GENERAL TERMS AND CONDITIONS

1. GENERAL PROVISION
   1. This General terms and conditions govern your use of the Payment Gateway and together with the Standard Operating Procedure and the Processing Agreement executed between PaynetEasy Technologies Limited (hereinafter – “Company”) and the Client (hereinafter “Client” and “Company” jointly referred to as “Parties”) constitute an entire agreement between Parties (hereinafter – “Agreement”).
2. TERMS AND DEFINITIONS
   1. If in accordance with the applied rules of the payment systems any term is supposed to have another meaning which is different from the one stated herein, such a term shall be interpreted in accordance with the rules of the payment system.
   2. Terms used herein shall have the meaning specified in this clause, provided that they are capitalized:
      1. “Man Hour” means a unit for measuring working time equal to one hour of actual work of one person.
      2. “Acquirer” means a financial institute that performs full scope of financial transactions related to settlements and Card payments.
      3. “Issuing Bank” means a bank, which issues and maintains the Card.
      4. “Governmental Body” shall mean any government or governmental or regulatory body thereof, or political subdivision thereof, or any agency, instrumentality or authority thereof, or any court or arbitrator (public or private).
      5. “Card” means the tool for cashless transfers, designed for the Cardholder to make transactions using money on the bank account opened by the Issuing Bank to the Cardholder’s name under the agreement between such Cardholder and Issuing Bank.
      6. “Cardholder” means an individual or an authorized representative of a legal entity, in whose name the Card is issued.
      7. “Payment System” means the international payment system “Visa International”, the international payment system “MasterCard Worldwide, and other operators on transfer of digital money.
      8. “Payment Gateway” means the hardware and software complex deployed at the Payment System, which allows to automate the process of acceptance and making of payments.
      9. “Standard operating procedure” means the procedure of communication between the Client and the Company is published at the Company website.
      10. PAP (“Payneteasy Analytical Platform”) means the payment business management system and analytical platform of the Payment Gateway. Account in such system is provided to the Client after the execution of this Agreement.
      11. “Transaction” means a payment transaction of settlement for products, works, and (or) services purchased (being purchased), executed with the use of the Card; or a financial transaction of transfer of funds with using Matercard Moneysend and Visa direct technologies.
      12. “Mobile Terminal” means an aggregate of a mobile device and a mobile POS-terminal connected to it, designed to read the Card data and used in order to process payment transactions and/or for information exchange with the Payment Gateway via the Payment Gateway.
      13. “The cardholder data environment (CDE)” mean comprised of people, processes and technologies that store, process, or transmit Cardholder data or sensitive authentication data.
      14. “PCI DSS” (Payment Card Industry Data Security Standard) means the rules for secure storage, processing and transfer of data accepted in the payment cards industry and supported with the participation of Payment Systems.
      15. “Processing Service” mean data processing and information exchange between Client, Acquirer and Cardholders via the Payment Gateway for purpose of making agreed Transactions.
      16. “E-Commerce payment transaction” shall mean any payment Transaction issued to Payment Gateway from Internet website or Mobile Internet website.
      17. “Mobile payment transaction” shall mean any payment Transaction issued to Payment Gateway from Mobile terminal.
      18. “MOTO payment transaction” shall mean any payment transaction issued to Payment Gateway from a virtual terminal or e-terminal.
      19. “Deposit to card transfer transaction (D2C)” shall mean any Transaction issued to Payment Gateway from Internet website or Mobile Internet website aimed at transfer of monetary funds from the bank account of the Client to the Card in favour of the Cardholder.
      20. “Specification” shall mean a description of Payment Gateway, published at the Company website.
      21. “Processing Service” shall mean providing a safe software and technical infrastructure complying with the PCI DSS, for the purpose of secure exchange of data between settlements and data storage participants.
      22. Terms “Support System”, “Account”, “Error” used herein, shall have the meaning provided by the Standard Operating Procedure.
      23. “Personal Data Processing Agreement” shall refer to Appendix #1 attached to these General Terms and Conditions which constitutes an integral part of thereof.
