PayPal Here Terms and Conditions
PayPal Here Terms and Conditions
Last Update: 19 May 2018
- How this Agreement works
1.1. This Agreement including any Exhibits (“PayPal Here Terms and Conditions”) is a contract between you (“Merchant”, “you” or “your”) and PayPal Australia Pty Ltd ABN 93 111 195 389, AFSL 304962 (“PayPal”, “we” or “us”). You acknowledge that your use of the PayPal Here Card Reader or PayPal Here App will constitute acceptance of these PayPal Here Terms and Conditions.
1.2. Capitalised terms that are not defined in these PayPal Here Terms and Conditions or any relevant Schedule are defined in the PayPal User Agreement.
1.3. We may amend these PayPal Here Terms and Conditions in accordance with clause 2 of the PayPal User Agreement. Once a change to the PayPal Here Terms and Conditions takes effect, your continued use of the PayPal Here Card Reader or PayPal Here App will be deemed acceptance of any change. If you do not agree with any changes we make, you may terminate your use of PayPal Here and uninstall the PayPal Here App at any time.
- PayPal Here
2.1. PayPal Here is a payment solution for businesses, which allows you to accept payments by PayPal as well as credit cards and debit cards (“Cards”). PayPal Here can only be used to accept the type of Cards that are set out on the PayPal Here website, and this list of Cards could change at any time and without notice.
2.2. PayPal Here also allows you to issue PayPal invoices and manage records of the PayPal and cash payments that you accept. This function is designed to help you manage your records more easily, however PayPal Here is not an accounting solution and PayPal cannot accept any liability arising from the use of this functionality.
2.3. You must not use your PayPal Here Card Reader in another country.
- The Application and Approval Process
3.1. To use PayPal Here, you must:
- have a premier or business account in good standing and be approved by PayPal to use PayPal Here;
- download the PayPal Here App; and
- purchase a PayPal Here Card Reader if you wish to use a device to accept payments.
3.2. We will determine, in our sole discretion, whether you will be approved to use PayPal Here.
3.3. You may download the official PayPal Here App through the App Store for iOS devices, or through Google Play for Android devices. There is no fee to download the PayPal Here App. You must download and use the most recent version of the PayPal Here App that is available, including downloading and installing any updates that become available periodically.
- Getting, Using and Replacing your PayPal Here Card Reader
4.1. You may purchase a PayPal Here Card Reader from our online shop at www.paypal.com/au/here or from within the PayPal Here App. PayPal Here Card Readers may also be purchased from other authorised retail outlets. We reserve the right to limit the number of PayPal Here Card Readers that you can receive at any time.
4.2 Click here to see the warranty in relation to the PayPal Here Card Reader.
- Fraud and Risk
5.1. PayPal reserves the right to restrict use of PayPal Here if we suspect fraud, breach of the Acceptable Use Policy, a breach of these PayPal Here Terms and Conditions or if we otherwise believe there is an increased risk to us or the PayPal account associated with your PayPal Here Card Reader.
5.2. Your PayPal Here Card Reader may only be used with an approved PayPal Here account.
- AML Verification
- Multiple Devices and Additional Operators
7.1. You may request additional PayPal Here Card Readers that are linked to your PayPal account for employees or representatives (“Additional Operators”).
7.2. Additional Operators must be 18 years or older. PayPal reserves the right to limit the number of Additional Operators you may have. Additional Operators must only use the PayPal Here Card Reader for the same business purpose as you do.
7.3. It is your responsibility to ensure that Additional Operators comply with these PayPal Here Terms and Conditions.
7.4. We reserve the right to deny any Additional Operator access to PayPal Here at any time. You agree that you are at all times liable for the actions or omissions of your Additional Operators and that you will indemnify and hold us harmless from the actions or inactions of Additional Operators in connection with their use or misuse of the PayPal Here service.
- Using PayPal Here
8.1. You may process a Card-present transaction using the PayPal Here Card Reader by inserting or swiping the Card into the PayPal Here Card Reader, or in the case of the PayPal Here Tap and Go Card Reader, by tapping the Card on the reader. The PayPal Here App will prompt you as to what verification is necessary, based on the processing method and the customer’s Card type.
