THIS PAYFLOW GATEWAY SERVICES AGREEMENT IS A LEGAL AND BINDING AGREEMENT BETWEEN YOU AND PAYPAL INC. PLEASE READ IT CAREFULLY.
This Payflow Gateway Services Agreement ("Agreement") is a contract between you (the "Merchant") and PayPal, Inc., and its affiliates(“PayPal”), and applies to your use of the Payflow gateway Services (the "Payflow Services"). In this Agreement, "you" and "your" refer to Merchant and your designated agents, including your administrative contact, and "we", "us", and "our" refer to PayPal. You must read, agree with, and accept all of the terms and conditions contained in this Agreement. This Agreement applies to you if you signed up for the Payflow Services, or upgraded your Payflow Services, on or after October 27, 2010. By using the Payflow Services, you acknowledge that you have agreed to this Agreement. We may revise this Agreement and any applicable policies from time to time. The revised version will be effective at the time we post it unless otherwise noted. If our changes reduce your rights or increase your responsibilities, we will post a notice on the Policy Updates page of our website and provide you with the same length of notice as set forth in the PayPal User Agreement. By continuing to use the Payflow Services after any changes to this Agreement, you agree to abide by and be bound by those changes. If you do not agree with any changes to this agreement, you may close your account.
The Payflow Services include Payflow Link or Payflow Pro and the “Add On Payflow Services” defined as Recurring Billing Service, Fraud Protection Services, and the ACH Payment Service. With Payflow Link, your customers enter their payment information in a PayPal-hosted order form on a PayPal server. With Payflow Pro, you have the option to use our Payflow APIs and have customers checkout on your own site, which you host and secure with SSL certificate or Payflow APIs in conjunction with Payflow Link hosted order forms to collect Card Data on pages PayPal hosts and secures. In order to use the Payflow Services you must complete the online registration process (“Registration”) and set up an internet merchant account with a Financial Institution to process payments. Use of the ACH Payment Service and other Add On Payflow Services may require additional documentation. You agree that you shall (i) use the Payflow Services in accordance with the applicable user guides and other documentation; and (ii) not use or permit others to use information obtained with the Payflow Services for any purpose other than in conjunction with the Payflow Services and in a manner described in this Agreement and in the documentation for the Payflow Services.
"Account Updater Service" means a service in which PayPal may update applicable customer Card Data of eligible Cards using information and third party sources available to PayPal, as further described herein. In providing this service, PayPal may obtain, on Merchant’s behalf, applicable updated customer Card Data of eligible Cards from participating card issuing banks and other third party sources for use as part of the Recurring Billing Service or other eligible transactions using the Payflow Services.
"ACH" means Automated Clearing House.
"API" means application programming interface.
"Card Networks" means payment networks that promulgate rules to govern Card acceptance, including Visa, Mastercard, American Express, and Discover.
"Card Data" means a cardholder’s account number, expiration date, and CVV2.
"Card(s)" means payment cards branded with the logos of Visa, Mastercard, American Express, Discover, and such other Card Networks as may become available from time to time.
"Financial Institution" means banks or financial institutions having business relationships with one or more Financial Processors that have agreed to evaluate and provide merchant accounts and payment authorization services to merchants.
"Financial Processor" means an entity with which PayPal has established a relationship that performs the back-end authorization and processing of Transactions between your Financial Institution and the cardholder's bank.
"Manager Web Site" means the online account management tools for merchants for the Payflow Services.
"Payflow Services" means the payment gateways under the brand names Payflow Link or Payflow Pro that include, without limitation, real-time, secure data transmission and processing for multiple business-to-customer payment methods including, credit cards, debit cards, purchase cards, PayPal payments, PayPal Credit payments, delayed shipment billing, electronic checks, and the Add On Services.
"Payflow Software" means the object code version of the client Software Development Kit ("SDK"), HTML code, APIs, related documentation, and other client software or code, including updates, to enable PayPal to provide the Payflow Services to you. Unless otherwise specified, Payflow Software shall not include any source code.