3. AVAILABILITY OF PAYMENT GATEWAY
   1. The Company shall ensure accessibility of servers and databases of the Payment Gateway of no less than 99.0% of time per month (no more than 7.299 hours of downtime per month). Payment Gateway is deemed accessible if the servers it functions on work without Critical Errors as described in Standard operating procedure.
   2. Payment Gateway is provided on the terms of Internet access to the servers, where the software and the database management systems are hosted via interfaces provided in the Payment Gateway.
   3. To ensure the adequate level of quality and security Parties agreed to introduce the schedule of preventive maintenance works, during which time the Payment Gateway will be inaccessible. Procedure for preventive maintenance works is set forth in the Standard operating procedure. During the preventive maintenance works the Payment Gateway is deemed accessible despite the interruption.
   4. Measuring the availability of the servers’ connection with the Internet is carried out by an external monitoring service in accordance with Standard operating procedure.
4. New Inventions
   1. OWNERSHIP OF NEW INVENTIONS
      1. The Client shall acquire no rights to new enhancements, translations, re-writings, revisions, updates, modifications, or improvements made by Company/Client in connection with the Payment Gateway (hereinafter — “the New Inventions”) which shall be considered as an integral part of the Payment Gateway, including but not limited to Acquirer integration software, from the moment of their creation unless parties agree to treat it differently and sign their intentions in the separate Agreement or Addendum to this contract.
   2. IMPLEMENTATION
      1. Company shall be entitled to implement, at any time, any New Invention at its own discretion without Client’s consent, providing it does not influence the way the Client uses the system.
5. LICENSE
   1. Subject to the terms and conditions of this Agreement and the proper disbursement of Company's consideration, which is deemed to be provided during the Period of the Agreement, Company grants to Client a non-exclusive, non-transferable, limited-in-time right to access the Payment Gateway in accordance with Client purpose (the “License”). Except for the License granted herein, no rights to the Payment Gateway are assigned to the Client under the Agreement.
6. CONFIDENTIAL INFORMATION
   1. “Confidential Information” shall mean any information disclosed by either party (the “Disclosing Party”) to the other party or anyone acting in its behalf (the “Receiving Party”) or by its Affiliates, in any manner: directly or indirectly, in writing, orally, in digital form or in any other form or media, including, without limitation, data, technology, Payment Gateway and modifications or upgrades thereof, the Processing Service, know-how, designs, processes, documents, systems, specifications, plans, Personal Data, ESK issued by the Client, information concerning research and development work, prices, costs, proposed transaction terms and other commercial information and/or trade and business secrets including information which relates to current, planned or proposed products, marketing, sales and business plans or status, forecasts, projections and analyses, financial information, third party confidential information and customer information, including Clients, Acquirers, PSPs, Transactions and parties to Transactions, vulnerabilities found in the Payment Gateway infrastructure.
   2. EXCEPTIONS TO CONFIDENTIAL INFORMATION
      1. For the purposes of this Agreement, Confidential Information will not include any information that has been:
         1. publicly known and made generally available in the public domain, through no action or inaction of the parties;
         2. already in the possession of the party receiving the information at the time of disclosure by a Disclosing Party, as demonstrated by documentary evidence;
         3. obtained by the Receiving Party from a third party without a breach of such third party’s obligations of confidentiality, as demonstrated by documentary evidence; or;
         4. independently developed by the Receiving Party without use of or reference to the Confidential Information, as demonstrated by documentary evidence.
   3. RESTRICTIONS ON USE
      1. Receiving Party agrees and undertakes that it will not use the Confidential Information except in accordance with the purpose of this Agreement nor will it disclose any Confidential Information to any third parties without the Disclosing Party’s written consent.
      2. Receiving Party may disclose the Confidential Information if required by law, so long as it gives the Disclosing Party prompt written notice of such requirement prior to such disclosure (unless such notice is prohibited by law) and assistance in obtaining an order protecting the Confidential Information from public disclosure. If such an order is not obtained, Receiving Party shall disclose only that portion of the Confidential Information which is legally required, and shall ensure confidential treatment of such information.