8.2. You may also use PayPal Here to process Keyed Transactions (i.e. a Card-not-present transaction). However, obtaining valid authorisation (such as a validly entered PIN) may assist you in defending against a Chargeback in the event that a customer subsequently claims that it did not authorise a transaction. Higher fees apply for Keyed Transactions. Please see the Combined Financial Services Guide and Product Disclosure Statement for further details.
8.3. Prior to processing any Card-present transaction, you must show the customer the price of the goods or services that you are providing to the customer on your mobile device using the PayPal Here App.
8.4. You must provide customers with a receipt if they request one.
8.5. You must not use PayPal Here to provide a customer with any form of cash advance or to pay yourself.
8.6. You agree that you will not provide any false or misleading descriptions of any transaction that you submit through PayPal Here and that the descriptions given within itemised transactions will be an accurate and true description of the goods and services being purchased.
8.7. You agree to comply with any instructions provided to you along with your PayPal Here Card Reader.
8.8. To process a PayPal transaction through the PayPal Here App, you must be able to clearly identify the customer from their photograph and their name, confirm the amount to be charged with them and you shall not process a transaction until the customer has given you a clear verbal instruction to do so. Prior to charging the customer, you must show the customer the amount to be charged for the goods or services that you are providing to the customer on your mobile device using the PayPal Here App.
8.9. We reserve the right to place a cap on the total value of a PayPal transaction(s) that can be processed using the PayPal Here App. If there is a cap, we will include it on our website.
8.10. We may need to perform upgrades and maintenance to our service or PayPal Here which may result in it not being available for a period. We will try to give you notice of any planned maintenance, but you acknowledge and agree that there may be circumstances where this is not possible.
- Networks and Mobile Compatibility
9.1. Mobile network or WiFi access must be available for a transaction to be processed successfully.
9.2. Using the PayPal Here service requires you to have a compatible mobile device. Please check the website before purchasing the PayPal Here Card Reader. If you have a compatible mobile device but this has been modified contrary to the manufacturer’s software or hardware guidelines, then you may not use your modified device to use PayPal Here.
- Third Party Services
10.1. Your use of PayPal Here may rely on third-party services (such as those of a mobile network operator, a broadband internet provider, an internet security provider or a wireless (WiFi) network provider). These third parties may charge you fees for using PayPal Here (e.g. for service access or data use) and it is your sole responsibility to pay such fees. We don't accept any responsibility for the operation or security of such services, for your inability to use PayPal Here as a result of their service or for your breach of the terms of your contract with that third party as a result of using PayPal Here.
11.1. The fees for using PayPal Here are set out in the Combined Financial Services Guide and Product Disclosure Statement.
- Reserves and other Protective Actions
12.1. We may, in our sole discretion, place a reserve on funds held in your account where we reasonably believe there may be a high level of risk associated with your transactions. Please see the User Agreement for further information on reserves.
12.2. We may take other reasonable actions we determine are necessary to protect against the risk associated with your PayPal account including limiting the functionality of your PayPal Here Card Reader. We may contact your customers, on your behalf, in the event that we are investigating potential fraud.
12.3. In order to determine the risk associated with your PayPal account, we may request at any time, and you agree to provide promptly, any information about your business, operations or financial condition. We reserve the right to reassess your eligibility for PayPal Here if your business is materially different from the information you provided in your application.
12.4. If we reasonably believe that you have breached the terms of your PayPal User Agreement, we may take action to restrict your use of the PayPal Here service, including limiting the functionality of the PayPal Here service.
13.1. Funds received from a Keyed Transaction may be placed in your account as pending. You will not have access to those funds unless the hold is released in accordance with the User Agreement. Holds on Keyed Transactions are usually up to 21 days.
- Data Security
14.1. You are fully responsible for the security of data in your possession or control as a result of using PayPal Here. You agree to comply with all applicable laws and rules in connection with your collection, security and dissemination of any personal, financial, Card, or transaction information (“Data”).
