Skip to main content
You are viewing content for . View content for other locations.
×

Payment Services Agreement - EU

Payment Services Agreement – EU

Jump to section


Updated Payment Services Agreement

Please note: This version of this Agreement marked “Updated Payment Services Agreement” will take effect and supersede the Current Payment Services Agreement” on 18 May 2016 (or immediately for all new Merchants) in relation to changes in Section 2 of Exhibit A “Data Protection (Customer Data)” and on 29 May 2016 in relation to changes in section 2 “Fees and Taxes”. This Braintree Payment Services Agreement, and the agreements incorporated herein (this "Agreement") is entered into by and between Braintree ("Braintree," “we” or “our”), a division of PayPal (defined below) and the entity and/or individual who enters into this Agreement (“Merchant" or “you”), and is made effective as of the date that you click through this Agreement, physically sign it, or receive an electronic copy of it and continue to use the Braintree Payment Services. This Agreement sets out the terms and conditions under which Merchant may utilize the Braintree Payment Service (defined below).

This Agreement becomes a legally binding contract entered into by you:

  • By clicking on the "create account" button in the signup page on the Braintree website at www.braintreepayments.com,
  • by signing below (if in hard copy), or
  • by using the Braintree Payment Services.

This Agreement is provided to you in English. We recommend that you download or print a copy of this Agreement for your records, which you can do by clicking on the link on this page.

This Agreement, as it may be amended or supplemented from time to time, (all future changes to this Agreement are hereby incorporated by reference into this Agreement) together with all other terms and required disclosures relating to your use of the Braintree Payment Services, will be available to you on the Braintree website(s) (located on the “Legal” link on our website).

When you apply to become a Braintree customer, we collect information about you and your business, and confirm your identity to satisfy our anti-money laundering requirements and other regulatory obligations (referred to as “know your customer” requirements). By completing your application to become a Braintree customer, you authorise us to obtain financial and credit information (including from third parties) relating to you, your directors, officers and principals. We use this information (and other information available to us) to evaluate you, your directors, officers and principals against our evaluation criteria. Braintree reserves the right to terminate this Agreement with immediate notice to you at any time before the “know your customer” process is completed, or not completed satisfactorily. Braintree reserves the right to refuse or rescind any payment to your customers if such process does not complete satisfactorily and/or to disburse funds to you after this mandatory process is completed.

Agreement

Section 1 — Braintree Payment Services

1.01 “Braintree Payment Services” means the Payment Processing Services and/or Gateway Services provided by Braintree to its users.

  1. "Payment Processing Services": The payment processing services offered by Braintree include services that provide Merchants with the ability to accept credit and debit card payments on a website or mobile application. These services include the Gateway Services (as defined below), bank-sponsored merchant account, fraud protection tools, recurring billing functionality, payment card storage, foreign currency acceptance, white glove customer support, and other software, APIs and services and technology as described on the Braintree website.
  2. "Gateway Services": The gateway services offered by Braintree include services that provide Merchants with the software and connectivity required to allow real-time secure data transmission for processing of credit and debit card payments on a website or mobile application.

Exhibit A includes a description of the main characteristics of the Braintree Payment Services.

Section 2 — Fees and Taxes

2.01 Fees

The fees applicable to the Braintree Payment Services are set forth on our website.

All of the fees applicable to your use of the Braintree Payment Services, including applicable transaction fees and Chargeback Fees, have been disclosed to you in the onboarding flow, and can always be accessed on our website for each merchant country. All applicable fees are due and payable immediately upon settlement of the applicable Payout Amount.

Interest on any and all amounts due by you, but not yet paid to Braintree, shall accrue at a rate of 1.0% per month ("Late Fee"). In the event of a dispute made in good faith as to the amount of fees, Merchant agrees to remit payment on any undisputed amount(s); and, the Late Fee shall not accrue as to any disputed amounts unless not paid within thirty (30) calendar days after said dispute has been resolved by both parties.

2.02 Blended or Interchange Plus Pricing

You may choose between two pricing models for receiving card payments via Braintree’s payment processing services. You may opt for the Blended pricing model or for the Interchange Plus model by the methods and procedures that Braintree makes available to you. If you do not make an election, you will stay on your existing fee structure.

When you select a pricing model, it may take up to five business days for it to take effect. It will only apply to future transactions, not to past transactions.

2.03 Payment of Fees; Right to Set-off

Braintree will, on a daily basis, pay to your Bank Account the aggregate of all Payout Amounts net of the applicable fees and other amounts due to Braintree. If the Payout Amount is not sufficient to cover the applicable fees or other amounts due to Braintree on any given day, any difference will be carried forward to the next day and applied against that day’s Payout Amount.

Upon Braintree’s request, Merchant shall provide Braintree with all necessary bank account, routing and related information and grant Braintree any required permission to debit the fees from your Bank Account.

You agree that Braintree may take the following actions to recover any fees or other amounts payable by you to Braintree, in its sole discretion and without the requirement of delivering prior notice:

  1. debit your Bank Account for the applicable amounts; and/or
  2. set-off the applicable amounts against Payout Amounts from incoming Transactions

2.04 Taxes

Unless otherwise stated, all charges, fees and other payments to be made by you under the Agreement are exclusive of VAT and any other relevant taxes (if any), and, in addition to paying such sums, you will be responsible for paying any such VAT and other relevant taxes.

In the event that Braintree incurs (a) any sales, use, excise, import or export, value-added, or similar tax or duty, and any other tax or duty based on Merchant’s relationship with Braintree and not based on Braintree's income; and (b) any government permit fees, customs fees and similar fees based on Merchant’s relationship with Braintree, Merchant agrees to reimburse Braintree for any such amounts. Such taxes, fees and duties paid by Merchant shall not be considered a part of, a deduction from, or an offset against, payments due to Braintree hereunder.

2.05 Interchange Fees

Interchange Fees are set by Visa and Mastercard. If you receive card payments under the Interchange Plus pricing model, Braintree shall always charge you the Interchange Fee as set by Visa and Mastercard and as passed on by Braintree’s Acquirer. For more information on Interchange Fees, please see Mastercard's and Visa’s websites.

Section 3 — Restricted Activities, Representations and Warranties

  • 3.01 Restricted activities

In connection with your use of the Braintree Payment Services, or in the course of your interactions with Braintree, you will comply at all times with the Braintree Acceptable Use Policy accessible at the following address: https://www.braintreepayments.com/legal/acceptable-use-policy.

You agree that you will not:

  1. Breach this Agreement, your applicable bank agreement that you entered into when you signed up for the Braintree Processing Services, or any other agreement that you have entered into with us in connection with the Braintree Payment Services;
  2. Breach any law, statute, regulation, or contract;
  3. Use the Braintree Payment Services in a manner that could result in a violation of anti-money laundering, counter terrorist financing and similar legal and regulatory obligations (including, without limitation, where we cannot verify your identity or other required information about your business) applicable to you or Braintree.
  4. Fail to provide us with any information that we request about you or your business activities, or provide us with false, inaccurate or misleading information;
  5. Refuse to cooperate in an investigation or provide confirmation of your identity or any information you provide to us;
  6. Reveal your access credentials to anyone else or use anyone else's access credentials for the Braintree Payment Services. We are not responsible for losses incurred by you including, without limitation, the use of your access to the Braintree Payment Services, by any person other than you, arising as the result of misuse of passwords; or
  7. Integrate or use any of the Braintree Payment Services without fully complying with all requirements communicated to you by Braintree.

3.02 Representations and warranties by Merchant

  1. Merchant has the full power and authority to execute, deliver and perform this Agreement. This Agreement is valid, binding and enforceable against Merchant in accordance with its terms and no provision requiring Merchant's performance is in conflict with its obligations under any constitutional document, charter or any other agreement (of whatever form or subject) to which Merchant is a party or by which it is bound.
  2. Merchant is duly organized, authorized and in good standing under the laws of the state, region or country of its organization and is duly authorized to do business in all other states, regions or countries in which Merchant's business make such authorization necessary or required.

Section 4 — Liability for Invalidated Payments and other Liabilities

You must compensate and indemnify us for any claims, losses, expenses or liability we incur arising out of:

  1. a transaction or dispute between you and your customer(s);
  2. an invalid transaction, refund transaction, over-payment, Chargeback and any other expenses, collectively “Invalidated Payments”;
  3. any error, negligence, willful misconduct or fraud by you or your employees; or
  4. any losses suffered by us as a result of your failure to comply with your obligations under this Agreement.

In the event of an Invalidated Payment and other liability, we may deduct the amount of the Invalidated Payment from your Payout Amounts.

Section 5 — Actions We May Take

5.01 Actions by Braintree

If we have reason to believe that there is a higher than normal risk associated with your Transactions, in particular if we believe you have breached the terms of this Agreement, we may take various actions to avoid Reversals, Chargebacks, fees, fines, penalties and any other liability. The actions we may take include but are not limited to the following:

  1. We may, at any time and without liability, limit or suspend your right to use the Braintree Payment Services if we believe that you are in breach of your obligations under this Agreement, including without limitation Section 3.01 “Restricted Activities”. If possible, we will give you advance notice of any limitation or suspension, but we may take such actions without advance notice under certain circumstances, including if we believe that your use of the Braintree Payment Services represents a security threat or involves fraud or any other illegal activities;
  2. Refuse any Transaction at any time, provided that, upon request and where possible, we will provide the reasons for the refusal and steps for resolution of the problem;
  3. Reverse any Transaction (including, if appropriate, to the sender’s credit card), that violates, or we reasonably suspect may violate, this Agreement, including but not limited to our Acceptable Use Policy or section 3.01;
  4. Hold your funds or suspend/ limit your account, to the extent and for so long as reasonably needed to protect against the risk of liability or as required to mitigate any regulatory risk in relation to your Transactions.

5.02 Reserves

Braintree, in its sole discretion, may place a Reserve on all or a portion of your Payout Amounts. If Braintree imposes a Reserve, we will provide you with a notice specifying the terms of the Reserve. The terms may require (a) that a certain percentage of your Payout Amounts are held for a certain period of time, (b) that a fixed amount of your Payout Amounts is withheld from payout to you, or (c) such other restrictions that Braintree determines are necessary to protect against the risk to us associated with our business relationship. Braintree may change the terms of the Reserve at any time by providing you with notice of the new terms. Payout Amounts subject to a Reserve are not immediately available for payout to you or for making Refund Transactions. Other restrictions described in (c) above may include: limiting Payout Amounts immediately available to you, changing the speed or method of payouts to you, setting off any amounts owed by you against your Payout Amounts and/or requiring that you, or a person associated with you, enter into other forms of security arrangements with us (for example, by providing a guarantee or requiring you to deposit funds with us as security for your obligations to us or third parties). You also agree to undertake, at your own expense, any further action (including, without limitation, executing any necessary documents and registering any form of document reasonably required by us to allow us to perfect any form of security interest or otherwise) required to establish a Reserve or other form of security in a manner reasonably determined by us.

Braintree may hold a Reserve as long as it deems necessary, in its sole discretion, to mitigate any risks related to your Transactions. You agree that you will remain liable for all obligations related to your Transactions even after the release of any Reserve. In addition, we may require you to keep your Bank Account available for any open settlements, Chargebacks and other adjustments.