      3. Except for backup of the Confidential Information, Receiving Party shall not make any copies of any Confidential Information without the prior written consent of the Disclosing.
   4. STANDARD OF CARE
      1. Receiving Party agrees that it shall hold all Confidential Information in strict confidence and shall safeguard the Confidential Information with the highest reasonable degree of care, while taking all reasonable precautions necessary to protect the secrecy and preserve the confidentiality of the Confidential Information.
      2. Without limiting the foregoing, Receiving Party will take at least those measures that it takes to protect its own confidential information but take not less than reasonable measures and utilize not less than a reasonable standard of care.
   5. PERMITTED DISCLOSURE
      1. Receiving Party agrees not to disclose, even in part, any Confidential Information, except as provided herein. Disclosing Party shall only make the Confidential Information, and even then, specifically the relevant parts thereof, available to its employees, consultants, affiliates, agents and subcontractors, excluding any entity (and any personnel of such entity) that is a competitor of the Disclosing Party, on a “need to know” basis in order to carry out the purpose of the Agreement (such recipients, collectively, the “Authorized Recipients”).
      2. Prior to any disclosure of the Disclosing Party's Confidential Information to the Authorized Recipients to the extent permitted hereunder, the Receiving Party will ensure that such Authorized Recipients are bound by a non-use and non-disclosure agreement that contains provisions in respect of disclosure and use of Confidential Information that are substantially similar to the applicable provisions of this clause. Furthermore, each party will reproduce the other party’s proprietary rights and confidentiality notices on any approved copies of Confidential Information.
   6. INJUNCTIVE RELIEF
      1. The parties acknowledge that unauthorized disclosure or use of Confidential Information may give rise to irreparable injury, which may not be adequately compensated by damages. The Parties agree and acknowledge that money damages may not be a sufficient remedy for any breach or threatened breach of this Agreement by either party and that the other party shall be entitled to seek specific performance or injunctive relief (as appropriate) as a remedy for any breach or threatened breach thereof, in addition to any other remedies available at law or in equity.
   7. RETURN OF MATERIALS
      1. Upon the written request of the Disclosing Party, the Receiving Party shall promptly return to the Disclosing Party or destroy all copies of the Confidential Information. Receiving Party shall furnish the Client, together with such returned materials or subsequent to any destruction thereof, a certificate duly executed by an officer of such party, confirming that the provisions of this section have been complied with. Return or destruction of the Confidential Information as required hereunder shall not affect the remaining obligations pursuant to this Agreement.
7. FORCE MAJEURE
   1. If performance by any Party of any service or obligation under this Agreement is prevented, restricted, delayed or interfered with by reason of, inter alia, strikes, acts of God, fire, floods, lightning, earthquakes, severe weather, utility or communication failures, failures of any relevant bank or network, DDoS attacks, computer associated outages or delay in receiving electronic data, war, civil commotion, or any law, order or regulation, etc. having legal effect, then that Party shall be excused from its performance hereunder to the extent and duration of the prevention, restriction, delay or interference.
8. INFRINGEMENTS
   1. Each Party shall promptly upon learning of same notify the other Party of the facts and circumstances surrounding any alleged infringement of the rights or misappropriation of the rights or any right of either party known to the other Party hereto.
9. MISCELLANEOUS
   1. ASSIGNMENT
      1. Client shall not assign or transfer the Agreement or any part thereof to any other entity without the prior written consent of the Company. The Company will be entitled to assign this Agreement by notifying the Client. Upon assignment to an Affiliate, the references in the Agreement to Company or Client, as applicable, shall also apply to any such assignee unless the context otherwise requires.
   2. NO PARTNERSHIP OR JOINT VENTURE
      1. Nothing herein contained shall be construed to place the parties in relationship of partners or joint ventures, and Client shall have no power to obligate or bind Company in any manner whatsoever.