14.2. Unless you receive the express consent of your customer, you may not retain, track, monitor, store or otherwise use Data beyond the scope of the specific transaction.
14.3. Unless you receive the express consent of PayPal, you agree that you will not use nor disclose the Card Data for any purpose other than to support payment for your goods and services.
14.4. Card Data must be completely removed from your systems, and any other place where you store Card Data, within 24 hours after you receive an authorisation decision unless you have received the express consent of your customer to retain the Card Data for the sole purpose of processing recurring payments. To the extent that Card Data resides on your systems and other storage locations, it should do so only for the express purpose of processing your transactions. All Data and other information provided to you by PayPal in relationship to the PayPal Here service and all Card Data will remain the property of PayPal, its Acquiring Bank or the Card Companies, as appropriate.
14.5. You are solely responsible for maintaining adequate security and control of any and all IDs, passwords, or any other codes that are issued to you by us, each Acquiring Bank or the Card Companies.
14.6. If PayPal believes that a security breach or compromise of Data has occurred, PayPal may require you to have a third party auditor that is approved by PayPal conduct a security audit of your systems and facilities and issue a report to be provided to PayPal, the Acquiring Banks and the Card Companies. In the event that you fail to initiate an audit within 10 business days of PayPal's request, PayPal may conduct or obtain such an audit at your expense.
14.7. You agree (as a “Merchant”) to comply with Schedule 1 below, which forms part of this Agreement. The terms of the Data Protection Schedule prevail over any conflicting terms in this Agreement relating to data protection and privacy.
15.1. You agree to indemnify and hold us harmless from claims that are raised by a third party against us that result from your use of PayPal Here or your PayPal account in violation of these PayPal Here Terms or Conditions or the PayPal User Agreement.
"Acquiring Bank" means each of the financial institutions PayPal partners with to process your Card payments, including your PayPal Here transactions.
"Card Companies" means a company or group of financial institutions that issue rules that govern Card transactions via bankcard and payment networks including MasterCard, Visa and American Express.
“Keyed Transaction” means a Card transaction where the PayPal Here Card Reader does not automatically read Card information, but instead manually enter the Card information into the PayPal Here Card Reader via the PayPal Here App.
“PayPal Here App” means the PayPal Here software application for merchants, available from the App Store, Google Play or other similar outlets.
“PayPal Here Card Reader” means either the PayPal Here Chip and Pin Card Reader or PayPal Here Tap and Go Card Reader you use in connection with PayPal Here.
This Data Protection Schedule applies only to the extent that PayPal acts as a processor or Sub-processor to you.
Capitalised terms used but not defined in this Schedule shall have the meaning set out in the PayPal Here Terms and Conditions.
1 DEFINITIONS AND INTERPRETATION
1.1 The following terms have the following meanings when used in this Schedule:
"Card Information" is defined in Section 2.15 of this Schedule.
"Customer" means a European Union customer of Merchant who pays the Merchant in exchange for goods or services through the PayPal services and for the purposes of this Schedule, is a data subject.
"Customer Data" means the personal data that the Customer provides to Merchant and Merchant passes on to PayPal through the use by the Merchant of the PayPal services.
"data controller" (or simply "controller") and "data processor" (or simply "processor") and "data subject" have the meanings given to those terms under the Data Protection Laws.
"Data Protection Laws" means General Data Protection Regulation (EU) 2016/679 (GDPR) and any associated regulations or instruments and any other data protection laws, regulations, regulatory requirements and codes of conduct of EU Member States applicable to PayPal's provision of the PayPal services.
“Data Recipient” is defined in Section 2.15 of this Schedule.
"PayPal Group" means PayPal Inc. and all companies in which PayPal or its successor directly or indirectly from time to time owns or controls.
"personal data" has the meaning given to it in the Data Protection Laws.
"processing" has the meaning given to it in the Data Protection Laws and "process", "processes" and "processed" will be interpreted accordingly.
"Sub-processor" means any processor engaged by PayPal and/or its affiliates in the processing of personal data.