"Transaction" means information related to the purchase of goods and services from you by a third party. Specifically a Transaction is an authorization, delayed capture, sale, void, voice authorization, inquiry, verification, reference transaction, non-reference credit, or credit data transmission between PayPal and its back end processors.
3.1 General Service Requirements. You shall:
4.1 Payflow Services. Subject to the terms in this Agreement, PayPal agrees to provide (i) the Payflow Services for which you have enrolled and paid the applicable fees, and (ii) access to standardized reports regarding your Transactions processed using the Payflow Services and certain reporting tools to assist you.
4.2 Information Conduit. You acknowledge that PayPal is not a financial or credit reporting institution. PayPal is responsible only for providing Data transmission to effect or direct certain payment authorizations for you and is not responsible for the results of any credit inquiry, the operation of web sites of internet service providers (“ISP”), Financial Institutions, Financial Processors, the availability or performance of the Internet, or for any damages or costs you suffer or incur as a result of any instructions given, actions taken or omissions made by you, your Financial Processor(s), your Financial Institution, or any ISP. The Payflow Services present data and information collected from the you and data sources other than PayPal and PayPal makes no representations or warranties regarding the availability, accuracy, timeliness or completeness of such data and information or any output or results of the Payflow Services based in whole or in part on such data and information. You are solely responsible for the accuracy and completeness of all Data you supply.
4.3 Security and Stability. You acknowledge that it is in the best interests of both parties that PayPal maintains a secure and stable environment; to that end, PayPal may change the method of access to the Payflow Services at any time. You also agree that, in the event of degradation or instability of the Payflow Services or an emergency, PayPal may temporarily suspend your access to the Payflow Services, any API, and/or any PayPal content under this Agreement in order to minimize threats to and protect the operational stability and security of the Payflow Services. Each party represents, warrants, and covenants that it shall at all times comply with applicable Payment Card Industry Data Security Standards, (“PCI DSS”) as such may be amended from time to time, with respect to all Card Data received by it in connection with this Agreement. PayPal does not guarantee the security of the Payflow Services or Transaction data, and PayPal will not be responsible in the event of any infiltration of its security systems, if PayPal has used commercially reasonable efforts to prevent any such infiltration. Your customers’ Card Data is handled by PayPal if: (a) you use Payflow Link, or (b) you use Payflow Pro and you choose to activate the “transparent redirect” feature and integrate the feature pursuant to PayPal’s instructions. PayPal adheres to Payment Card Industry Data Security Standards (“PCI DSS”).
4.4Technical Support for Payflow Services. PayPal shall provide technical support services as set out at the following URL: /webapps/mpp/payflow-faq.
5.1 Registration. When you register for the Payflow Services, you may have PayPal payments automatically enabled. The e-mail address you designate when registering for the Payflow Services will be initially used to create your PayPal account, however, to access any PayPal payments you must finish completing your PayPal account and agree to the online PayPal user agreement, found on the applicable PayPal website.
5.2 PayPal Services. Merchants using Payflow Link agree to offer PayPal Express Checkout and PayPal Credit, a PayPal service, on their hosted checkout pages. Fees for accepting payments via these services are set out as Purchase Payment Fees in the PayPal user agreement on paypal.com. Merchants who do not want to offer Express Checkout and PayPal Credit can upgrade to the Payflow Pro level of service to disable these payment methods (additional fees may apply for Payflow Pro).
6.1 Fees. You agree to pay PayPal the applicable fees for the Payflow Services as set out on our Fees page, as amended from time to time. Such fees do not include any processing fees owed to the Financial Institution at which your merchant account is held. All fees are charged in USD, are due immediately, and are non-refundable, except as otherwise expressly noted herein. The Payflow Services are supplied on a month-to-month or annual basis depending on the payment terms you agree to during Registration. All sums due that remain unpaid after any applicable cure period will accrue interest of 1.5% per month or the maximum amount allowed by law, whichever is less; this interest to begin to accruing on the day after the payment due date until paid in full. In the event you have opened multiple PayPal accounts with the Payflow Services enabled, any fees for the applicable Payflow Services will be charged separately for each such account. If you had signed up for the Payflow Services prior to September 25, 2012, and you exceed the number of Transactions included in the monthly service fee for the applicable Payflow Services (each, an “Excess Transaction”), you shall pay a monthly Transaction fee per Excess Transaction (“Monthly Excess Transaction Fee”), as set forth in the Fees page.