   3. SEVERABILITY
      1. If any provision or provisions of the Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
   4. COMMUNICATION BETWEEN PARTIES
      1. Communication between Parties shall be performed in accordance with the order stated in Standard operating procedure.
   5. DISPUTE RESOLUTION
      Any dispute, controversy or claim between the Parties hereto arising out of or relating to this Agreement or any alleged breach thereof which cannot be amicably settled between the parties shall be exclusively referred to arbitration in accordance with the Arbitration Act of Gibraltar 1895.
   6. GOVERNING LAW & JURISDICTION
      1. This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed exclusively by and construed in accordance with the laws of Gibraltar.
   7. COSTS AND EXPENSES
      1. Company and Client shall each bear its own costs and expenses incurred in connection with the negotiation and execution of the Agreement and each other agreement, document and instrument contemplated by the Agreement and the consummation of the transactions contemplated hereby and thereby.
   8. HEADINGS
      1. The headings used in the Agreement are for convenience only and do not define, limit or construe the contents thereof.
   9. CONSTRUCTION
      1. Whenever used in the Agreement, the singular shall be construed to include the plural and vice versa, where applicable, and the use of the masculine, feminine or neuter gender shall include the other genders.
   10. COUNTERPARTS
       1. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
   11. THIRD-PARTY CONTRACTS
       1. The Company may enter any agreements and sign appropriate contracts required to deliver its services, e.g. with banks, third-party PSPs or any other organizations, including the ones that have relations with the Client.
   12. THIRD PARTY RIGHTS
       1. A Person who is not a party to this agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement. The rights of the parties to terminate, rescind or agree any variation, waiver or settlement under this agreement are not subject to the consent of any other person.
   13. RESPONSIBILITY
       1. Client shall independently render services to its contract partners, Company bears no responsibility for the activity performed by Client.

PERSONAL DATA PROCESSING AGREEMENT

1. OVERVIEW
   1. Parties complies with global data protection regulations and requires all own suppliers to verify their compliance. Whereas that Client has entered into Client Service Agreement to provide services involving the processing of Client personal data. The Company must certify its compliance with GDPR and other data protection regulations.
2. TERMS AND DEFINITIONS
   1. Personal Data means any information disclosed by Client to the Company and/or collected by the Company pursuant to this Client Service Agreement relating to an identified or identifiable individual ("Data Subject"), including, without limitation, name, address, e-mail, telephone number, business contact information, date of birth, Social Security Number, credit or debit card number, bank account number, and any other unique identifier or one or more factors specific to the individual's physical, physiological, mental, economic, cultural or social identity;
   2. Personal Data Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
   3. Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the Personal Data Processing;
   4. Other Controller means any entity other than Client that is controller of the Client personal data, such as Client’s affiliated companies.
   5. Data Subject is the identified or identifiable natural person the personal data is relating to.
   6. Personal Data Breach means a suspected or actual breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
   7. Processor means the natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the Controller;
   8. Subprocessor means any Processor engaged (i) by the Processor or (ii) by Subprocessor of the Processor to process Personal Data on behalf and in accordance with the instructions of the Controller pursuant to this Client Service Agreement;
   9. Data Protection Law means the GDPR and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC, and as amended and replaced from time to time) and their national implementing legislations; the Swiss Federal Data Protection Act (as amended and replaced from time to time); the Monaco Data Protection Act (as amended and replaced from time to time); the UK Data Protection Act (as amended and replaced from time to time); and the Data Protection Acts of the European Economic Area ("EEA") countries (as amended and replaced from time to time);
   10. GDPR means the EU General Data Protection Regulation.
   11. Europe means the European Economic Area, Switzerland, Monaco and the United Kingdom.
3. ROLES OF THE PARTIES
   1. In the context of the Client Service Agreement, the Parties agree that Company acts as Processor acting on behalf of Client who act as Controllers.