5.03 Security Interest

To secure your performance of this Agreement, you grant to Braintree a legal claim to any Payout Amounts held in Reserve. This is known in legal terms as a “lien” on and “security interest” in these Payout Amounts.

5.04 Direct Acceptance with American Express

You acknowledge that if you process greater than or equal to the equivalent of $500,000 USD in American Express transactions annually, American Express may require you to enter into a direct contractual relationship with them. In this situation, American Express will set pricing for American Express transactions, and you will pay fees for American Express transactions directly to American Express.

Section 6 — Data, Intellectual Property, Publicity

6.01 Data Security Compliance

Merchant agrees to comply with data privacy and security requirements under the Payment Card Industry Data Security Standard ("Association PCI- DSS Requirements") with regards to Merchant's use, access, and storage of certain credit card non-public personal information ("Cardholder Information") on behalf of Braintree. Visa, Mastercard, Discover, American Express, any ATM or debit network, and the other financial service card organizations shall be collectively known herein as "Associations." Additionally, Merchant agrees to comply with its obligations under any applicable law or regulation as may be in effect or as may be enacted, adopted or determined regarding the confidentiality, use, and disclosure of Cardholder Information. Braintree may, at its discretion, conduct an on-site audit and review of Merchant's data privacy and security procedures upon either (a) five (5) Business Days’ notice for any reason or (b) immediately upon any unauthorized access to, use or disclosure of any Cardholder Information entrusted to Merchant.

Braintree may, with written notice to Merchant, require that Merchant comply with any further requirements of the European Central Bank or the Associations for strong authentication for all or certain specified credit card transactions.

6.02 Data Accuracy

Merchant warrants to Braintree that all data and entries delivered to Braintree by Merchant will (a) be correct in form, (b) contain true and accurate information, (c) be fully authorized by the customer, and (d) be timely under the terms and provisions of this Agreement.

6.03 Intellectual Property

"Intellectual Property" means all of the following owned by a party: (a) trademarks and service marks (registered and unregistered) and trade names, and goodwill associated therewith; (b) patents, patentable inventions, computer programs, and software; (c) databases; (d) trade secrets and the right to limit the use or disclosure thereof; (e) copyrights in all works, including software programs; and (f) domain names. The rights owned by a party in its Intellectual Property shall be defined, collectively, as "Intellectual Property Rights." Other than the express licenses granted by this Agreement, Braintree grants no right or license to Merchant by implication, estoppel or otherwise to the Braintree Payment Service or any Intellectual Property Rights of Braintree. Each party shall retain all ownership rights, title, and interest in and to its own products and services (including in the case of Braintree, in the Braintree Payment Service) and all intellectual property rights therein, subject only to the rights and licenses specifically granted herein.

6.04 License Grant

If you are using our software such as an API, developer's toolkit or other software application (the “Software”) that you have downloaded to your computer, device, or other platform, then Braintree grants you a revocable, non-exclusive, non-transferable license to use Braintree's software in accordance with the documentation. This license grant includes the software and all updates, upgrades, new versions and replacement software for your use in connection with the Braintree Payment Service. You may not rent, lease or otherwise transfer your rights in the software to a third party. You must comply with the implementation and use requirements contained in all Braintree documentation accompanying the software. If you do not comply with Braintree’s instructions, implementation and use requirements you will be liable for all resulting damages suffered by you, Braintree and third parties. Unless otherwise provided by applicable law, you agree not to alter, reproduce, adapt, distribute, display, publish, reverse engineer, translate, disassemble, decompile or otherwise attempt to create any source code that is derived from the software. Upon expiration or termination of this Agreement, you will immediately cease all use of any Software.

6.05 Trademarks

License to Braintree Trademarks. Subject to the terms and conditions of this Agreement, Braintree grants you a revocable, non-exclusive, non-transferable license to use Braintree's trademarks to identify the Braintree Payment Service (the "Trademarks") during the term of this Agreement solely in conjunction with the use of the Braintree Payment Service. Braintree grants no rights in the Trademarks or in any other trademark, trade name, service mark, business name or goodwill of Braintree except as licensed hereunder or by separate written agreement of the parties. Merchant agrees that it will not at any time during or after this Agreement assert or claim any interest in or do anything that may adversely affect the validity of any Trademark or any other trademark, trade name or product designation belonging to or licensed to Braintree (including, without limitation registering or attempting to register any Trademark or any such other trademark, trade name or product designation). Upon expiration or termination of this Agreement, Merchant will immediately cease all display, advertising and use of all of the Trademarks.

6.06 Publicity

Merchant hereby grants Braintree permissions to use Merchant's name and logo in its marketing materials including, but not limited to use on Braintree's website, in customer listings, in interviews and in press releases.

Section 7 — Indemnification, Limitation of Liability, Disclaimer of Warranties

7.01 Indemnification

Merchant agrees to defend, indemnify, and hold harmless PayPal, Braintree, our affiliates and subsidiaries, the people who work for us or who are authorised to act on our behalf from any claim or demand (including attorneys’ fees) made or incurred by any third party due to or arising out of your breach of this Agreement or your applicable bank agreement that you entered into when you signed up for the Braintree Processing Services, your improper use of the Braintree Processing Services, and/or your violation of any law or the rights of a third party.

7.02 LIMITATION OF LIABILITY

NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR TO ANY OTHER THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE BRAINTREE PAYMENT SERVICE, WHETHER FORESEEABLE OR UNFORESEEABLE, AND WHETHER BASED ON BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, MISREPRESENTATION, NEGLIGENCE, STRICT LIABILITY IN TORT, OR OTHER CAUSE OF ACTION (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF DATA, GOODWILL, PROFITS, INVESTMENTS, USE OF MONEY, OR USE OF FACILITIES; INTERRUPTION IN USE OR AVAILABILITY OF DATA; STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS; OR LABOR CLAIMS), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. UNDER NO CIRCUMSTANCES SHALL BRAINTREE'S TOTAL AGGREGATE LIABILITY TO MERCHANT OR ANY THIRD PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE AMOUNTS PAID BY MERCHANT TO BRAINTRE UNDER THIS AGREEMENT DURING THE FIRST TWELVE MONTH PERIOD AFTER THE EFFECTIVE DATE OF THIS AGREEMENT. FOR THE AVOIDANCE OF ANY DOUBT, NOTHING IN THIS AGREEMENT SHALL LIMIT THE LIABILITY OF EITHER PARTY FOR GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR TORT.

7.02 Disclaimer of Warranties

THE BRAINTREE PAYMENT SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY WHATSOEVER. BRAINTREE DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, TO MERCHANT AS TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY BRAINTREE OR ITS EMPLOYEES OR REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF BRAINTREE'S OBLIGATIONS.

During the term of this Agreement, Braintree shall use its commercially reasonable efforts to provide the Braintree Payment Service without interruption. However, the parties acknowledge that the Braintree Payment Service is a computer network based service which may be subject to outages and delay occurrences. As such, Braintree does not guarantee continuous, or uninterrupted access to the Braintree Payment Services. Braintree shall not be liable for any delay in the failure in our provision of the Braintree Payment Services under this Agreement. Merchant acknowledges that Merchant’s access to the Braintree website may be occasionally restricted to allow for repairs, maintenance or the introduction of new facilities or services. Braintree will make reasonable efforts to ensure that Transactions are processed in a timely manner. Braintree will not be liable in any manner for any interruptions, outages, or other delay occurrences relating to the Braintree Payment Service.

Section 8 — Term and Termination, Data Portability

The initial term of this Agreement shall commence upon successful registration on the Braintree website and activation by Braintree for productive use (“Activation Date”).

This Agreement shall continue on until terminated as set forth herein. Notwithstanding any other provisions in this Agreement,

  1. you may terminate this Agreement, without cause, by providing Braintree with one (1) day written notice.
  2. Braintree may terminate this Agreement, without cause, by providing you with two (2) months prior notice. This will not affect Braintree’s right to (i) suspend our services according to Section 5.01 or, (ii) terminate at any time this Agreement without recourse to the courts (“de plein droit” in case of an important cause pursuant to which you breach your duties cited in this Agreement rendering infeasible or considerably aggravate the continuation of our business relationship with you. In case the important cause consists in a breach of this Agreement, we will terminate only after unsuccessful lapse of a reasonable prior notice to remedy the breach.

Data Portability. Upon any termination of this Agreement, Braintree agrees, upon written request from Merchant, to provide Merchant’s new acquirer or payment service provider (“Data Recipient”), as applicable, with any available credit card information relating to Merchant's Customers, subject to the following conditions: (i) Merchant must provide Braintree with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (level 1 PCI compliant) by giving Braintree a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by Braintree; (ii) the transfer of such information is compliant with the latest version of the Association PCI-DSS Requirements; and (iii) the transfer of such information is allowed under the applicable card association rules, and any applicable laws, rules or regulations.

Section 9 — General Provisions

9.01 Independent Contractors

The relationship of Braintree and Merchant is that of independent contractors. Neither Merchant nor its employees, consultants, contractors or agents are agents, employees, partners or joint ventures of Braintree, nor do they have any authority to bind Braintree by contract or otherwise to any obligation. They will not represent to the contrary, either expressly, implicitly, by appearance or otherwise.

9.02 Severability

If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, void or unenforceable for any reason, the remaining provisions not so declared shall nevertheless continue in full force and effect, but shall be construed in a manner so as to effectuate the intent of this Agreement as a whole, notwithstanding such stricken provision or provisions.

9.03 Waiver

No term or provision of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the party claimed to have waived or consented. Any consent by any party to, or waiver of, a breach by the other party, whether express or implied, shall not constitute a consent to, waiver of, or excuse for any different or subsequent breach.

9.04 Assignment

This Agreement will bind and inure to the benefit of each party's permitted successors and assigns. Merchant may not assign this Agreement without the written consent of Braintree. Braintree may assign this Agreement in its sole discretion without the written consent of Merchant.

9.05 Amendments

To be valid, any amendment or waiver of this Agreement must be in writing, but an email suffices as writing for a waiver by Braintree. Changes to this Agreement will be offered to you in text-form, e.g. by way of sending you an e-mail, with a minimum of 2 months prior notice before the suggested effective date of such change. You will be deemed to have consented to these changes unless you explicitly dissent before the effective date. In case you do not agree to the changes, you may terminate this Agreement without any extra cost at any time before the effective date of the change. In such an e-mail, we shall specifically inform you about your right to dissent, the effective date, and your option to terminate this Agreement. We also publish the amended version of this Agreement on the Braintree website(s) at www.braintreepayments.com. In cases where we add extra functionality to the existing services or any other change which we believe in our reasonable opinion to neither reduce your rights nor increase your responsibilities, we may make an announcement with only 1 month prior notice. You shall have 3 weeks to express your dissent in such a case.

9.06 Entire Agreement; Binding Effect

This Agreement, including all schedules, exhibits and attachments thereto, sets forth the entire agreement and understanding of the parties hereto in respect to the subject matter contained herein, and supersedes all prior agreements, promises, covenants, arrangements, communications, representations or warranties, whether oral or written, by any officer, partner, employee or representative of any party hereto. This Agreement shall be binding upon and shall inure only to the benefit of the parties hereto and their respective successors and assigns. Nothing in this Agreement, express or implied, is intended to confer or shall be deemed to confer upon any persons or entities not parties to this Agreement, any rights or remedies under or by reason of this Agreement.