6.2 Taxes. The fees are exclusive of tax. You are responsible for all taxes, duties, levies, or tariffs or charges of any kind imposed by any federal, state, or local governmental entity on the fees for the Payflow Services, excluding taxes based on PayPal’s net income.
6.3 Payment Method. You agree to pay for the Payflow Services via credit card or ACH. You authorize PayPal to charge your credit card or debit your bank account via ACH for the fees. You shall provide proper authorization to allow PayPal to debit its bank account to collect fees due under this Agreement. All fees owed by you to third parties (for example, Financial Institutions, Financial Processors, and merchant account providers), are your sole responsibility, and are not covered by this Agreement. You are solely responsible for the credit card or ACH account information you provide to PayPal and must promptly inform PayPal of any changes thereto.
7.1 Description. Subject to the terms of this Section, the Account Updater Service allows PayPal to send the applicable Card Data of eligible Cards to one or more third party sources, and use information available to PayPal, to check and update the applicable Card Data. Following these checks, the applicable updated Card Data relating to Merchant’s customers, if any, is processed and stored by PayPal at Merchant’s direction and on the Merchant’s behalf for (i) recurring transactions using the Recurring Billing Service or (ii) other eligible transactions using the Payflow Services. PayPal may provide the Account Updater Service to Merchants that use the Recurring Billing Service to accept recurring transactions, and such Merchants may only discontinue use of the Account Updater Service by ceasing to use the Recurring Billing Service. In the event PayPal makes the Account Updater Service available to Merchants for other eligible transactions processed without using the Recurring Billing Service, PayPal will communicate additional details to eligible Merchants once such details are determined by PayPal regarding the availability and requirements for such Merchants to implement and discontinue use of the Account Updater Service.
7.2 Permitted Use. Merchant acknowledges and agrees that the Account Updater Service is provided solely for the purpose of updating applicable Card Data to enable Merchant’s acceptance of transactions using the Payflow Services through the Recurring Billing Service or otherwise. Merchant shall not use the Account Updater Service for any other purpose, including, without limitation, the use of any portion of the Account Updater Service data in connection with the development of any other service or product.
7.4 Accuracy of Information. Merchant acknowledges that the Account Updater Service may only be accurate to the extent a card issuing bank and a customer participate, and that many card issuing banks and customers may not participate. Merchant acknowledges and agrees that the Account Updater Service may rely upon information, Card Data, and services provided to PayPal by third parties.
7.5 Cessation of Account Updater Service. PayPal may immediately cease offering or providing the Account Updater Service to Merchants at any time upon email notice to Merchants.
8.1 Term; Renewal. This Agreement will commence on the date you accept the terms of this Agreement (the "Effective Date"). If you agreed to monthly billing, this Agreement automatically renews for successive one month periods, unless terminated or suspended according to the provisions of this Agreement. If you agreed to annual billing, you must notify us if you wish to renew this Agreement on an annual basis. Renewal is subject to our then-current terms and conditions, including, successful completion of any applicable authentication procedure, and payment of all outstanding fees.
8.2 Termination. Either Party may terminate the Agreement for convenience at any time upon notice to the other party. PayPal may terminate this Agreement, effective immediately, (i) in the event of insolvency, receivership, or voluntary or involuntary bankruptcy, or an assignment for the benefit of your creditors, or in the event that a substantial part of your property is or becomes subject to any levy, seizure, assignment, or sale for or by any creditor or governmental agency without being released or satisfied within thirty days thereafter; (ii) if you fail to comply with applicable laws or regulations; (iii) for any of the reasons listed in Section 7.3 below; or (iv) if you fail to materially comply with this Agreement. If you purchase separate Payflow Services that are sold together as a “bundled” package, as opposed to your purchasing such Payflow Services separately, termination of any part of the Payflow Services may result in termination of all Payflow Services.