   2. Client appoints Company as Processor, or as Sub-Processor of Client’s customers (in particular Cardholders), for the Personal Data Processing for the purpose of providing the Processing Service specified in Client Service Agreement. In that context, Client, as Controller, or Processor acting on behalf of its customers, has the sole and exclusive authority to determine the purposes and means of the Personal Data Processing that are disclosed to and collected by Company. Company will Process Personal Data only on behalf and for the benefit of Client, or of Client's customers, and only to carry out its obligations under this Client Service Agreement as implemented and to the extent required for execution of the Client Service Agreement.
4. PROCESSING
   1. This Personal Data Processing Agreement (“PDPA”) applies if and to the extent supplier is processing Client personal data. Client appoints supplier as processor to process such Personal data.
   2. Company will process Personal data for the sole purpose of providing a Processing Service to Client.
   3. Company will comply with all Data Protection Laws in respect of the services applicable to processors and is responsible for the lawfulness of supplier’s processing of Client personal data.
5. DATA SECURITY, SUBJECT RIGHTS AND REQUESTS
   1. Company will implement and maintain technical and organizational measure to ensure an appropriate level of security. Company shall regularly monitor its compliance with the respective technical and organizational measures.
   2. To the extent permitted by law, Company will inform Client without undue delay of the requests from Data subjects exercising their Data Subject rights (e.g. rectification, deletion and blocking of data) addressed directly to Company regarding Personal data.
6. THIRD PARTY REQUESTS AND CONFIDENTIALITY
   1. Company will not disclose Client personal data to any third party, unless authorized by Client or required by mandatory law. If a government or supervisory authority demands access to Client personal data, supplier will notify Client prior to disclosure unless prohibited by law.
7. SUBPROCESSORS
   1. Company shall impose the same data protection obligations as set out in the PDPA on any Subprocessor, and ensure that the relevant obligations can be directly enforced by Subprocessors.
   2. Company remains responsible for its Subprocessors and liable for their acts and omissions as for own acts and omissions and any references to Company’s obligations, acts and omissions in the PDPA shall be construed as referring also to the Company’s Subprocessors.
8. PERSONAL DATA BREACH
   1. Company will inform Client without undue delay of any suspected non-compliance with applicable Data Protection Laws or relevant contractual terms or in case of serious disruptions to operations or any other irregularities in the processing of the Client Personal Data. Company will promptly investigate and rectify any non-compliance as soon as possible and upon Client’s request, provide Client will all information requested with regard to the suspected non-compliance.
   2. Company will notify Client without undue delay (and in no event later than 24 hours) after becoming aware of a Personal Data Breach in respect of the Processing Service. Company will promptly investigate the Personal Data Breach and will provide Client with reasonable assistance to satisfy any legal obligations (including obligations to notify Supervisory Authorities or Data Subjects) of Client and/or Other Controllers in relation to the Personal Data Breach.
9. COMPLIANCE WITH EU DATA PROTECTION LAW
   1. Both Parties represent and warrant that they will comply with Data Protection Law when Processing Personal Data in the context of the execution of the PDPA.
   2. Both parties have to notify each over when any law or legal requirement prevents them from fulfilling its obligations under this PDPA or Data Protection Law. In this situation, any Party is entitled to suspend the Personal Data Processing and to terminate any further Personal Data Processing and Client Service Agreement this PDPA concurrently, if doing so is required to comply with Data Protection Law.
   3. Company agrees and warrants that it is prohibited from transferring Personal Data outside of Europe except if the Personal Data are transferred to a country which has been considered to provide an adequate level of protection under Data Protection Law or to a data recipient which has implemented adequate safeguards under Data Protection Law such as approved Binding Corporate Rules, Standard Contractual Clauses or the EU-U.S./Swiss-U.S. Privacy Shield Frameworks.
10. REPRESENTATIONS AND WARRANTIES OF COMPANY
    1. Company has implemented and maintains a comprehensive written information security program that complies with Data Protection Law, including appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
11. THE COMPANY'S DPO
    1. Sushkevich Dan was appointed as Company’s Data Protection Officer. Client’s staff and customers may contact Company's DPO via e-mail: [email protected].

Pdf version of this document: General_terms_and_conditions.pdf