1.2 Schedule. This Schedule comprises (i) sections 1 to 2, being the main body of the Schedule; (ii) Attachment 1; and (iii) Attachment 2.
2 PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE SERVICES
2.1 Merchant data controller. Merchant will be a controller and PayPal will be a processor in respect of Customer Data processing. Merchant will be solely responsible for determining the purposes for which and the manner in which Customer Data are, or are to be, processed.
2.2 Merchant written instructions. PayPal shall only process Customer Data on behalf of and in accordance with Merchant’s written instructions. The Parties agree that this Schedule is Merchant's complete and final written instruction to PayPal in relation to Customer Data. Additional instructions outside the scope of this Schedule (if any) require prior written agreement between PayPal and Merchant, including agreement of any additional fees payable by Merchant to PayPal for carrying out such additional instructions. Merchant shall ensure that its instructions comply with all applicable laws, including Data Protection Laws, and that the processing of Customer Data in accordance with Merchant's instructions will not cause PayPal to be in breach of Data Protection Laws. The provisions of this Section are subject to the provisions of Section 2.14 on Security. Merchant hereby instructs PayPal to process Customer Data for the following purposes:
2.2.1 as reasonably necessary to provide the PayPal services to Merchant;
2.2.2 after anonymising the Customer Data, to use that anonymized Customer Data, directly or indirectly, which is no longer identifiable personal data, for any purpose whatsoever.
2.3 PayPal cooperation. In relation to Customer Data processed by PayPal under these PayPal Here Terms and Conditions, PayPal shall co-operate with Merchant to the extent reasonably necessary to enable Merchant to adequately discharge its responsibility as a controller under Data Protection Laws, including without limitation as Merchant requires in relation to:
2.3.1. assisting Merchant in the preparation of data protection impact assessments to the extent required of Merchant under Data Protection Laws; and
2.3.2 responding to binding requests from data protection authorities for the disclosure of Customer Data as required by applicable laws.
2.4 Scope and Details of Customer Data processed by PayPal. The objective of processing Customer Data by PayPal is the performance of the PayPal services pursuant to the Agreement. PayPal shall process the Customer Data in accordance with the specified duration, purpose, type and categories of data subjects as set out in Attachment 2 (Data Processing of Customer Data).
2.5 Compliance with Laws. The Parties will at all times comply with Data Protection Laws.
2.6 Correction, Blocking and Deletion. To the extent Merchant, in its use of the PayPal services, does not have the ability to correct, amend, block or delete Customer Data, as required by Data Protection Laws, PayPal shall comply with any commercially reasonable request by Merchant to facilitate such actions to the extent PayPal is legally permitted to do so. To the extent legally permitted, Merchant shall be responsible for any costs arising from PayPal’s provision of such assistance.
2.7 Data Subject Requests. PayPal shall, to the extent legally permitted, promptly notify Merchant if it receives a request from a Customer for access to, correction, amendment or deletion of that Customer’s personal data. Merchant shall be responsible for responding to all such requests. If legally permitted, PayPal shall provide Merchant with commercially reasonable cooperation and assistance regarding such Customer's request and Merchant shall be responsible for any costs arising from PayPal’s assistance.
2.8 Training. PayPal undertakes to provide training as necessary from time to time to the PayPal personnel with respect to PayPal's obligations in this Schedule to ensure that the PayPal personnel are aware of and comply with such obligations.
2.9 Limitation of Access. PayPal shall ensure that access by PayPal's personnel to Customer Data is limited to those personnel performing PayPal services in accordance with the Agreement.
2.10 Sub-processors. Merchant specifically authorises the engagement of members of the PayPal Group as Sub-processors in connection with the provision of the PayPal services. In addition, Merchant generally authorizes the engagement of any other third parties as Sub-processors in connection with the provision of the PayPal services. When engaging any Sub-processor, PayPal will execute a written contract with the Sub-processor, which contains terms for the protection of Customer Data which are no less protective than the terms set out in this Schedule. PayPal shall make available to Merchant a current list of Sub-processors for the respective PayPal services with the identities of those Sub-processors.