8.3 Suspension. PayPal may suspend your access to the Payflow Services immediately, without prior notice if: (i) certain third party licenses or access to third party components of the Payflow Services are terminated; (ii) you cause or fail to fix a security breach relating to the Payflow Services; (iii) PayPal reasonably believes your breach compromises the security of the Payflow Services; (iv) PayPal reasonably believes fraudulent Transactions are being submitted on your account knowingly or negligently; (v) your Financial Processor or Financial Institution requires such suspension; (vi) you fail to pay any fees when due; (vii) you fail to upgrade to the most current software version, security updates, and/or patches; or (g) you fail to materially comply with this Agreement.
8.4 Effect of Termination. PayPal will cease providing the Payflow Services and cease charging you for any fees as of the expiration of the billing cycle in which the termination is effective. If termination of this Agreement is due to your default hereunder, you shall bear all costs of such termination, including any reasonable costs PayPal incurs in closing your account. You agree to pay all costs incurred by PayPal in enforcing your compliance with this Section. Upon termination, your rights to use the Payflow Services, and any other rights granted hereunder, shall immediately cease, and you shall destroy any copy of the PayPal Documentation or other materials licensed to you hereunder and referenced herein. Termination of this Agreement will not relieve either Party from any liability arising prior to the termination of this Agreement. To the extent permitted by applicable law, you agree that upon termination, we may delete all information relating to your use of the Service.
8.5 Reinstatement of Payflow Services. If Payflow Services are suspended or terminated by PayPal reinstatement of Payflow Services shall be subject to you paying PayPal (i) new set-up fees, at PayPal’s then-current rates; and (ii) all past due fees.
9.2 Compliance with Data Protection Schedule. You (as a “Merchant”) and we agree to comply with the Data Protection Schedule below, which forms part of this Agreement. The terms of the Data Protection Schedule shall prevail over any conflicting terms in this Agreement relating to data protection and privacy.
9.3 Data Portability. Upon any termination or expiration of this Agreement, PayPal agrees, upon your written request, to provide your new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to your Customers (“Card Information”). In order to do so, you must provide PayPal with all requested information including proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements and is level 1 PCI compliant. PayPal agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) you provide PayPal with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (Level 1 PCI compliant) by providing PayPal a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by PayPal; (b) the transfer of such Card Information is compliant with the latest version of the Association PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Card Network Rules, and any applicable laws, rules, or regulations (including data protection laws).
10.1 Confidential Information Defined. A party’s "Confidential Information" is defined as any information of the disclosing party, which (i) if disclosed in a tangible form is marked using a legend such as "Confidential" or "Proprietary" or, if not so marked, should be reasonably understood by the receiving party from the context of disclosure or from the information itself, to be confidential, or (ii) if disclosed orally or visually is declared to be confidential or, if not so declared, should be reasonably understood by the receiving party from the context of disclosure or from the information itself to be confidential. Confidential Information shall include, the terms of this Agreement; the integration requirements; information accessed via the Payflow APIs; information relating to the PayPal’s systems, technology, processes, and financial information; your user ID; information relating to your business, security and technology; and all user data, Card Data, and customer information (including user IDs and passwords) regardless of whether marked "Confidential."
10.2 Mutual Obligations. Each party shall hold the other party’s Confidential Information in confidence and shall not disclose such Confidential Information to any third party nor use the other party’s Confidential Information for any purpose other than as required to perform its obligations under this Agreement. Such restrictions shall not apply to Confidential Information that (i) is already known by the recipient, (ii) becomes publicly known through no act or fault of the recipient, (iii) is received by recipient from a third party without a restriction on disclosure or use, or (iv) is independently developed by recipient without reference to the Confidential Information, or (v) where Confidential Information is required to be disclosed by a court, government agency, law enforcement agency, regulatory requirement, or similar disclosure requirement. The parties’ respective obligations to maintain the confidentiality of information disclosed hereunder shall survive the expiration or early termination of this Agreement or until such time as such information becomes public information through no fault of the receiving party. Upon termination or expiration of this Agreement, the receiving party shall immediately return to the disclosing party all manifestations of the Confidential Information or shall destroy all such Confidential Information as the disclosing party may designate; provided that such action may be delayed for so long as, and to the extent that, such Confidential Information relates to outstanding payment obligations or is subject to audit, reporting, or retention requirements under this Agreement or applicable law.