9.07 Survival

Merchant remains liable under this Agreement in respect to all charges and other amounts incurred through the use of the Braintree Payment Services at any time, irrespective of termination of this Agreement.

All representations, covenants and warranties shall survive the execution of this Agreement, and all terms that by their nature are continuing shall survive the termination or expiration of this Agreement.

9.08 Contact for enquiries, communication and availability of contractual documents

If you have a question or complaint relating to the Braintree Payment Services or your Transactions, please contact the Braintree customer support as defined in the “contact” tab of the Braintree website.

All information relating to the services described in this Agreement and all customer service support and other communication during the contractual relationship will be provided in the English language only.

The general terms and conditions for the Braintree Payment Services will be available at all times on www.braintreepayments.com in the “Legal” tab, and/or be made available during signup process as an electronic copy per e-mail. You may request at any time free of charge electronic copy of your contractual documents.

9.09 Notices, Governing Law, and Jurisdiction

  1. Notice to Merchant. Merchant agrees that Braintree may provide notice to Merchant by posting it on Braintree’s website, emailing it to Merchant, or sending it to Merchant through postal mail. Notices sent to Merchant by mail are considered received by Merchant within 3 Business Days of the date Braintree sends the notice unless it is returned to Braintree. In addition, Braintree may send Merchant emails, including, but not limited to as it relates to product updates, new features and offers and Merchant hereby consents to such email notification.
  2. Notice to Braintree. Notice to Braintree must be sent by postal mail to PayPal (Europe) S.à r.l. et Cie, S.C.A. Attention: Legal Department, 22-24 Boulevard Royal L-2449, Luxembourg.
  3. Governing Law and Jurisdiction. The Parties choose Luxembourg law as the governing law of this Agreement. The competent courts of Luxembourg City shall have non-exclusive jurisdiction over all disputes arising out of or in connection with this Agreement.

EXHIBIT A

Section 1 — The Braintree Payment Service

Braintree

Braintree provides Merchants with the ability to accept credit and debit card payments on a website or mobile application. The Braintree Payment Services include payout of funds to a bank account defined by you, fraud protection tools, recurring billing functionality, payment card storage, foreign currency acceptance, white glove customer support, and other software, APIs and other services and technology as described on the Braintree website. Braintree also provides Merchants with the software and connectivity required to allow real-time secure data transmission and processing of credit and debit card payments.

How to receive payments

You can create and submit one-time or recurring transactions in your Braintree Dashboard or by API access for your customers and store the customer and card payment details with Braintree.

1.01 Getting started.

At the time of your sign up as a Braintree customer, Braintree needs to collect information about you and your business, and confirm your identity in accordance with its anti-money laundering and other regulatory obligations before you have full access to the Braintree Payment Services and disbursement of funds is possible. Braintree will notify you immediately when this mandatory process is completed. Braintree may let you create transactions before this process is complete. Any transactions you create before such time are subject to satisfactory completion of such process and subject to reversal in case the process is not complete within 30 Business Days.

1.02 Receiving payments, Bank Account and Payouts

Any proceeds from settled card transactions initiated by you will be received by Braintree from the sponsoring acquiring bank and settled to your Bank Account or directed to your Bank Account at our request by the sponsoring acquiring bank.

Subject to the terms of this Agreement, Braintree will pay to your Bank Account all amounts due to you and recorded by the sponsoring acquiring bank as Transactions, minus any fees, Reversals, Chargebacks, refunds or other amounts that you owe to Braintree under this Agreement.

Merchant acknowledges and agrees that a Transaction may become subject to a Chargeback even after settlement, or be invalidated for any other reason. Any of Merchant’s Payout Amounts are subject to any such event and the Merchant is required to pay to Braintree:

  1. the full amount of the original Transaction
  2. any fees and cost incurred by Braintree in this respect
  3. any Chargeback fees according to this Agreement.

You must designate at least one bank account for the deposit and settlement of funds associated with Braintree’s processing of the Transactions. Your Bank Account must be part of the SWIFT network and be able to receive the currency received from us.

With prior notice, you can change your Bank Account by way of contacting Braintree’s customer service. You authorize Braintree to initiate electronic credit and debit entries and adjustments to the Bank Account and you shall execute any documentation necessary to give effect to such authorization under the applicable legal framework of your Bank Account. Braintree will not be liable for any delays in receipt of funds or errors in the Bank Account entries caused by third parties, including but not limited to delays or errors by the payment brands or your bank.

1.03 Execution and cut-off times

If Braintree is managing your settlement, you agree that we will make commercially reasonable efforts to settle to your Bank Account, at the latest, by the end of the next Business Day following the date we have received the funds from your acquiring bank

Our obligation to execute payment orders within the time period set out above in this section only applies to payments executed in the currency of Pounds Sterling, Euro or the currency of the EEA State that has not adopted Euro as its currency, and to Bank Accounts within the European Union.

Braintree is under no obligation to execute your payment order if you do not have sufficient funds or in any of the cases described in Section 5.01. Braintree reserves the right not to effect a payment made by you until it receives cleared funds.

1.04 Refunds

You may issue refunds in relation to a Transaction (“Refund Transaction”) in the Braintree Dashboard or through your API access. Unless specifically approved otherwise by Braintree, Refund Transactions encompass the original amount and currency of the Transaction plus shipping cost.

1.05 Security of your access, unauthorized transactions

You agree to:

  1. not allow anyone else to have or use your password details and comply with all reasonable instructions we may issue regarding how you can keep your payment instrument safe
  2. Keep your personal details up to date. We may be unable to respond to you if you contact us from an address, telephone number or email account that is not registered with us.
  3. Take all reasonable steps to protect the security of the personal electronic device through which you access the Braintree Payment Services (including, without limitation, using pin and/or password protected personally configured device functionality to access the Services and not sharing your device with other people).
  4. You will be solely responsible to obtain accurate credit card information and authorization from your customers.

1.06 Statements / overviews

You may check at any time in your Braintree Dashboard your processed Transactions, as well as your Refunds, Chargebacks and amounts settled to your Bank Account, and their respective status, and credit / debit date. Such statements will also display fees and their breakdown. If you have agreed to a monthly settlement of fees, your fees will be shown in your monthly settlement statement and a detailed spreadsheet will be made available in the “statements” section of the control panel. In case you need a permanent file, we also offer your transaction overview for download.

In addition to viewing the Transactions from the Braintree Payment Services, the Braintree Dashboard may also offer you the ability to see your PayPal payments. This functionality requires that you connect your existing PayPal business account through the Braintree Dashboard.Please note that the functionality is for your convenience only and is not part of the Braintree Payment Services. You should refer to your PayPal account and information on www.paypal.com for full view and functionalities relating to your PayPal payments.

Section 2 — Data Protection (Customer Data)

Click here for a PDF version of this section 2, Exhibit A (EU Model Clauses) signed by PayPal.

Data Protection Terms and EU Standard Contractual Clauses are set out in the EU Personal Data Standard Contractual Clauses Addendum and are hereby incorporated by reference into this Agreement.

BRAINTREE PAYMENT SERVICES AGREEMENT

EU PERSONAL DATA STANDARD CONTRACTUAL CLAUSES ADDENDUM

This EU Personal Data Standard Contractual Clauses Addendum (“Addendum”) is entered into between the entity identified as the “merchant” on the signature page to the Payment Services Agreement or whose details have been input as part of the online registration process (“Merchant ”) and PayPal (Europe) S.á.r.l. et Cie, S.C.A. (“Braintree”) (collectively the “Parties”). This Addendum shall form part of the Payment Services Agreement between Merchant and PayPal (the “Agreement”) in accordance with the Execution of this Addendum section below.

PayPal, Inc., a Delaware corporation with offices located at 2211 North First Street, San Jose, CA 95131 (“PayPal”) is a party to the EU Standard Contractual Clauses as set out below.

Capitalized terms used but not defined in this Addendum shall have the meaning set out in the Agreement.

WHEREAS:

  • (A) Braintree is established and located in the European Economic Area.
  • (B) Braintree’s parent company PayPal and its subcontractors are located in the USA and certain other countries outside the European Economic Area.
  • (C) The European Economic Area and Switzerland restrict the transfer of Personal Data to certain other jurisdictions, including the USA.
  • (D) In order to assist Merchants established in the European Economic Area or Switzerland to transfer Personal Data to Braintree and Braintree’s parent company PayPal and its subcontractors in the provision of the Services, Braintree agrees to enter into this Addendum on the terms set out herein and PayPal agrees to enter into the EU Standard Contractual Clauses on the terms set out herein.

EXECUTION OF THIS ADDENDUM

This Addendum amends and forms part of your Payments Services Agreement. The Addendum has been electronically pre-executed for and on behalf of Braintree and the EU Standard Contractual Clauses at Attachment 1 has been electronically pre-executed for and on behalf of PayPal through the application of Braintree’s e-signature to the Addendum and PayPal’s e-signature to the EU Standard Contractual Clauses. Both documents will only come into effect as set out below.

Automatic execution option

Provided that Merchant is a party to an executed and effective Payment Services Agreement with Braintree, this Addendum shall take effect, as between Braintree and that Merchant only, and the EU Standard Contractual Clauses shall take effect, as between PayPal and that Merchant only:

for Merchants who have entered into a Payments Services Agreement on or after 18 April 2016,

automatically on execution of the Payment Services Agreement (and the name, address and contact details that Merchant provided when entering into the Payment Services Agreement shall be deemed to be inserted into the data exporter section on page 23 of the Addendum and Merchant to have signed as Merchant on page 22 and as data exporter on pages 31 and 33 of the Addendum); and

for Merchants who entered into a Payments Services Agreement before 18 April 2016

in accordance with Section 9.05 (Amendments) of the Payments Services Agreement (and the name, address and contact details that Merchant provided when entering into the Payment Services Agreement shall be deemed to be inserted into the data exporter section on page 23 of the Addendum and Merchant to have signed as Merchant on page 22 and as data exporter on pages 31 and 33 of the Addendum), or (if earlier)

on the date that Merchant completes the physical execution actions set out below:

Physical execution option (Merchant may require this option for the purposes of obtaining prior approval of transfers from Merchant’s local data protection authority)

Notwithstanding the foregoing, provided Merchant is a party to an executed and effective Payment Services Agreement with Braintree, this Addendum shall take effect, as between Braintree and that Merchant only, and the EU Standard Contractual Clauses shall take effect, as between PayPal and that Merchant only upon completion of the following steps:

(i) Merchant to complete the information relating to the Data Exporter and execute the signature page at pages 22 and 23;

(ii) Merchant to complete and execute the signature pages at pages 31 and 33; and

(iii) Merchant to submit the completed and fully executed Addendum to Braintree at dataprivacy@braintreepayments.com

1 DEFINITIONS AND INTERPRETATION

1.1 The following terms have the following meanings when used in this Addendum:

Customer means a customer of Merchant who uses the Braintree Payment Services

Customer Data means the Personal Data that Merchant’s Customer provides to Braintree through the use of the Braintree Payment Services

Data Controller means the entity which determines the purposes and means of the Processing of Personal Data

Data Exporter means Merchant

Data Importer means PayPal

Data Processor means the entity which processes Personal Data on behalf of the Data Controller

Data Protection Requirements means all laws and regulation, including laws and regulations of the European Union, the European Economic Area and their member states, applicable to the Processing of Personal Data

Data Subject means the individual to whom Personal Data relates

EU Standard Contractual Clauses means the agreement executed by and between Merchant and PayPal and attached hereto as Attachment 1 pursuant to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

Merchant Data means any Personal Data relating to Merchant or its employees, officers or contractors provided to or obtained by Braintree in the provision of the Braintree Payment Services

Personal Data means any information relating to an identified or identifiable person

Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction

Sub-processor means any Data Processor engaged by PayPal and/or its Affiliates in the Processing of Personal Data

1.2 Addendum. This Addendum comprises: (i) paragraphs 1 to 5, being the main body of the Addendum; and (ii) Attachment 1 (EU Standard Contractual Clauses).

