder process, because an invoice has not been paid on time. * The email which is sent must be clearly recognizable for the Payor as emanating from the Merchant. * The email which is sent must direct the Payor, using a reference or a link, to what is known as the landing page of Merchant, or of a third party acting on behalf of Merchant for this purpose and made known as such to Payor. * The landing page must provide Payor with a summary of the goods or services ordered and, in the next page after the landing page, the Payor must be able to select a payment method. * The option of making the payment (by following the link in the email sent by Merchant for the order) on Merchant’s landing page must expire at the end of the expiry period of the order stated by Merchant, or as soon as a successful transaction is completed by the Payor. * The link (URL) in an email for initiating an iDEAL payment must not contain any personal or transaction related details * The email containing a link for initiating an iDEAL payment must result in a landing page being displayed which is secured with SSL or comparable certification, enabling the Payor to verify the identity of the Merchant or service provider. * Depending on the status of the Transaction, the landing page must indicate either that the offer of payment via the email link is still valid, or that this option has expired, or that the Transaction has been successful.
f. Fraud Protection.
Merchant acknowledges and agrees that it is fully responsible for the security of data on its website, app, or otherwise within its possession or control. For the avoidance of doubt, the "Association PCI- DSS Requirements" (as defined in the Payment Services Agreement EU) shall only apply to card payments, not to iDEAL payments.
If and to the extent that Merchant offers High Risk Profile Sales via its website or app, Merchant shall prior to a Transaction determine the identity of each Payor and ensure that Payor is identical with the purchaser of the goods or services for which payment is made. In addition, Merchant shall carefully monitor the Transaction and notify Braintree immediately if there is any indication of money-laundering, terrorist financing, fraudulent, criminal or other illegal behaviour.
g. Compliance and Audit.
Merchant shall - comply with all Merchant obligations set forth in the Braintree Merchant Developer Documentation; - comply with all relevant laws and regulations for its activities; - be fully responsible for complying with all of its obligations relating to the iDEAL Payment Product, irrespective of any third party involvement; - use all reasonable methods to resolve disputes with the Payor and provide an effective complaints procedure, in which Merchant can be easily contacted by e-mail and one other means of direct contact (such as a telephone number, chat box or other medium), and make the information about the complaints procedure easily available to Payors and easy for Payors to find;
Braintree may request Merchant to provide appropriate evidence that Merchant complies with the obligations in this Section 3 and reserves the right to at all times monitor and audit Merchant’s websites and systems in that respect.
If Braintree discovers an indication that Merchant is in violation of its obligations under the Braintree Payment Services Agreement EU, including this Exhibit C, or unlawfully or by a misleading representation of affairs extracting money from a Payor or a contracting party to a certificate or license agreement with Currence iDEAL B.V., Braintree may immediately terminate this Exhibit C or suspend its services and cease offering the iDEAL Payment Product to Merchant. In case of a suspension, Braintree will explain the reasons for the suspension of its service and set out measures to be taken by Merchant to remedy the breach. Braintree’s suspension of the Merchant’s access or use of the Product will remain in effect until such time as Braintree is satisfied that the Merchant has remedied the relevant breach(es).
If Braintree discovers a security breach or any other circumstance threatening to compromise the security of the iDEAL Payment Product and such circumstance falls within Your responsibilities under the agreements with Braintree, Braintree may require You to have an independent third party auditor, approved by Braintree, conduct a security audit of Your systems and facilities and issue a report at Your expense. Upon completion of the audit, You must provide a copy of the auditor’s report to Braintree and Braintree may provide copies of it to Currence iDEAL B.V. You hereby authorize Braintree to conduct or obtain such an audit at Your expense in case You do not initiate a security audit within 10 business days of Braintree’s request.
The Merchant shall pay the following fees for the use of the iDEAL Payment Product as provided for by Braintree: EUR 0.35 per Transaction EUR 0.35 per Reversal and Refund Transaction
This Exhibit C becomes effective on the Effective Date and shall continue until terminated in accordance with Section 8 of the Braintree Payment Services Agreement EU. In addition to the termination rights mentioned in Section 8 of the Braintree Payment Services Agreement and Section 3 of this Exhibit C, Braintree may also terminate this Exhibit C at any time (i) if the Certificate Agreement is terminated, (ii) if Braintree believes the Merchant has or may violate the relevant laws and regulations for its activities, or (iii) for any other important reason which makes it impossible, infeasible or considerably aggravate for Braintree to continue providing Merchant with the iDEAL Payment Product. For the avoidance of doubt, both You and Braintree may terminate (subject to Section 8 of the Braintree Payment Services Agreement EU) this Exhibit C independently and separately from the Braintree Payment Services Agreement EU or any other Exhibit thereunder. A termination of this Exhibit C does not affect the validity of any other agreements between Braintree and Merchant, in particular the Braintree Payment Services Agreement EU with regard to the processing of credit and debit card payments.