11.1 Intellectual Property. You acknowledge that PayPal and its licensors retain all intellectual property rights (including all patent, trademark, copyright, trade dress, trade secrets, database rights and all other intellectual property rights) and title in and to all of their Confidential Information; other proprietary information, products, and services; and the ideas, concepts, techniques, inventions, processes, software or works of authorship developed, embodied in, or practiced in connection with the Payflow Services and provided by PayPal hereunder, including without limitation all modifications, enhancements, derivative works, configurations, translations, upgrades, and interfaces thereto (all of the foregoing “PayPal Intellectual Property”). PayPal Intellectual Property does not include your preexisting hardware, software, data, or networks. Except as otherwise expressly provided herein, nothing in this Agreement shall create any right of ownership or license in, and to the other Party’s intellectual property rights and each Party shall continue to independently own and maintain its intellectual property rights. There are no implied licenses under this Agreement and any rights not expressly granted to you under this Agreement are reserved by PayPal or its suppliers. You shall not reverse engineer, decompile, modify in any manner, or create derivative works from the Payflow Services, API License, (defined below) or any PayPal Intellectual Property.
11.2 License. PayPal hereby grants you a non-exclusive, non-transferable, revocable, non-sublicenseable, limited license to use PayPal’s Intellectual Property solely as required and necessary to use the Payflow Services in accordance with the terms and conditions of this Agreement and any user guides provided by PayPal to you (the “IP License” and with respect to the APIs, the “API License”).
11.3 Payflow APIs. PayPal shall make available to you its API integration and user guides and SDKs (collectively “PayPal Documentation”). You shall comply with the PayPal Documentation in connection with the integration and use of APIs. You shall keep all user ID, passwords and other access codes pertaining to the Payflow Services and API License confidential and secure from all unauthorized persons. You will immediately terminate the access rights of any user who ceases to act in an authorized capacity on your behalf for any reason, including because of a change in employment status or in the event of theft, loss, or authorized disclosure or misuse of that user ID. You agree to notify PayPal immediately upon learning of any unauthorized use of your user name or password. You shall be solely responsible for (i) updating your passwords for access to the Payflow Services periodically, and (ii) creating passwords that are reasonably “strong” under the circumstances. The user ID is the property of PayPal and may be immediately revoked or terminated by PayPal if you share the same with any third party, or otherwise breach this API License. In connection with your use of Payflow’s API’s, you are prohibited from doing any of the following: (i) selling, transferring, sublicensing, or disclosing your user ID to any third party (other than third party service providers); (ii) selling, transferring, sublicensing, and/or assigning any interest in PayPal’s Confidential Information accessed by the APIs; (iii) collecting any customer’s personally identifiable information that is accessed through the APIs without that customer’s express permission; (iv) providing timeshare, service bureau, application service provider, or similar services to any other third party; and (v) interfacing or connecting the Payflow Services, or the API License with any other computer software or system without the prior written approval of PayPal. PayPal shall have no responsibility or liability for the performance of the Payflow Services and Payflow Software, in the event that the Payflow Services or Payflow Software are not used in accordance with this Agreement or any instructions for use provided by PayPal.
12.1 Authority. Each party represents and warrants that (a) it has full power and authority to enter into and perform this Agreement; and (b) its execution and performance of this Agreement does not violate, conflict with, or result in a material default under any other contract or agreement to which it is a party, or by which it is bound.
12.2 Compliance with Laws. You represent and warrant that you shall comply with all applicable privacy, consumer and other laws and regulations with respect to (i) provision, use and disclosure of the Data; (ii) dealings with the users providing the Data; and (iii) use of the Payflow Services.
THE PAYFLOW SERVICES AND SOFTWARE INCLUDING THE API LICENSE ARE PROVIDED HEREUNDER ON AN "AS IS" BASIS WITHOUT WARRANTY OF ANY KIND AND EXCEPT AS EXPRESSLY STATED HEREIN, PAYPAL DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE WITH REGARDS TO THE PAYFLOW SERVICES AND SOFTWARE. PAYPAL DOES NOT REPRESENT OR WARRANT THAT THE PAYFLOW SERVICES AND SOFTWARE SHALL OPERATE SECURELY OR WITHOUT INTERRUPTION.