1.3 Conflict. If and to the extent that there is any inconsistency between this Addendum and the EU Standard Contractual Clauses in Attachment 1, the EU Standard Contractual Clauses shall prevail.

2 PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE BRAINTREE PAYMENT SERVICES

2.1 Braintree is the Data Controller in respect of Merchant Data and may use it for the following purposes:

2.1.1 as reasonably necessary to provide the services to Merchant and its Customer;

2.1.2 to conduct anti-money laundering, know your customer and fraud checks on the Merchant;

2.1.3 to market to the employees and contractors of Merchant; and

2.1.4 any other purpose that it notifies (or Merchant agrees to notify on its behalf) to the employees and contractors of Merchant in accordance with Data Protection Requirements.

2.2 Braintree is Merchant’s Data Processor in respect of Customer Data. Braintree shall only Process Customer Data on behalf of and in accordance with Merchant’s instructions. Merchant hereby instructs Braintree to Process Customer Data for the following purposes:

2.2.1 as reasonably necessary to provide the services Merchant and its Customer;

2.2.2 after anonymising the Customer Data, to use that anonymised Customer Data for any purpose whatsoever; and

2.2.3 as required to comply with applicable binding legal requirements by responding to binding requests for the disclosure of information as required by local laws, provided always that where the request is from a non-EEA law enforcement agency Braintree will (a) inform Merchant of the request, the data concerned, response time, the identity of the requesting body and the legal basis for the request; (b) wait for Merchant’s instructions provided the instruction and the opinion are received within a reasonable period of time, which shall be assessed in light of the time period afforded by the law enforcement agency to Braintree; (c) where Braintree is prohibited from informing Merchant about the law enforcement agency’s request, take reasonable steps to have this prohibition waived and to make available relevant information about the request as soon as possible to Merchant (these efforts will be documented); and (d) where the prohibition cannot be waived, compile a list, in compliance with its national law and on an annual basis, of the number of such requests received, the type of Customer Data requested and the identity of the law enforcement agency concerned and make it available to the Customer’s data protection authority annually on request (in which circumstances Braintree will be acting as a Data Controller).

2.3 Scope and Purpose; Categories of Personal Data and Data Subjects. The objective of Processing Customer Data by Braintree is the performance of the Services pursuant to the Agreement. The types of Customer Data and categories of Data Subjects Processed under this Addendum are further specified in Attachment 1, Appendix 1 (Details of the Processing) to this Addendum.

2.4 Merchant undertakes to provide all notices and obtain all consents necessary for Braintree’s use of Merchant Data and Customer Data set out above.

2.5 The Parties will at all times comply with Data Protection Requirements.

3 DATA PROCESSOR TERMS

This section 3 applies only to the extent that Braintree acts as Data Processor or Sub-processor to Merchant. It does not apply where Braintree acts as Data Controller.

Data subject rights

3.1 Correction, Blocking and Deletion. To the extent Merchant, in its use of the Services, does not have the ability to correct, amend, block or delete Customer Data, as required by Data Protection Requirements, Braintree shall comply with any commercially reasonable request by Merchant to facilitate such actions to the extent Braintree is legally permitted to do so. To the extent legally permitted, Merchant shall be responsible for any costs arising from Braintree’s provision of such assistance.

3.2 Data Subject Requests. Braintree shall, to the extent legally permitted, promptly notify Merchant if it receives a request from a Customer Data Subject for access to, correction, amendment or deletion of that person’s Personal Data. Braintree shall not respond to any such Customer Data Subject request without Merchant’s prior written consent except to confirm that the request relates to Merchant to which Merchant hereby agrees. Braintree shall provide Merchant with commercially reasonable cooperation and assistance in relation to handling of a Customer Data Subject’s request for access to that person’s Personal Data, to the extent legally permitted and to the extent Merchant does not have access to such Customer Data through its use of the Services. If legally permitted, Merchant shall be responsible for any costs arising from Braintree’s provision of such assistance.

Braintree personnel

3.3 Confidentiality. Braintree shall ensure that its personnel engaged in the Processing of Customer Data are informed of the confidential nature of the Customer Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Braintree shall ensure that such confidentiality obligations survive the termination of the personnel engagement.

3.4 Reliability. Braintree shall take commercially reasonable steps to ensure the reliability of any Braintree personnel engaged in the Processing of Customer Data.

3.5 Limitation of Access. Braintree shall ensure that Braintree’s access to Customer Data is limited to those personnel performing Services in accordance with the Agreement.

3.6 Data Protection Officer. Members of the PayPal Group have appointed a data protection officer where such appointment is required by Data Protection Requirements. The appointed person may be reached at dataprivacy@braintreepayments.com.

3.7 Sub-processors. Merchant acknowledges and expressly agrees that PayPal’s affiliates may be retained as Sub-processors; and (b) Braintree, PayPal and PayPal’s affiliates respectively may engage third-party Sub-processors in connection with the provision of the Services.

3.7.1 List of Current Sub-processors and Notification of New Sub-processors. Braintree shall make available to Merchant a current list of Sub-processors for the respective Services with the identities of those Sub-processors (“Sub-processor List”). The Sub-processor list is included in Attachment 2 to this Addendum. Where a Sub-processor is proposed to be changed Braintree shall provide 2 months’ prior notice by email to Merchant before implementing such change

3.7.2 Objection Right for new Sub-processors. If Merchant has a reasonable basis to object to Braintree’s use of a new Sub-processor, Merchant shall notify Braintree promptly in writing within 2 months after receipt of Braintree’s notice. In the event Merchant objects to a new Sub-processor(s) and that objection is not unreasonable Braintree will use reasonable efforts to make available to Merchant a change in the affected Services or recommend a commercially reasonable change to Merchant’s configuration or use of the affected Services to avoid processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening Merchant. If Braintree is unable to make available such change within a reasonable period of time, which shall not exceed sixty (60) days, Merchant may terminate the Agreement in respect only of those Braintree Payment Services which cannot be provided by Braintree without the use of the objected-to new Sub-processor, by providing written notice to Braintree. Merchant shall receive a refund of any prepaid fees for the period following the effective date of termination in respect of such terminated Braintree Payment Services.

3.8 Audits and Certifications. where requested by Merchant, subject to the confidentiality obligations set forth in the Agreement, Braintree shall make available to Merchant (or Merchant’s independent, third-party auditor that is not a competitor of Braintree or PayPal) information regarding Braintree’s compliance with the obligations set forth in this Addendum in the form of the third-party certifications and audits (if any) set forth in the Privacy Policy set out on our website. Merchant may contact Braintree in accordance with the “Notices” Section of the Agreement to request an on-site audit of the procedures relevant to the protection of Personal Data. Merchant shall reimburse Braintree for any time expended for any such on-site audit at Braintree’s then-current professional services rates, which shall be made available to Merchant upon request. Before the commencement of any such on-site audit, Merchant and Braintree shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Merchant shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Braintree. Merchant shall promptly notify Braintree with information regarding any non-compliance discovered during the course of an audit.

3.9 Security: Braintree shall, as a minimum, implement and maintain appropriate technical and organizational measures as described in Attachment 1, Appendix 2 of the Addendum to keep Customer Data secure and protect it against unauthorised or unlawful processing and accidental loss, destruction or damage. Since Braintree provides the Braintree Payment Service to all customers uniformly via a hosted, web-based application, all appropriate and then-current technical and organisational measures apply to Braintree’s entire customer base hosted out of the same data centre and subscribed to the same service. Merchant understands and agrees that the technical and organizational measures are subject to technical progress and development. In that regard, Braintree is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained. In the event of any detrimental change Braintree shall provide a notification together with any necessary documentation to Merchant by email or publication on a website easily accessible by Merchant.

3.10 Braintree shall promptly inform Merchant as soon as it becomes aware of serious disruptions of the processing operations, reasonable suspected or actual data protection violations or any security breach in connection with the processing of Customer Personal Data which, in each case, may significantly harm the interest of the Data Subjects concerned.

4 EU STANDARD CONTRACTUAL CLAUSES RELATED TERMS

4.1 Application. The EU Standard Contractual Clauses are set out in Attachment 1 (the “EU Standard Contractual Clauses”). The EU Standard Contractual Clauses apply only to Customer Data that is transferred by Merchants established in the European Economic Area (“EEA”) or Switzerland to Braintree.

4.2 Instructions. This Addendum and the Agreement are Data Exporter’s complete and final instructions to Data Importer for the Processing of Customer Data. Any additional or alternate instructions must be agreed upon separately. For the purposes of Clause 5(a) of the EU Standard Contractual Clauses, the Data Exporter gives the following instructions: (a) to process Customer Data in accordance with the Agreement; and (b) to process Customer Data initiated by Merchants in their use of the Braintree Payment Services during the Term. These instructions also describe the duration, object, scope and purpose of the processing.

4.3 Sub-processors. Pursuant to Clause 5(h) of the EU Standard Contractual Clauses, the Data Exporter acknowledges and expressly agrees that the provisions of paragraph 3.7 of this Addendum shall also apply to the Data Importer as if it were Braintree.

4.3.1 The parties agree that the copies of the sub-processor agreements that must be sent by the Data Importer to the Data Exporter pursuant to Clause 5(j) of the EU Standard Contractual Clauses may have all commercial information, or clauses unrelated to the EU Standard Contractual Clauses or their equivalent, removed by the Data Importer beforehand; and, that such copies will be provided by Data Importer only upon reasonable request by Data Exporter.

4.4 Audits and Certifications. The Parties agree that the audits described in Clause 5(f), Clause 11 and Clause 12(2) of the EU Standard Contractual Clauses shall be fulfilled in the following manner: the provisions of paragraph 3.8 of this Addendum shall also apply to the Data Importer as if it were Braintree.

4.5 Certification of Deletion. The Parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) shall be provided by the Data Importer to the Data Exporter only upon Data Exporter’s request.

4.6 Liability. The Parties agree that all liabilities between them (and in respect of PayPal, such liabilities shall be aggregated with those of Braintree so that collectively their cumulative joint liability is capped at the level set out in the Agreement) under this Addendum and the EU Standard Contractual Clauses will be subject to the terms of the Agreement (including as to limitation of liability), except that such limitations of liability will not apply to any liability that PayPal may have to Data Subjects under the third party rights provisions of the EU Standard Contractual Clauses.