2.12 Security. PayPal shall, as a minimum, implement and maintain appropriate technical and organizational measures as described in Attachment 1 to this Schedule to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the PayPal services. Since PayPal provides the PayPal services to all Merchants uniformly via a hosted, web-based application, all appropriate and then-current technical and organizational measures apply to PayPal’s entire customer base hosted out of the same data center and subscribed to the same service. Merchant understands and agrees that the technical and organizational measures are subject to technical progress and development. In that regard, PayPal is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained in relation to the provision of the PayPal services.
2.13 Security Incident Notification. If PayPal becomes aware of a Security Incident in connection with the processing of Customer Data, PayPal will, in accordance with Data Protection Laws: (a) notify Merchant of the Security Incident promptly and without undue delay; (b) promptly take reasonable steps to minimize harm and secure Customer Data; (c) describe, to the extent possible, reasonable details of the Security Incident, including steps taken to mitigate the potential risks; and (d) deliver its notification to Merchant's administrators by any means PayPal selects, including via email. Merchant is solely responsible for maintaining accurate contact information and ensuring that any contact information is current and valid.
2.14 Deletion. Upon termination or expiry of the Agreement, PayPal will delete or return to Merchant all Customer Data processed on behalf of the Merchant, and PayPal shall delete existing copies of such Customer Data except where necessary to retain such Customer Data strictly for the purposes of compliance with applicable law.
2.15 Data Portability. Upon any termination or expiry of this Agreement, PayPal agrees, upon written request from Merchant, to provide Merchant’s new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to Merchant’s Customers (“Card Information”). In order to do so, Merchant must provide PayPal with all requested information including proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements and is level 1 PCI compliant. PayPal agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) Merchant provides PayPal with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (Level 1 PCI compliant) by providing PayPal a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by PayPal; (b) the transfer of such Card Information is compliant with the latest version of the Association PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Association Rules, and any applicable laws, rules or regulations (including Data Protection Laws) and the Privacy Act 1988 (Cth).
Technical and Organizational Measures
The following technical and organizational measures will be implemented:
- Measures taken to prevent any unauthorised person from accessing the facilities used for data processing;
- Measures taken to prevent data media from being read, copied, amended or moved by any unauthorised persons;
- Measures taken to prevent the unauthorised introduction of any data into the information system, as well as any unauthorized knowledge, amendment or deletion of the recorded data;
- Measures taken to prevent data processing systems from being used by unauthorised person using data transmission facilities;
- Measures taken to guarantee that authorised persons when using an automated data processing system may access only data that are within their competence;
- Measures taken to guarantee the checking and recording of the identity of third parties to whom the data can be transmitted by transmission facilities;
- Measures taken to guarantee that the identity of the persons having had access to the information system and the data introduced into the system can be checked and recorded ex post facto at any time and by any authorised person;
- Measures taken to prevent data from being read, copied, amended or deleted in an unauthorised manner when data are disclosed and data media transported;
Measures taken to safeguard data by creating backup copies.
Data Processing of Customer Data
Categories of data subjects
Customer Data – The personal data that the Customer provides to the Merchant which then passes it to PayPal to be forwarded to their bank or processor.
Subject-matter of the processing
The payment processing services offered by PayPal which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.
Nature and purpose of the processing
PayPal processes Customer Data that is sent by the Merchant to PayPal for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.
Type of personal data
Customer Data – Merchant shall inform PayPal of the type of Customer Data PayPal is required to process under these PayPal Here Terms and Conditions. Should there be any changes to the type of Customer Data PayPal is required to process then Merchant shall notify PayPal immediately. PayPal processes the following Customer Data, as may be provided by the Merchant to PayPal from time to time:
Contact address (optional)
Card or payment instrument type
Card Primary Account Number (PAN) or Device-specific Primary Account Number (DPAN)
Card Verification Value (CVV)
Card expiration date
Special categories of data (if relevant)
The transfer of special categories of data is not anticipated.
Duration of Processing
The term of the Agreement.