You will defend, indemnify and hold harmless PayPal, its affiliates, and its officers, directors, employees, and agents from any loss, damage, liability, claim, demand, or cost (including reasonable attorneys’ fees) (“Claim”) made or incurred by any third party due to or arising out of (i) your breach of this Agreement; (ii) the sale or use of any product or services sold by you; (iii) your use of the Payflow Services; or (iv) your negligence or misconduct.
IN NO EVENT WILL PAYPAL'S LIABILITY ARISING OUT OF THIS AGREEMENT EXCEED THE FEES PAID TO PAYPAL BY YOU HEREUNDER DURING THE 12 MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT THAT GAVE RISE TO THE CLAIM FOR DAMAGES. IN NO EVENT WILL PAYPAL OR ITS LICENSORS HAVE ANY LIABILITY TO MERCHANT OR ANY OTHER PARTY FOR ANY LOST OPPORTUNITY OR PROFITS, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR SPECIAL DAMAGES ARISING OUT OF THIS AGREEMENT, UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY (INCLUDING NEGLIGENCE), AND WHETHER OR NOT PAYPAL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. The limitations set forth above shall be enforceable to the maximum extent allowed by applicable law.
16.1 Force Majeure. Neither Party shall be responsible for any failure to perform its obligations under this Agreement if such failure is caused by acts of God, war, strikes, revolutions, lack or failure of transportation facilities, laws or governmental regulations, or other causes that are beyond the reasonable control of such Party. Obligations hereunder, however, shall in not be excused but shall be suspended only until the cessation of any cause of such failure.
16.2 Entire Agreement and Modification. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes any prior oral, written, or online agreements. Except as otherwise provided for herein, any waiver, modification, or amendment of any provision of this Agreement will be effective only if in writing and signed by the Parties. This Agreement does not govern your use of the PayPal payment processing services such as Express Checkout or PayPal Payments Advanced, or PayPal Payments Pro, or your PayPal account. Your PayPal account and/or your use of any PayPal payment processing services shall be governed by the online PayPal User Agreement and any other agreement you agree to in connection with such account and/or your use of such PayPal Services.
16.3 Severability. If any provision of this Agreement shall be held illegal or unenforceable, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable.
16.4 Assignment; No Waiver. This Agreement binds and is for the benefit of the successors and permitted assigns of each Party. You may not assign this Agreement or any rights under it, in whole or in part, without PayPal’s prior written consent. Any attempt to assign this Agreement other than as permitted above will be null and void. Failure by either Party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.
16.5 Governing Law and Jury Trial Waiver. This Agreement shall be governed by and construed in accordance with the laws of the State of California, U.S.A., except for its conflicts of laws principles. The Parties consent to the exclusive jurisdiction of, and venue in, the state and federal courts in Santa Clara County, California. PAYPAL AND MERCHANT IRREVOCABLY WAIVE ANY AND ALL RIGHTS THEY MAY HAVE TO A TRIAL BY JURY IN ANY JUDICIAL PROCEEDING INVOLVING ANY CLAIM RELATING TO OR ARISING UNDER THIS AGREEMENT.
16.6 Survival. Sections, which by their nature survive, shall survive any termination or expiration of this Agreement in accordance with their terms.
16.7Export Restrictions. You agree that you shall not import, export, or re-export directly or indirectly, any commodity, including your products incorporating or using any PayPal products in violation of the laws and regulations of any applicable jurisdiction.
16.8 Notices. Except as otherwise expressly stated in this Agreement, all notices to PayPal shall be in writing and delivered, via courier or certified or registered mail, to General Counsel, 2211 North First Street, San Jose, CA 95131 or any other address provided by PayPal. All notices to you shall be delivered to your e-mail address as provided by you in your account information. Unless you choose to opt-out of receiving marketing notices, you authorize PayPal to notify you as our customer, via commercial e-mails, telephone calls, and other means of communication, of information that we deem is of potential interest to you, including without limitation communications describing upgrades, new products and services, or other information pertaining to the Payflow Services or other PayPal offerings relating to Internet security. Notwithstanding the above, you shall not have the right to opt-out of service or support notices relating to the Payflow Services, including without limitation, notices of service modifications, security, performance issues, or technical difficulties.