4.7 Exclusion of third party rights. Subject to paragraph 4.6, PayPal shall be granted third party rights in relation to obligations expressed to be for the benefit of the Data Importer or PayPal in this Addendum and Data Subjects are granted third party rights under the EU Standard Clauses. All other third party rights are excluded.

5 LEGAL EFFECT

This Addendum shall take effect between, and become legally binding on the Parties and the EU Standard Contractual Clauses shall take effect between, and become legally binding between PayPal and Merchant, on the date determined by “Execution of this Addendum” section above.

Merchant

For and on behalf of (insert Merchant legal name)…………………………………

Signature……………………………………………

Name of signatory…………………………………….

Title of signatory……………………………………

Date………………………………………………..

Braintree

For and on behalf of PayPal (Europe) S.á.r.l. et Cie, S.C.A.

Signature…………………………………………….

Name of signatory……………………………………..

Title of signatory…………………………………….

Date…………………………………………………

ATTACHMENT 1

STANDARD CONTRACTUAL CLAUSES

Controller to Processor export of personal data (from EEA countries)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

Name of the data exporting organisation: ………………………………………..

Address: …………………………………………….

Tel.: ……………………………………………….

fax: ………………………………………………..

e-mail: ……………………………………………..

Other information needed to identify the organisation: …………………………… (the data exporter)

And

Name of the data importing organisation: Paypal, Inc

Address: 2211 North First Street, San Jose, CA 95131

E-mail: dataprivacy@braintreepayments.com

Other information needed to identify the organisation: …………………………… (the data importer)

each a “party”; together “the parties”,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.


Clause 1

Definitions

For the purposes of the Clauses:

  • (a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  • (b) 'the data exporter' means the controller who transfers the personal data;
  • (c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
  • (d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
  • (e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
  • (f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

  1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
  2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
  3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
  4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

  • (a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
  • (b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
  • (c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
  • (d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
  • (e) that it will ensure compliance with the security measures;
  • (f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
  • (g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
  • (h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
  • (i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
  • (j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

  • (a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • (b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • (c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
  • (d) that it will promptly notify the data exporter about:
    • (i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
    • (ii) any accidental or unauthorised access, and
    • (iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
  • (e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
  • (f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
  • (g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
  • (h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
  • (i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
  • (j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

  1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
  2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
  3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

  1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
    • (a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
    • (b) to refer the dispute to the courts in the Member State in which the data exporter is established.
  2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

  1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
  2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
  3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

  1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
  2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
  3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
  4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

  1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
  2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data exporter:

Name (written out in full): …………………………………………….

Position: …………………………………………….

Address: …………………………………………….

Other information necessary in order for the contract to be binding (if any):

Signature…………………………………………….(stamp of organisation)

On behalf of the data importer (Paypal, Inc):

Name (written out in full): …………………………………………….

Position: …………………………………………….

Address: 2211 North First Street, San Jose, CA 95131

Signature…………………………………………….(stamp of organisation)


APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The data exporter is: Merchant

An entity that uses the Data importer’s services in respect of its Customers

Data importer

The data importer is: Paypal, Inc

A payment serivces provider which in relation to the Braintree services provides a payment gateway so that Merchant can provide Customer credit card and other details to banks and other payment service providers to process payments from Customers

Data subjects

The personal data transferred concern the following categories of data subjects:

The data exporter’s Customers

Categories of data

The personal data transferred concern the following categories of data:

Customer name, amount to be charged, card number, CSV, post code, country code, address, email address, fax, phone, website, expiry date, shipping details, tax status

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify):

Not applicable, unless Merchant configures the service to capture such data.

Processing operations

The personal data transferred will be subject to the following basic processing activities:

The receipt and storage of Personal Data in the performance of the Services during the Term of the Agreement.

DATA EXPORTER

Name: …………………………………………….

Authorised Signature …………………………………………….

DATA IMPORTER

Name: …………………………………………….

Authorised Signature …………………………………………….


APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

The following measures will be implemented:

  1. Measures taken to prevent any unauthorised person from accessing the facilities used for data processing (e.g. secured access, badges);
  2. Measures taken to prevent data media from being read, copied, amended or moved by any unauthorised persons(e.g. data kept in locked premises);
  3. Measures taken to prevent the unauthorised introduction of any data into the information system, as well as any unauthorised knowledge, amendment or deletion of the recorded data (e.g. restricted access to the IT infrastructure);
  4. Measures taken to prevent data processing systems from being used by unauthorised person using data transmission facilities ( e.g. firewalls);
  5. Measures taken to guarantee that authorised persons when using an automated data processing system may access only data that are within their competence (e.g. specific users accounts);
  6. Measures taken to guarantee the checking and recording of the identity of third parties to whom the data can be transmitted by transmission facilities (e.g. VPN, encryption of data);
  7. Measures taken to guarantee that the identity of the persons having had access to the information system and the data introduced into the system can be checked and recorded ex post facto at any time and by any authorised person ;
  8. Measures taken to prevent data from being read, copied, amended or deleted in an unauthorised manner when data are disclosed and data media transported;
  9. Measures taken to safeguard data by creating backup copies (encryption of data back-ups).

ATTACHMENT 2

Sub-processor List

  1. Century Link: 917 South Lusk, 3rd Floor, Boise, ID 83706
  2. Kount Inc: 100 CenturyTel Drive, Monroe, LA 71203

Section 3 — Regulatory

3.01 Regulatory notice

For merchants with seat in the European Union, Liechtenstein, Vatican City, Isle of Man, Guernsey, Jersey and San Marino or Norway, Braintree is provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., (R.C.S. Luxembourg B 118 349) (“PayPal”). PayPal is duly licensed as a Luxembourg credit institution in the sense of Article 2 of the law of 5 April 1993 on the financial sector as amended (the “Law”) and is under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier (the “CSSF”).The CSSF has its registered office in L-1150 Luxembourg. Because the funds processed by Braintree for you do not legally qualify as a deposit or an investment service, you are not protected by the Luxembourg deposit guarantee schemes provided by the Association pour la Garantie des Dépôts Luxembourg

We will attempt to resolve any complaint relating to the provision of the Braintree services or to the Payment Services Agreement via our customer service center. In addition, you may make a complaint to the following:

  1. European Consumer Centre (ECC-Net). You may obtain further information regarding the ECC-Net and how to contact them at ( http://ec.europa.eu/consumers/redress_cons/ ). Only for Micro-enterprises.
  2. UK Financial Ombudsman Service (FOS). For UK resident Users only - the FOS is a free, independent service, which might be able to settle a complaint between you and us. You may obtain further information regarding the FOS and contact the FOS at http://www.financial-ombudsman.org.uk. Only for Micro-enterprises with seat in UK.
  3. Commission de Surveillance du Secteur Financier (CSSF). The CSSF is the authority responsible for the prudential supervision of companies in the financial sector in Luxembourg. You can contact the CSSF at 110 Route d’Arlon L-2991 Luxembourg. You may obtain further information regarding the CSSF and how to contact them at: http://www.cssf.lu.

EXHIBIT B

"Activation Date": has the definition ascribed to such term in Section 8.

“Agreement”: means this Braintree Payment Services Agreement, including all exhibits and other agreements and documents incorporated herein.

"Associations": has the definition ascribed to such term in Section 6.01.

"Association PCI-DSS Requirements": has the definition ascribed to such term in Section 6.01.

“Bank Account”: means the bank account that you specify, according to Exhibit A, 1.02, to receive your Payout Amounts.

“Braintree Dashboard” is the web view where you can access, view and create your Braintree Transactions (“Control Panel”).

“Braintree Payment Service”: has the definition ascribed to such term in Section 1.01.

“Business Day” means a day where banks are generally open in Luxembourg.

"Cardholder Information": has the definition ascribed to such term in Section 6.01.

"Chargeback" means a challenge to a payment that a buyer files directly with his or her credit card issuer or company.

“Gateway Services”: has the definition ascribed to such term in Section 1.01.

“Intellectual Property”: has the definition ascribed to such term in Section 6.03.

“Intellectual Property Rights”: has the definition ascribed to such term in Section 6.03.

“Invalidated Payment”: has the definition ascribed to such term in Section 4.

“Merchant” or “you”: means the entity and/or individual who enters into this Agreement.

“PayPal” or “Braintree”: means PayPal (Europe) S.à r. l. et Cie, S.C.A., a limited liability partnership registered as number R.C.S. Luxembourg B 118 349 having a registered office at 22-24 Boulevard Royal, L-2449, Luxembourg.

“Payment Processing Services”: has the definition ascribed to such term in Section 1.01.

“Payout Amount”: means any amount due and recorded by the acquiring bank as a Transaction (less the sum of all Refund Transactions, Chargebacks, Reversals and any applicable charges or fees).

“Reversal”: means any payment that Braintree may in exceptional cases have to reverse to your customer because the payment: (a) violates the Acceptable Use Policy, or which we reasonably suspect of violating the Acceptable Use Policy; and/or (b) has been categorized by Braintree’s risk models as involving a as a risky payment required to be reversed to mitigate the risk associated with the payment. The term “Reversed” shall be construed accordingly.

“Refund Transaction” is any refund issued by you through the Braintree Dashboard or through your API access.

“Reserve” means an amount or percentage of your Payout Amounts that we hold in order to protect against the risk of Reversals, Chargebacks, or any other risk, exposure and/or liability related to your use of the Braintree Payment Services.

“Restricted Activities” any breaches of our Acceptable Use Policy and any activity specified in Section 4.01

“SEPA” means Single European Payments Area.

“Trademarks”: has the definition ascribed to such term in Section 6.05.

“Transaction”: means any proceeds from settled card transactions initiated by you that are received by Braintree from your acquiring bank. A Transaction shall be deemed to be complete when we have control of the funds related to the applicable transaction.

“Transaction Data”: has the definition ascribed to such term in Section 6.02.


Current Payment Services Agreement

This version of the Agreement is effective until 29 May 2016. Please note that Section 2 of Exhibit A is no longer effective on 18 May 2016, but already replaced with the new Section 2 of Exhibit A as shown above.

This Braintree Payment Services Agreement, and the agreements incorporated herein (this "Agreement") is entered into by and between Braintree ("Braintree," “we” or “our”), a division of PayPal (defined below) and the entity and/or individual who enters into this Agreement (“Merchant" or “you”), and is made effective as of the date that you click through this Agreement, physically sign it, or receive an electronic copy of it and continue to use the Braintree Payment Services. This Agreement sets out the terms and conditions under which Merchant may utilize the Braintree Payment Service (defined below).

This Agreement becomes a legally binding contract entered into by you:

  • By clicking on the "create account" button in the signup page on the Braintree website at www.braintreepayments.com,
  • by signing below (if in hard copy), or
  • by using the Braintree Payment Services.

This Agreement is provided to you in English. We recommend that you download or print a copy of this Agreement for your records, which you can do by clicking on the link on this page.

This Agreement, as it may be amended or supplemented from time to time, (all future changes to this Agreement are hereby incorporated by reference into this Agreement) together with all other terms and required disclosures relating to your use of the Braintree Payment Services, will be available to you on the Braintree website(s) (located on the “Legal” link on our website).