16.9 Headings. The section headings appearing in the Agreement are inserted only as a matter of convenience and in no way define, limit, construe, or describe the scope or extent of such section, or in any way affect such section.
16.10 Relationship of the Parties. The Parties are independent contractors and will have no power or authority to assume or create any obligation or responsibility on behalf of each other. This Agreement will not be construed to create or imply any partnership, agency, or joint venture.
16.11 Non-Disparagement; Publicity. During the term of the Agreement, neither party will disparage the other party or the other party's trademarks, web sites, products or services, or display any such items in a derogatory or negative manner on any web site or in any public forum or press release. All media releases, public announcements or public disclosures (including, but not limited to, promotional or marketing material) by either Party relating to this Agreement are prohibited without the prior written consent of both Parties.
16.12 Expenses. Except as otherwise specified herein or as otherwise mutually agreed upon by the Parties, each Party will bear its own costs of performing under this Agreement.
16.13 Government Use. If you are a branch or agency of the United States Government, the following provision applies. The software and any related documentation are comprised of "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212 (SEPT 1995) and are provided to the Government (i) for acquisition by or on behalf of civilian agencies, consistent with the policy set forth in 48 C.F.R. 12.212; or (ii) for acquisition by or on behalf of units of the Department of Defense, consistent with the policies set forth in 48 C.F.R. 227.7202-1 (JUN 1995) and 227.7202-3 (JUN 1995).
AMERICAN EXPRESS DIRECT PROCESSING
If at any time you process directly with American Express, you acknowledge and agree to comply with the terms of this Section as applicable.
In no event shall PayPal be liable for Transaction processing and other services performed by American Express.
ADD ON PAYFLOW SERVICES
ENHANCED TECHNICAL SUPPORT
PREMIUM TECHNICAL SUPPORT
RECURRING BILLING SERVICE
If at any time you purchase the Recurring Billing Service, you agree to comply with the following terms and conditions.
FRAUD PROTECTION SERVICES
DATA PROTECTION SCHEDULE
This Data Protection Schedule applies only to the extent that PayPal acts as a Service Provider to you.
Capitalized terms used but not defined in this Schedule shall have the meaning set out in the Agreement.
1 DEFINITIONS AND INTERPRETATION; SCHEDULE COMPOSITION
1.1 Definitions and Interpretation. The following terms have the following meanings when used in this Schedule:
"Customer" means your customers who use the PayPal services in the United States and, for the purposes of this Schedule, are data subjects.
"Customer Data" means the Personal Data that the Customer provides to you and you pass on to PayPal through the use by you of the PayPal services.
"Data Protection Laws" means any data protection laws, regulations, and regulatory requirements applicable to PayPal’s provisions of the PayPal services, including without limitation, the California Consumer Privacy Act of 2018 (CCPA), including any implementing regulations issued by the California Attorney General.
"Personal Data" means any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"process", "processes", and "processed" means any operation or set of operations performed upon Personal Data, including collection, recording, retention, sharing, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction.
“Security Incident" means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by PayPal.
“Service Provider” shall have the meaning set forth in the CCPA.
1.2 Schedule Composition. This Schedule is comprised of (i) sections 1 to 2, being the main body of the Schedule; and (ii) Attachment 1 .
2 PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE SERVICES
2.1 PayPal as a Service Provider.
2.1.1 PayPal is your Service Provider with respect to Customer Data, including the Personal Data of Customers and other natural persons, households, and entities only for the purposes specified in the Agreement. You agree to provide to PayPal only the Customer Data that is necessary for PayPal to provide the payment processing services. The parties acknowledge and agree that PayPal is permitted to use, reproduce and process Customer Data and payment transaction data for the following limited purposes:
2.1.2 PayPal shall comply with the requirements of the Data Protection Laws with respect to the use of Personal Data under this Agreement and shall not knowingly do anything or knowingly permit anything to be done with respect to the Personal Data which might lead to a breach by you of the Data Protection Laws.