When you apply to become a Braintree customer, we collect information about you and your business, and confirm your identity to satisfy our anti-money laundering requirements and other regulatory obligations (referred to as “know your customer” requirements). By completing your application to become a Braintree customer, you authorise us to obtain financial and credit information (including from third parties) relating to you, your directors, officers and principals. We use this information (and other information available to us) to evaluate you, your directors, officers and principals against our evaluation criteria. Braintree reserves the right to terminate this Agreement with immediate notice to you at any time before the “know your customer” process is completed, or not completed satisfactorily. Braintree reserves the right to refuse or rescind any payment to your customers if such process does not complete satisfactorily and/or to disburse funds to you after this mandatory process is completed.

Agreement

Section 1 — Braintree Payment Services

1.01 “Braintree Payment Services” means the Payment Processing Services and/or Gateway Services provided by Braintree to its users.

  1. "Payment Processing Services": The payment processing services offered by Braintree include services that provide Merchants with the ability to accept credit and debit card payments on a website or mobile application. These services include the Gateway Services (as defined below), bank-sponsored merchant account, fraud protection tools, recurring billing functionality, payment card storage, foreign currency acceptance, white glove customer support, and other software, APIs and services and technology as described on the Braintree website.
  2. "Gateway Services": The gateway services offered by Braintree include services that provide Merchants with the software and connectivity required to allow real-time secure data transmission for processing of credit and debit card payments on a website or mobile application.

Exhibit A includes a description of the main characteristics of the Braintree Payment Services.

Section 2 — Fees and Taxes

2.01 Fees

The fees applicable to the Braintree Payment Services are set forth on our website.

All of the fees applicable to your use of the Braintree Payment Services, including applicable transaction fees and Chargeback Fees, have been disclosed to you in the onboarding flow, and can always be accessed on our website for each merchant country. All applicable fees are due and payable immediately upon settlement of the applicable Payout Amount.

Interest on any and all amounts due by you, but not yet paid to Braintree, shall accrue at a rate of 1.0% per month ("Late Fee"). In the event of a dispute made in good faith as to the amount of fees, Merchant agrees to remit payment on any undisputed amount(s); and, the Late Fee shall not accrue as to any disputed amounts unless not paid within thirty (30) calendar days after said dispute has been resolved by both parties.

2.02 Payment of Fees; Right to Set-off

Braintree will, on a daily basis, pay to your Bank Account the aggregate of all Payout Amounts net of the applicable fees and other amounts due to Braintree. If the Payout Amount is not sufficient to cover the applicable fees or other amounts due to Braintree on any given day, any difference will be carried forward to the next day and applied against that day’s Payout Amount.

Upon Braintree’s request, Merchant shall provide Braintree with all necessary bank account, routing and related information and grant Braintree any required permission to debit the fees from your Bank Account.

You agree that Braintree may take the following actions to recover any fees or other amounts payable by you to Braintree, in its sole discretion and without the requirement of delivering prior notice:

  1. debit your Bank Account for the applicable amounts; and/or
  2. set-off the applicable amounts against Payout Amounts from incoming Transactions

2.03 Taxes

Unless otherwise stated, all charges, fees and other payments to be made by you under the Agreement are exclusive of VAT and any other relevant taxes (if any), and, in addition to paying such sums, you will be responsible for paying any such VAT and other relevant taxes.

In the event that Braintree incurs (a) any sales, use, excise, import or export, value-added, or similar tax or duty, and any other tax or duty based on Merchant’s relationship with Braintree and not based on Braintree's income; and (b) any government permit fees, customs fees and similar fees based on Merchant’s relationship with Braintree, Merchant agrees to reimburse Braintree for any such amounts. Such taxes, fees and duties paid by Merchant shall not be considered a part of, a deduction from, or an offset against, payments due to Braintree hereunder.

Section 3 — Restricted Activities, Representations and Warranties

3.01 Restricted activities

In connection with your use of the Braintree Payment Services, or in the course of your interactions with Braintree, you will comply at all times with the Braintree Acceptable Use Policy accessible at the following address: https://www.braintreepayments.com/legal/acceptable-use-policy.

You agree that you will not:

  1. Breach this Agreement, your applicable bank agreement that you entered into when you signed up for the Braintree Processing Services, or any other agreement that you have entered into with us in connection with the Braintree Payment Services;
  2. Breach any law, statute, regulation, or contract;
  3. Use the Braintree Payment Services in a manner that could result in a violation of anti-money laundering, counter terrorist financing and similar legal and regulatory obligations (including, without limitation, where we cannot verify your identity or other required information about your business) applicable to you or Braintree.
  4. Fail to provide us with any information that we request about you or your business activities, or provide us with false, inaccurate or misleading information;
  5. Refuse to cooperate in an investigation or provide confirmation of your identity or any information you provide to us;
  6. Reveal your access credentials to anyone else or use anyone else's access credentials for the Braintree Payment Services. We are not responsible for losses incurred by you including, without limitation, the use of your access to the Braintree Payment Services, by any person other than you, arising as the result of misuse of passwords; or
  7. Integrate or use any of the Braintree Payment Services without fully complying with all requirements communicated to you by Braintree.

3.02 Representations and warranties by Merchant

  1. Merchant has the full power and authority to execute, deliver and perform this Agreement. This Agreement is valid, binding and enforceable against Merchant in accordance with its terms and no provision requiring Merchant's performance is in conflict with its obligations under any constitutional document, charter or any other agreement (of whatever form or subject) to which Merchant is a party or by which it is bound.
  2. Merchant is duly organized, authorized and in good standing under the laws of the state, region or country of its organization and is duly authorized to do business in all other states, regions or countries in which Merchant's business make such authorization necessary or required.

Section 4 — Liability for Invalidated Payments and other Liabilities

You must compensate and indemnify us for any claims, losses, expenses or liability we incur arising out of:

  1. a transaction or dispute between you and your customer(s);
  2. an invalid transaction, refund transaction, over-payment, Chargeback and any other expenses, collectively “Invalidated Payments”;
  3. any error, negligence, willful misconduct or fraud by you or your employees; or
  4. any losses suffered by us as a result of your failure to comply with your obligations under this Agreement.

In the event of an Invalidated Payment and other liability, we may deduct the amount of the Invalidated Payment from your Payout Amounts.

Section 5 — Actions We May Take

5.01 Actions by Braintree

If we have reason to believe that there is a higher than normal risk associated with your Transactions, in particular if we believe you have breached the terms of this Agreement, we may take various actions to avoid Reversals, Chargebacks, fees, fines, penalties and any other liability. The actions we may take include but are not limited to the following:

  1. We may, at any time and without liability, limit or suspend your right to use the Braintree Payment Services if we believe that you are in breach of your obligations under this Agreement, including without limitation Section 3.01 “Restricted Activities”. If possible, we will give you advance notice of any limitation or suspension, but we may take such actions without advance notice under certain circumstances, including if we believe that your use of the Braintree Payment Services represents a security threat or involves fraud or any other illegal activities;
  2. Refuse any Transaction at any time, provided that, upon request and where possible, we will provide the reasons for the refusal and steps for resolution of the problem;
  3. Reverse any Transaction (including, if appropriate, to the sender’s credit card), that violates, or we reasonably suspect may violate, this Agreement, including but not limited to our Acceptable Use Policy or section 3.01;
  4. Hold your funds or suspend/ limit your account, to the extent and for so long as reasonably needed to protect against the risk of liability or as required to mitigate any regulatory risk in relation to your Transactions.

5.02 Reserves

Braintree, in its sole discretion, may place a Reserve on all or a portion of your Payout Amounts. If Braintree imposes a Reserve, we will provide you with a notice specifying the terms of the Reserve. The terms may require (a) that a certain percentage of your Payout Amounts are held for a certain period of time, (b) that a fixed amount of your Payout Amounts is withheld from payout to you, or (c) such other restrictions that Braintree determines are necessary to protect against the risk to us associated with our business relationship. Braintree may change the terms of the Reserve at any time by providing you with notice of the new terms. Payout Amounts subject to a Reserve are not immediately available for payout to you or for making Refund Transactions. Other restrictions described in (c) above may include: limiting Payout Amounts immediately available to you, changing the speed or method of payouts to you, setting off any amounts owed by you against your Payout Amounts and/or requiring that you, or a person associated with you, enter into other forms of security arrangements with us (for example, by providing a guarantee or requiring you to deposit funds with us as security for your obligations to us or third parties). You also agree to undertake, at your own expense, any further action (including, without limitation, executing any necessary documents and registering any form of document reasonably required by us to allow us to perfect any form of security interest or otherwise) required to establish a Reserve or other form of security in a manner reasonably determined by us.

Braintree may hold a Reserve as long as it deems necessary, in its sole discretion, to mitigate any risks related to your Transactions. You agree that you will remain liable for all obligations related to your Transactions even after the release of any Reserve. In addition, we may require you to keep your Bank Account available for any open settlements, Chargebacks and other adjustments.

5.03 Security Interest

To secure your performance of this Agreement, you grant to Braintree a legal claim to any Payout Amounts held in Reserve. This is known in legal terms as a “lien” on and “security interest” in these Payout Amounts.

5.04 Direct Acceptance with American Express

You acknowledge that if you process greater than or equal to the equivalent of $500,000 USD in American Express transactions annually, American Express may require you to enter into a direct contractual relationship with them. In this situation, American Express will set pricing for American Express transactions, and you will pay fees for American Express transactions directly to American Express.

Section 6 — Data, Intellectual Property, Publicity

6.01 Data Security Compliance

Merchant agrees to comply with data privacy and security requirements under the Payment Card Industry Data Security Standard ("Association PCI- DSS Requirements") with regards to Merchant's use, access, and storage of certain credit card non-public personal information ("Cardholder Information") on behalf of Braintree. Visa, Mastercard, Discover, American Express, any ATM or debit network, and the other financial service card organizations shall be collectively known herein as "Associations." Additionally, Merchant agrees to comply with its obligations under any applicable law or regulation as may be in effect or as may be enacted, adopted or determined regarding the confidentiality, use, and disclosure of Cardholder Information. Braintree may, at its discretion, conduct an on-site audit and review of Merchant's data privacy and security procedures upon either (a) five (5) Business Days’ notice for any reason or (b) immediately upon any unauthorized access to, use or disclosure of any Cardholder Information entrusted to Merchant.

Braintree may, with written notice to Merchant, require that Merchant comply with any further requirements of the European Central Bank or the Associations for strong authentication for all or certain specified credit card transactions.

6.02 Data Accuracy

Merchant warrants to Braintree that all data and entries delivered to Braintree by Merchant will (a) be correct in form, (b) contain true and accurate information, (c) be fully authorized by the customer, and (d) be timely under the terms and provisions of this Agreement.

6.03 Intellectual Property

"Intellectual Property" means all of the following owned by a party: (a) trademarks and service marks (registered and unregistered) and trade names, and goodwill associated therewith; (b) patents, patentable inventions, computer programs, and software; (c) databases; (d) trade secrets and the right to limit the use or disclosure thereof; (e) copyrights in all works, including software programs; and (f) domain names. The rights owned by a party in its Intellectual Property shall be defined, collectively, as "Intellectual Property Rights." Other than the express licenses granted by this Agreement, Braintree grants no right or license to Merchant by implication, estoppel or otherwise to the Braintree Payment Service or any Intellectual Property Rights of Braintree. Each party shall retain all ownership rights, title, and interest in and to its own products and services (including in the case of Braintree, in the Braintree Payment Service) and all intellectual property rights therein, subject only to the rights and licenses specifically granted herein.

6.04 License Grant

If you are using our software such as an API, developer's toolkit or other software application (the “Software”) that you have downloaded to your computer, device, or other platform, then Braintree grants you a revocable, non-exclusive, non-transferable license to use Braintree's software in accordance with the documentation. This license grant includes the software and all updates, upgrades, new versions and replacement software for your use in connection with the Braintree Payment Service. You may not rent, lease or otherwise transfer your rights in the software to a third party. You must comply with the implementation and use requirements contained in all Braintree documentation accompanying the software. If you do not comply with Braintree’s instructions, implementation and use requirements you will be liable for all resulting damages suffered by you, Braintree and third parties. Unless otherwise provided by applicable law, you agree not to alter, reproduce, adapt, distribute, display, publish, reverse engineer, translate, disassemble, decompile or otherwise attempt to create any source code that is derived from the software. Upon expiration or termination of this Agreement, you will immediately cease all use of any Software.

6.05 Trademarks

License to Braintree Trademarks. Subject to the terms and conditions of this Agreement, Braintree grants you a revocable, non-exclusive, non-transferable license to use Braintree's trademarks to identify the Braintree Payment Service (the "Trademarks") during the term of this Agreement solely in conjunction with the use of the Braintree Payment Service. Braintree grants no rights in the Trademarks or in any other trademark, trade name, service mark, business name or goodwill of Braintree except as licensed hereunder or by separate written agreement of the parties. Merchant agrees that it will not at any time during or after this Agreement assert or claim any interest in or do anything that may adversely affect the validity of any Trademark or any other trademark, trade name or product designation belonging to or licensed to Braintree (including, without limitation registering or attempting to register any Trademark or any such other trademark, trade name or product designation). Upon expiration or termination of this Agreement, Merchant will immediately cease all display, advertising and use of all of the Trademarks.

6.06 Publicity

Merchant hereby grants Braintree permissions to use Merchant's name and logo in its marketing materials including, but not limited to use on Braintree's website, in customer listings, in interviews and in press releases.

Section 7 — Indemnification, Limitation of Liability, Disclaimer of Warranties

7.01 Indemnification

Merchant agrees to defend, indemnify, and hold harmless PayPal, Braintree, our affiliates and subsidiaries, the people who work for us or who are authorised to act on our behalf from any claim or demand (including attorneys’ fees) made or incurred by any third party due to or arising out of your breach of this Agreement or your applicable bank agreement that you entered into when you signed up for the Braintree Processing Services, your improper use of the Braintree Processing Services, and/or your violation of any law or the rights of a third party.

7.02 LIMITATION OF LIABILITY

NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR TO ANY OTHER THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, RELIANCE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE BRAINTREE PAYMENT SERVICE, WHETHER FORESEEABLE OR UNFORESEEABLE, AND WHETHER BASED ON BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, MISREPRESENTATION, NEGLIGENCE, STRICT LIABILITY IN TORT, OR OTHER CAUSE OF ACTION (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF DATA, GOODWILL, PROFITS, INVESTMENTS, USE OF MONEY, OR USE OF FACILITIES; INTERRUPTION IN USE OR AVAILABILITY OF DATA; STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS; OR LABOR CLAIMS), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. UNDER NO CIRCUMSTANCES SHALL BRAINTREE'S TOTAL AGGREGATE LIABILITY TO MERCHANT OR ANY THIRD PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE AMOUNTS PAID BY MERCHANT TO BRAINTRE UNDER THIS AGREEMENT DURING THE FIRST TWELVE MONTH PERIOD AFTER THE EFFECTIVE DATE OF THIS AGREEMENT. FOR THE AVOIDANCE OF ANY DOUBT, NOTHING IN THIS AGREEMENT SHALL LIMIT THE LIABILITY OF EITHER PARTY FOR GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR TORT.

7.02 Disclaimer of Warranties

THE BRAINTREE PAYMENT SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY WHATSOEVER. BRAINTREE DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, TO MERCHANT AS TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY BRAINTREE OR ITS EMPLOYEES OR REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF BRAINTREE'S OBLIGATIONS.

During the term of this Agreement, Braintree shall use its commercially reasonable efforts to provide the Braintree Payment Service without interruption. However, the parties acknowledge that the Braintree Payment Service is a computer network based service which may be subject to outages and delay occurrences. As such, Braintree does not guarantee continuous, or uninterrupted access to the Braintree Payment Services. Braintree shall not be liable for any delay in the failure in our provision of the Braintree Payment Services under this Agreement. Merchant acknowledges that Merchant’s access to the Braintree website may be occasionally restricted to allow for repairs, maintenance or the introduction of new facilities or services. Braintree will make reasonable efforts to ensure that Transactions are processed in a timely manner. Braintree will not be liable in any manner for any interruptions, outages, or other delay occurrences relating to the Braintree Payment Service.

Section 8 — Term and Termination, Data Portability

The initial term of this Agreement shall commence upon successful registration on the Braintree website and activation by Braintree for productive use (“Activation Date”).

This Agreement shall continue on until terminated as set forth herein. Notwithstanding any other provisions in this Agreement,

  1. you may terminate this Agreement, without cause, by providing Braintree with one (1) day written notice.
  2. Braintree may terminate this Agreement, without cause, by providing you with two (2) months prior notice. This will not affect Braintree’s right to (i) suspend our services according to Section 5.01 or, (ii) terminate at any time this Agreement without recourse to the courts (“de plein droit” in case of an important cause pursuant to which you breach your duties cited in this Agreement rendering infeasible or considerably aggravate the continuation of our business relationship with you. In case the important cause consists in a breach of this Agreement, we will terminate only after unsuccessful lapse of a reasonable prior notice to remedy the breach.

Data Portability. Upon any termination of this Agreement, Braintree agrees, upon written request from Merchant, to provide Merchant’s new acquirer or payment service provider (“Data Recipient”), as applicable, with any available credit card information relating to Merchant's Customers, subject to the following conditions: (i) Merchant must provide Braintree with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (level 1 PCI compliant) by giving Braintree a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by Braintree; (ii) the transfer of such information is compliant with the latest version of the Association PCI-DSS Requirements; and (iii) the transfer of such information is allowed under the applicable card association rules, and any applicable laws, rules or regulations.

Section 9 — General Provisions

9.01 Independent Contractors

The relationship of Braintree and Merchant is that of independent contractors. Neither Merchant nor its employees, consultants, contractors or agents are agents, employees, partners or joint ventures of Braintree, nor do they have any authority to bind Braintree by contract or otherwise to any obligation. They will not represent to the contrary, either expressly, implicitly, by appearance or otherwise.

9.02 Severability

If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, void or unenforceable for any reason, the remaining provisions not so declared shall nevertheless continue in full force and effect, but shall be construed in a manner so as to effectuate the intent of this Agreement as a whole, notwithstanding such stricken provision or provisions.

9.03 Waiver

No term or provision of this Agreement shall be deemed waived and no breach excused, unless such waiver or consent shall be in writing and signed by the party claimed to have waived or consented. Any consent by any party to, or waiver of, a breach by the other party, whether express or implied, shall not constitute a consent to, waiver of, or excuse for any different or subsequent breach.

9.04 Assignment

This Agreement will bind and inure to the benefit of each party's permitted successors and assigns. Merchant may not assign this Agreement without the written consent of Braintree. Braintree may assign this Agreement in its sole discretion without the written consent of Merchant.

9.05 Amendments

To be valid, any amendment or waiver of this Agreement must be in writing, but an email suffices as writing for a waiver by Braintree. Changes to this Agreement will be offered to you in text-form, e.g. by way of sending you an e-mail, with a minimum of 2 months prior notice before the suggested effective date of such change. You will be deemed to have consented to these changes unless you explicitly dissent before the effective date. In case you do not agree to the changes, you may terminate this Agreement without any extra cost at any time before the effective date of the change. In such an e-mail, we shall specifically inform you about your right to dissent, the effective date, and your option to terminate this Agreement. We also publish the amended version of this Agreement on the Braintree website(s) at www.braintreepayments.com. In cases where we add extra functionality to the existing services or any other change which we believe in our reasonable opinion to neither reduce your rights nor increase your responsibilities, we may make an announcement with only 1 month prior notice. You shall have 3 weeks to express your dissent in such a case.

9.06 Entire Agreement; Binding Effect

This Agreement, including all schedules, exhibits and attachments thereto, sets forth the entire agreement and understanding of the parties hereto in respect to the subject matter contained herein, and supersedes all prior agreements, promises, covenants, arrangements, communications, representations or warranties, whether oral or written, by any officer, partner, employee or representative of any party hereto. This Agreement shall be binding upon and shall inure only to the benefit of the parties hereto and their respective successors and assigns. Nothing in this Agreement, express or implied, is intended to confer or shall be deemed to confer upon any persons or entities not parties to this Agreement, any rights or remedies under or by reason of this Agreement.

9.07 Survival

Merchant remains liable under this Agreement in respect to all charges and other amounts incurred through the use of the Braintree Payment Services at any time, irrespective of termination of this Agreement.

All representations, covenants and warranties shall survive the execution of this Agreement, and all terms that by their nature are continuing shall survive the termination or expiration of this Agreement.

9.08 Contact for enquiries, communication and availability of contractual documents

If you have a question or complaint relating to the Braintree Payment Services or your Transactions, please contact the Braintree customer support as defined in the “contact” tab of the Braintree website.

All information relating to the services described in this Agreement and all customer service support and other communication during the contractual relationship will be provided in the English language only.

The general terms and conditions for the Braintree Payment Services will be available at all times on www.braintreepayments.com in the “Legal” tab, and/or be made available during signup process as an electronic copy per e-mail. You may request at any time free of charge electronic copy of your contractual documents.

9.09 Notices, Governing Law, and Jurisdiction

  1. Notice to Merchant. Merchant agrees that Braintree may provide notice to Merchant by posting it on Braintree’s website, emailing it to Merchant, or sending it to Merchant through postal mail. Notices sent to Merchant by mail are considered received by Merchant within 3 Business Days of the date Braintree sends the notice unless it is returned to Braintree. In addition, Braintree may send Merchant emails, including, but not limited to as it relates to product updates, new features and offers and Merchant hereby consents to such email notification.
  2. Notice to Braintree. Notice to Braintree must be sent by postal mail to PayPal (Europe) S.à r.l. et Cie, S.C.A. Attention: Legal Department, 22-24 Boulevard Royal L-2449, Luxembourg.
  3. Governing Law and Jurisdiction. The Parties choose Luxembourg law as the governing law of this Agreement. The competent courts of Luxembourg City shall have non-exclusive jurisdiction over all disputes arising out of or in connection with this Agreement.

EXHIBIT A

Section 1 — The Braintree Payment Service

Braintree

Braintree provides Merchants with the ability to accept credit and debit card payments on a website or mobile application. The Braintree Payment Services include payout of funds to a bank account defined by you, fraud protection tools, recurring billing functionality, payment card storage, foreign currency acceptance, white glove customer support, and other software, APIs and other services and technology as described on the Braintree website. Braintree also provides Merchants with the software and connectivity required to allow real-time secure data transmission and processing of credit and debit card payments.

How to receive payments

You can create and submit one-time or recurring transactions in your Braintree Dashboard or by API access for your customers and store the customer and card payment details with Braintree.

1.01 Getting started.

At the time of your sign up as a Braintree customer, Braintree needs to collect information about you and your business, and confirm your identity in accordance with its anti-money laundering and other regulatory obligations before you have full access to the Braintree Payment Services and disbursement of funds is possible. Braintree will notify you immediately when this mandatory process is completed. Braintree may let you create transactions before this process is complete. Any transactions you create before such time are subject to satisfactory completion of such process and subject to reversal in case the process is not complete within 30 Business Days.

1.02 Receiving payments, Bank Account and Payouts

Any proceeds from settled card transactions initiated by you will be received by Braintree from the sponsoring acquiring bank and settled to your Bank Account or directed to your Bank Account at our request by the sponsoring acquiring bank.

Subject to the terms of this Agreement, Braintree will pay to your Bank Account all amounts due to you and recorded by the sponsoring acquiring bank as Transactions, minus any fees, Reversals, Chargebacks, refunds or other amounts that you owe to Braintree under this Agreement.

Merchant acknowledges and agrees that a Transaction may become subject to a Chargeback even after settlement, or be invalidated for any other reason. Any of Merchant’s Payout Amounts are subject to any such event and the Merchant is required to pay to Braintree:

  1. the full amount of the original Transaction
  2. any fees and cost incurred by Braintree in this respect
  3. any Chargeback fees according to this Agreement.

You must designate at least one bank account for the deposit and settlement of funds associated with Braintree’s processing of the Transactions. Your Bank Account must be part of the SWIFT network and be able to receive the currency received from us.

With prior notice, you can change your Bank Account by way of contacting Braintree’s customer service. You authorize Braintree to initiate electronic credit and debit entries and adjustments to the Bank Account and you shall execute any documentation necessary to give effect to such authorization under the applicable legal framework of your Bank Account. Braintree will not be liable for any delays in receipt of funds or errors in the Bank Account entries caused by third parties, including but not limited to delays or errors by the payment brands or your bank.

1.03 Execution and cut-off times

If Braintree is managing your settlement, you agree that we will make commercially reasonable efforts to settle to your Bank Account, at the latest, by the end of the next Business Day following the date we have received the funds from your acquiring bank

Our obligation to execute payment orders within the time period set out above in this section only applies to payments executed in the currency of Pounds Sterling, Euro or the currency of the EEA State that has not adopted Euro as its currency, and to Bank Accounts within the European Union.

Braintree is under no obligation to execute your payment order if you do not have sufficient funds or in any of the cases described in Section 5.01. Braintree reserves the right not to effect a payment made by you until it receives cleared funds.

1.04 Refunds

You may issue refunds in relation to a Transaction (“Refund Transaction”) in the Braintree Dashboard or through your API access. Unless specifically approved otherwise by Braintree, Refund Transactions encompass the original amount and currency of the Transaction plus shipping cost.

1.05 Security of your access, unauthorized transactions

You agree to:

  1. not allow anyone else to have or use your password details and comply with all reasonable instructions we may issue regarding how you can keep your payment instrument safe
  2. Keep your personal details up to date. We may be unable to respond to you if you contact us from an address, telephone number or email account that is not registered with us.
  3. Take all reasonable steps to protect the security of the personal electronic device through which you access the Braintree Payment Services (including, without limitation, using pin and/or password protected personally configured device functionality to access the Services and not sharing your device with other people).
  4. You will be solely responsible to obtain accurate credit card information and authorization from your customers.

1.06 Statements / overviews

You may check at any time in your Braintree Dashboard your processed Transactions, as well as your Refunds, Chargebacks and amounts settled to your Bank Account, and their respective status, and credit / debit date. Such statements will also display fees and their breakdown. If you have agreed to a monthly settlement of fees, your fees will be shown in your monthly settlement statement and a detailed spreadsheet will be made available in the “statements” section of the control panel. In case you need a permanent file, we also offer your transaction overview for download.

In addition to viewing the Transactions from the Braintree Payment Services, the Braintree Dashboard may also offer you the ability to see your PayPal payments. This functionality requires that you connect your existing PayPal business account through the Braintree Dashboard.Please note that the functionality is for your convenience only and is not part of the Braintree Payment Services. You should refer to your PayPal account and information on www.paypal.com for full view and functionalities relating to your PayPal payments.

Section 2 — Data Protection (Customer Data)

2.01 Definitions

For the purposes of this section, the following definitions shall apply:

"Customer Data" shall mean the information that your customer provides in the course of making a payment to you (the Merchant).

"Data Controller", “Data Processor”, "Personal Data", and "Processing" shall have the meaning given to these terms in the EU Data Protection Directive 95/46/EC as implemented in the country where the Merchant is established.

"Data Protection Requirements" means the EU Data Protection Directive (95/46/EC), and all applicable local laws and regulations implementing such Directive together with any similar laws or regulations anywhere in the world (to the extent applicable) as they may apply to a Data Controller, a Data Processor or the equivalent thereof.

2.02 Data Processing

The Parties acknowledge that the provision of the Braintree Payment Services and any sharing of Customer Data shall require the Processing of Personal Data and each Party shall be responsible for complying with its respective obligations under the applicable Data Protection Requirements.

Braintree and its affiliated companies may use, reproduce, electronically distribute, and display Customer Data (a) for the purposes of providing and improving the Braintree Payment Services; (b) as data controller in the meaning of Luxembourg data protection law for the purposes of complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with local laws.

The Parties acknowledge where Personal Data is made available to Braintree for the purpose of providing the Braintree Payment Services, Braintree shall act as a Data Processor to the Merchant. In this respect, Braintree shall (a) keep the data confidential, (b) process such data only in accordance with the instructions of the Merchant, and (c) implement appropriate technical and organizational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

US, provided that Braintree ensures that the organizations hosting that Persona Data have been certified as fulfilling the requirements of the U.S. EU Safe Harbour Framework with respect to any processing of any such Personal Data.

In respect of the provisions of the Braintree Payment Services, and in all instances in which the Merchant is a Data Controller, the Merchant warrants and undertakes to Braintree that it has satisfied the appropriate Data Protection Requirements regarding the disclosure of such Personal Data to Braintree for the purposes of providing the Braintree Payment Services including any complying with any appropriate notice or consent requirements.

Braintree will Process Customer Data for internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data, i.e. no longer qualify as Personal Data.

Section 3 — Regulatory

3.01 Regulatory notice

For merchants with seat in the European Union, Liechtenstein, Vatican City, Isle of Man, Guernsey, Jersey and San Marino or Norway, Braintree is provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., (R.C.S. Luxembourg B 118 349) (“PayPal”). PayPal is duly licensed as a Luxembourg credit institution in the sense of Article 2 of the law of 5 April 1993 on the financial sector as amended (the “Law”) and is under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier (the “CSSF”).The CSSF has its registered office in L-1150 Luxembourg. Because the funds processed by Braintree for you do not legally qualify as a deposit or an investment service, you are not protected by the Luxembourg deposit guarantee schemes provided by the Association pour la Garantie des Dépôts Luxembourg

We will attempt to resolve any complaint relating to the provision of the Braintree services or to the Payment Services Agreement via our customer service center. In addition, you may make a complaint to the following:

  1. European Consumer Centre (ECC-Net). You may obtain further information regarding the ECC-Net and how to contact them at ( http://ec.europa.eu/consumers/redress_cons/ ). Only for Micro-enterprises.
  2. UK Financial Ombudsman Service (FOS). For UK resident Users only - the FOS is a free, independent service, which might be able to settle a complaint between you and us. You may obtain further information regarding the FOS and contact the FOS at http://www.financial-ombudsman.org.uk. Only for Micro-enterprises with seat in UK.
  3. Commission de Surveillance du Secteur Financier (CSSF). The CSSF is the authority responsible for the prudential supervision of companies in the financial sector in Luxembourg. You can contact the CSSF at 110 Route d’Arlon L-2991 Luxembourg. You may obtain further information regarding the CSSF and how to contact them at: http://www.cssf.lu.

EXHIBIT B

"Activation Date": has the definition ascribed to such term in Section 8.

“Agreement”: means this Braintree Payment Services Agreement, including all exhibits and other agreements and documents incorporated herein.

"Associations": has the definition ascribed to such term in Section 6.01.

"Association PCI-DSS Requirements": has the definition ascribed to such term in Section 6.01.

“Bank Account”: means the bank account that you specify, according to Exhibit A, 1.02, to receive your Payout Amounts.

“Braintree Dashboard” is the web view where you can access, view and create your Braintree Transactions (“Control Panel”).

“Braintree Payment Service”: has the definition ascribed to such term in Section 1.01.

“Business Day” means a day where banks are generally open in Luxembourg.

"Cardholder Information": has the definition ascribed to such term in Section 6.01.

"Chargeback" means a challenge to a payment that a buyer files directly with his or her credit card issuer or company.

“Gateway Services”: has the definition ascribed to such term in Section 1.01.

“Intellectual Property”: has the definition ascribed to such term in Section 6.03.

“Intellectual Property Rights”: has the definition ascribed to such term in Section 6.03.

“Invalidated Payment”: has the definition ascribed to such term in Section 4.

“Merchant” or “you”: means the entity and/or individual who enters into this Agreement.

“PayPal” or “Braintree”: means PayPal (Europe) S.à r. l. et Cie, S.C.A., a limited liability partnership registered as number R.C.S. Luxembourg B 118 349 having a registered office at 22-24 Boulevard Royal, L-2449, Luxembourg.

“Payment Processing Services”: has the definition ascribed to such term in Section 1.01.

“Payout Amount”: means any amount due and recorded by the acquiring bank as a Transaction (less the sum of all Refund Transactions, Chargebacks, Reversals and any applicable charges or fees).

“Reversal”: means any payment that Braintree may in exceptional cases have to reverse to your customer because the payment: (a) violates the Acceptable Use Policy, or which we reasonably suspect of violating the Acceptable Use Policy; and/or (b) has been categorized by Braintree’s risk models as involving a as a risky payment required to be reversed to mitigate the risk associated with the payment. The term “Reversed” shall be construed accordingly.

“Refund Transaction” is any refund issued by you through the Braintree Dashboard or through your API access.

“Reserve” means an amount or percentage of your Payout Amounts that we hold in order to protect against the risk of Reversals, Chargebacks, or any other risk, exposure and/or liability related to your use of the Braintree Payment Services.

“Restricted Activities” any breaches of our Acceptable Use Policy and any activity specified in Section 4.01

“SEPA” means Single European Payments Area.

“Trademarks”: has the definition ascribed to such term in Section 6.05.

“Transaction”: means any proceeds from settled card transactions initiated by you that are received by Braintree from your acquiring bank. A Transaction shall be deemed to be complete when we have control of the funds related to the applicable transaction.

“Transaction Data”: has the definition ascribed to such term in Section 6.02.