2.1.3 With regard to any Customer Data to be processed by PayPal in connection with this Agreement, you will be solely responsible for determining the purposes for which and the manner in which Customer Data are, or are to be, processed.
2.1.4 The Parties acknowledge and agree that valuable consideration, monetary or otherwise, is being provided for the payment processing services being rendered by PayPal and not in exchange for you providing Personal Data in connection with the payment processing services.
2.1.5 Unless otherwise required or authorized by law and subject to any applicable exceptions, limitations, exemptions, and/or exclusions set forth in the CCPA or applicable Data Protection Laws, PayPal is prohibited from collecting, retaining, using, selling or disclosing Personal Information except as necessary for the purpose of performing the payment processing services specified in the Agreement between the parties.
2.2 Customer Requests. PayPal shall, to the extent legally permitted, promptly notify you in the event PayPal receives a request from a Customer for access to, or correction, amendment, or deletion of, that Customer’s Personal Data. PayPal shall not respond to any such Customer request without your prior written consent except to confirm that the request relates to you and you hereby consent to such communication with your Customer by PayPal. PayPal shall provide you with commercially reasonable cooperation and assistance in relation to the handling of a Customer’s request for access to that Customer’s Personal Data, provided that such cooperation and assistance is legally permitted and to the extent you do not have access to such Customer Data through your use of the payment processing services. PayPal and you acknowledge and agree that PayPal is authorized under applicable law to retain and process such Customer Data pursuant to applicable law, including, without limitation, any applicable exceptions, limitations, exemptions, and/or exclusions set forth in the CCPA (including without limitation, those exceptions, limitations, exemptions and/or exclusions set forth in California Civil Code § 1798.145).
2.3 PayPal Personnel. PayPal shall ensure that its personnel engaged in the processing of Customer Data are informed of the confidential nature of the Customer Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Such confidentiality obligations shall survive the termination of the applicable personnel’s engagement. PayPal undertakes to provide its personnel with training as necessary from time to time with respect to PayPal's obligations in this Addendum so that PayPal personnel are aware of, and comply with, such obligations. Access by PayPal's personnel to Customer Data is limited to those personnel performing payment processing services in accordance with the Agreement.
2.4 Technical and Organizational Measures. PayPal shall, as a minimum, implement and maintain appropriate technical and organizational measures as described in Attachment 1 to this Addendum to keep Customer Data secure and to protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the payment processing services. You understand and agree that the technical and organizational measures are subject to technical progress and development. In that regard, PayPal is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained in relation to the provision of the payment processing services. In the event of any detrimental change, PayPal shall provide a notification together with any necessary documentation to you by email or publication on a website easily accessible by you.
2.5 Security Incidents. If PayPal becomes aware of a Security Incident in connection with the processing of Customer Data and if there is a reasonable likelihood of materially harm to a material part of the PayPal systems relating to the payment processing services provided to you, PayPal will, in accordance with Data Protection Laws: (a) notify you of the Security Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimize harm and secure Customer Data.
2.5.1 Details of Security Incident. Notifications made under this Section will describe, to the extent possible, reasonable details of the Security Incident, including steps taken to mitigate the potential risks.
2.5.2 Communication. PayPal will deliver its notification of any Security Incident to one or more of your administrators via email. You are solely responsible for maintaining accurate contact information and ensuring that any contact information is current and valid.
2.6 Deletion. Upon termination or expiration of the Agreement, PayPal will delete or return to you all Customer Data processed on behalf of you, and PayPal shall delete existing copies of such Customer Data except where authorized by Data Protection Laws or necessary to retain such Customer Data strictly for the purposes of compliance with applicable law.
2.7 Certification. The Parties will at all times comply with applicable Data Protection Laws. PayPal hereby certifies that it understands and agrees to the terms of this Data Protection Schedule in this Agreement.
2.8 Merchant Notices. You undertake to provide all notices and obtain all consents necessary for PayPal’s use of Personal Data set out above.
Technical and Organizational Measures
The following technical and organizational measures will be implemented: