PayPal Website Payments Pro and Virtual Terminal Agreement
PayPal Website Payments Pro and Virtual Terminal Agreement
Last Update: July 9, 2019
This PayPal Website Payments Pro and Virtual Terminal agreement ("Pro/VT Agreement") is a contract between you (the "Merchant") and PayPal, Inc. (“PayPal”, “we”, “us” or “our”), and applies to your use of PayPal Payments Advanced ("Payments Advanced"), PayPal Payments Pro (Website Payments Pro) ("Payments Pro"), PayPal Payments Pro (Website Payments Pro Payflow Edition) ("Payments Pro Payflow"), or Virtual Terminal (the "Products"). Each of the Products includes the PayPal services listed in this Pro/VT Agreement and described more fully on our website. You must read, agree with and accept all of the terms and conditions contained in this Pro/VT Agreement. By using any of the Products, you agree to comply with all of the terms and conditions in this Pro/VT Agreement, so please read all of the terms and conditions carefully.
This Pro/VT Agreement applies in addition to the PayPal User Agreement and any other agreement to which you have entered into with PayPal (collectively "PayPal Agreements") to your use of the PayPal services through the Products. If any inconsistency exists between the terms of the PayPal User Agreement and this Pro/VT Agreement then, except for Express Checkout, the terms of this Pro/VT Agreement shall control in connection with your use of the PayPal services through any Product. The terms of the PayPal User Agreement shall control for any inconsistency for Express Checkout.
We may amend this Pro/VT Agreement at any time by posting a revised version on our website. The revised version will be effective at the time we post it. In addition, if we change the Pro/VT Agreement in a way that reduces your rights or increases your responsibilities, we will provide you with 30 Days' prior notice by posting notice on the "Policy Updates" page of our website. If you would like to receive notification by email of new Policy Updates, then you may do so by logging into your PayPal account and selecting this option by going to My Account > Profile > Account Information > Notifications. If you do not agree with any change, to the Pro/VT Agreement, you may terminate your use of the PayPal services at any time.
1. Credit Report Authorization.
You understand and agree that you are providing PayPal with your "written instructions" in accordance with the Fair Credit Reporting Act, and you are authorizing PayPal to obtain your personal credit report from a credit bureau for the purpose of processing this application for PayPal services. You further understand and agree that you are authorizing PayPal to obtain your credit report on an ongoing basis for account review purposes.
All fees are in U.S. Dollars unless otherwise stated. The fees associated with any Express Checkout transaction submitted by you via any Product are set forth in the PayPal User Agreement.
a. Product Monthly Fees.
Payments Pro Payflow
Virtual Terminal Only
b. Transaction Fees. The Transaction Fees are expressed as a percentage of the payment amount, plus a fixed amount. Transaction Fees associated with any American Express® Direct Payment or Virtual Terminal Payment you accept are set forth separately below.
Products that offer the Service
Purchase Payment Fees set forth
Purchase Payment Fees set forth in the PayPal User Agreement shall apply.
Payments Advanced, Payments Pro Payflow
Payments Advanced, Payments Pro,
If you’re a verified charitable organization:
2.2 + $0.30
Payments Advanced, Payments Pro, Payments Pro Payflow
2.4% + $0.30
Payments Advanced, Payments Pro, Payments Pro Payflow, Virtual Terminal (only)
* Excludes Direct Payments and Virtual Terminal Payments where an American Express Card is used.
The Transaction Fees above are for payments received by you in U.S. Dollars. If the payment is in a currency other than U.S. Dollars, then the fees above shall apply with the following change: The $0.30 USD fixed fee portion will be replaced by the fixed fee of the currency of the payment as described below.
U.K. Pounds Sterling:
The following Transaction Fees shall apply to payments made using an American Express Card:
American Express Payments
Virtual Terminal Payments
c. Optional Services. If you elect to use any of the optional PayPal services listed below, the following fees shall apply.
Products that offer the Service
Monthly Fee: $30
Advanced Fraud Management Filters
Monthly Fee: $20
Advanced Fraud Protection Services
Monthly Fee: $10.00
Monthly Fee: $10.00
Account Monitoring Service
Set Up: $29.95
Payments Pro Payflow
Buyer Authentication Service
Monthly Fee: $10.00
Payments Pro Payflow
*Excludes Express Checkout transactions.
d. Additional Fees. The following additional fees apply to all Products in connection with the activity described.
Fee or Spread
$0.30 per uncaptured authorization
Card Verification Transactions**
For all Direct Payment or Virtual Terminal card authorization verification transactions
$0.30 per card verification request
Fixed Fee portion of the original Transaction Fee.
For refunds of Direct Payments or Virtual Terminal Payments where the buyer used an American Express Card, the Transaction Fee will be deducted from your Account at the time of the refund, in addition to the full payment amount that is refunded to the buyer.
Transaction Fee applied to the original transaction.
Failure to use Express Checkout
Up to 1.0%
Up to 5.0%
Currency conversion spread: 2.5% (added to the base exchange rate)
* Excludes Direct Payments and Virtual Terminal Payments where an American Express Card is used.
**Applies only to Visa and MasterCard transactions.
e. Payment Terms.
1. If you use Virtual Terminal only, you agree to allow PayPal to charge your PayPal account for fees that become due under this Pro/VT Agreement. In the event that PayPal is unable to recover any fee amount that is due from your PayPal account, PayPal may terminate your use of the PayPal services within 30 days of the date that the fee was due and you will remain obligated to pay PayPal for any unpaid amounts. If you use Payments Pro and choose to have your fees under this Pro/VT agreement charged to your PayPal account, the terms of this paragraph apply.
2. If you use Payments Advanced or Payments Pro Payflow, you agree to allow PayPal to charge the credit card or bank account that you provided when you registered for these Products for fees that become due under this Pro/VT Agreement. If you use Payments Pro and choose to have your fees under this Pro/VT agreement charged to your credit card or bank account, the terms of this paragraph apply.
3. Monthly fees are paid on a calendar month basis. For Payments Pro or Virtual Terminal, monthly fees are charged in advance. For Payments Advanced or Payments Pro Payflow, monthly fees are payable in arrears.
4. For fees charged per transaction, the fee amount will be deducted from the transaction amount at the time of the transaction. You are liable for all claims, expenses, fines, and liability PayPal incurs arising out of your use of the Products.
5. All fees are non-refundable.
f. Promotional Period. If you have signed up for the PayPal services pursuant to a promotional period, you agree to pay the monthly fee upon the expiration of a promotional period offered by PayPal.
g. Failure to Use Express Checkout. If you fail to comply with the requirement to use Express Checkout described in Section 8, you may be subject to up to a 1% fee increase to your then current Transaction Fee rate. This fee may be included in your initial rate when you first sign up for the PayPal services, or may be added at any time by PayPal with 30 days' prior written notice of the fee increase. You agree to terminate your use of the PayPal services if you do not agree to this fee.
h. Risk Factors Fee. If PayPal determines that your PayPal account receives, or is likely to receive, a disproportionately high number of customer complaints, Reversals, chargebacks, disputes, claims, fees, fines, penalties or other liability (collectively "Risk Factors"), you may be subject to up to a 5% fee increase above your then current Transaction Fee rate. This fee may be added to your initial rate when you first sign up for the PayPal services, or may be added at any time by PayPal with 30 days' prior notice of the fee increase. You agree to terminate your use of the PayPal services if you do not agree to this Fee.
i. Required Use of PayPal-Hosted Pages for PayPal Payments Advanced. Payments Advanced requires the exclusive use of PayPal-hosted templates on your checkout pages to process payments. If you use Payments Advanced to process payment sales or authorizations on non-PayPal hosted pages, you may be charged the higher monthly fee for using Payments Pro Payflow instead of the Payments Advanced monthly fee, but you may not receive full access to all features of Payments Pro Payflow. PayPal may implement this fee increase in its sole discretion at any time with 30 days’ prior written notice to you. You agree to terminate your use of the PayPal services if you do not agree to this fee.
j. Processing Requirements. You agree to submit only any transactions for processing which represent a bona fide, permissible transaction free of liens, claims, and encumbrances other than ordinary sales taxes; as outlined in this Pro/VT Agreement and in the Card Company Rules, or which accurately describes the product or services being sold or the charitable donations being made. You authorize PayPal to submit transactions to and receive settlement from American Express and to disclose transaction and merchant information to American Express to perform analytics and create reports, and for any other lawful business purposes, including commercial marketing communications purposes and important transactional or relationship communications. You also agree to ensure data quality and that any Data is processed promptly, accurately and completely, and complies with the Card Companies’ technical specifications. You agree not to process transactions or receive payments on behalf of any other party, or redirect payments to any other party. You agree not to bill or collect from any cardholder for any purchase or payment on the card unless you have the right to do so under the Card Company Rules.
3. Data Security.
a. General. You are fully responsible for the security of data on your website or otherwise in your possession or control. You agree to comply with all applicable laws and rules in connection with your collection, security and dissemination of any personal, financial, Card, or transaction information (defined as "Data") on your website. You must report any Data breach or incident to PayPal and the Card Companies immediately after discovery of the incident.
b. PCI DSS Compliance.
i. Merchant PCI Compliance. You agree that at all times you shall be compliant with the Payment Card Industry Data Security Standards (PCI DSS), the Payment Application Data Security Standards (PA DSS), and any Card Company data security requirements, as applicable. You agree to promptly provide us with documentation evidencing your compliance with PCI DSS, PA DSS, or other Card Company data security requirements, if requested by us. You also agree that you will use only PCI compliant service providers in connection with the storage, or transmission of Card Data defined as a cardholder’s account number, expiration date, and CVV2. You must not store CVV2 data at any time. Your customers’ Card Data is handled by PayPal if: (a) your Product is Payments Advanced, or (b) your Product is Payments Pro Payflow and you choose to activate the “transparent redirect” feature and integrate the feature properly per PayPal’s instructions. In order to verify your PCI DSS compliance, you must complete PCI DSS compliance certification pursuant to the requirements that we notify to you via email.
ii. PayPal PCI Compliance. PayPal agrees that it shall comply with the applicable PCI DSS requirements, as such may be amended from time to time, with respect to all cardholder data received by it in connection with this Agreement. PayPal acknowledges that it is responsible for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of the Merchant, or to the extent that they could impact the security of the Merchant's cardholder data environment.
c. Data Usage. Unless you receive the express consent of your customer, you may not retain, track, monitor, store or otherwise use Data beyond the scope of the specific transaction. Further, unless you get the express written consent of PayPal and each Acquiring Bank and/or the Card Companies, as applicable, you agree that you will not use nor disclose the Card Data for any purpose other than to support payment for your goods and services. Card Data must be completely removed from your systems, and any other place where you store Card Data, within 24 hours after you receive an authorization decision unless you have received the express consent of your customer to retain the Card Data for the sole purpose of processing recurring payments. To the extent that Card Data resides on your systems and other storage locations, it should do so only for the express purpose of processing your transactions. All Data and other information provided to you by PayPal in relationship to the PayPal services and all Card Data will remain the property of PayPal, its Acquiring Bank or the Card Companies, as appropriate.
d. Password Security. You agree to restrict use and access to your password and log-on ID to your employees and agents as may be reasonably necessary, and will ensure that each such employee or agent complies with the terms of this Pro/VT Agreement. You will not give, transfer, assign, sell, resell or otherwise dispose of the information and materials provided to you to utilize the PayPal services. You are solely responsible for maintaining adequate security and control of any and all IDs, passwords, or any other codes that are issued to you by PayPal, each Acquiring Bank or the Card Companies.
e. Audit. If PayPal believes that a security breach or compromise of Data has occurred, PayPal may require you to have a third party auditor that is approved by PayPal conduct a security audit of your systems and facilities and issue a report to be provided to PayPal, the Acquiring Banks and the Card Companies. In the event that you fail to initiate an audit within 10 business days of PayPal's request, PayPal may conduct or obtain such an audit at your expense. In addition, the Card Companies may conduct an audit at any time, for the purpose of determining compliance with the Card Company Rules.
f. Compliance with Data Protection Schedule. You agree (as a “Merchant”) to comply with Schedule 1 below, which forms part of this Agreement. The terms of the Data Protection Schedule prevail over any conflicting terms in this Agreement relating to data protection and privacy.
4. Additional Terms for American Express Card Acceptance.
a. American Express may use the information obtained in your application at the time of setup to screen and/or monitor you in connection with Card marketing and administrative purposes.
b. You may be converted from this Pro/VT Agreement to a direct card acceptance agreement with American Express if you reach certain monthly sales volumes. Upon conversion, (i) you will be bound by American Express' then-current Card Acceptance Agreement; and (ii) American Express will set your pricing and other fees for American Express Card acceptance.
c. By accepting these terms, you agree to receive commercial marketing communications from American Express. You may opt out by contacting PayPal at (888) 221-1161.
d. American Express shall be a third party beneficiary of this Pro/VT Agreement for purposes of American Express Card acceptance. As a third party beneficiary, American Express shall have the right to enforce directly against you the terms of this Pro/VT Agreement as related to American Express Card acceptance. You acknowledge and agree that American Express shall have no responsibility of liability with regard to PayPal’s obligations to you under this Pro/VT Agreement.
5. Dynamic Currency Conversion.
You may not perform dynamic currency conversion. This means that you may not list an item in one currency and then accept payment in a different currency. If you are accepting payments in more than one currency, you must separately list the price of each product or service in each currency.
6. Brand Parity.
By using the Products, PayPal permits you to directly accept Cards. With regard to your Card acceptance, you agree to the following:
a. Where you accept Cards on your website, you will display each Card's logo with equal size and prominence, and you shall not display a preference for, nor discriminate against, one Card over another, including your refund policies for purchases.
b. You agree to comply with the logo usage standards located at: http://www.paypal.com/cgi-bin/webscr?cmd=xpt/general/OnlineLogoCenter-outside.
c. You authorize PayPal to provide information regarding your business and individual Card transactions to third parties for the purpose of facilitating the acceptance and settlement of your Card transactions and in connection with items, including chargebacks, refunds, disputes, adjustments, and other inquiries.
7. Card Not Present.
You acknowledge that PayPal routes and processes transactions as appropriate through the Products via the relevant Card Company network(s) as remote (card not present) payments. If you accept a Card that is physically presented to you at the point of sale you acknowledge that the scope of your protection from chargebacks will be limited to the protection that is available for remote payments.
8. Required Use of Express Checkout, PayPal Credit
a. If you use Payments Advanced, Payments Pro, or Payments Pro Payflow, you must use Express Checkout in the following manner:
1. You must include a PayPal Express Checkout button either: (i) before you request the shipping/billing address and other financial information from your customers or (ii) on the same page that you collect such information if you only use one page for your checkout process.
2. You must offer PayPal as a payment option together with the other payment options you offer. The PayPal acceptance mark must be displayed with equal prominence to the logos for your other payment options. You shall not discriminate against PayPal, nor discourage its use, as a payment option over any other payment option offered by you.
3. You must provide your customers with the option of not storing their personal information, including their email address, shipping/billing address, and financial information.
b. If you use Payments Advanced, you must offer PayPal Credit as a payment option on your hosted checkout page as automatically enabled by PayPal. Any offers associated with PayPal Credit that you present outside of the hosted checkout page must be displayed in the manner prescribed and instructed by PayPal and approved by PayPal prior to posting.
9. Risk Controls.
If you use the Products, you may be able to elect to use our Risk Controls which provide you the option of changing our certain controls to accept transactions with a higher likelihood of risk. Eligibility for Risk Controls is determined in PayPal's sole discretion. The following terms apply to your use of the Risk Controls:
a. Liability. If you adjust your Risk Controls, in addition to your existing liability for fraudulent transactions, you are liable for all additional risk. It is your responsibility to adjust the Risk Controls to determine whether you want to accept or decline such transactions. You may adjust the Risk Controls on the Risk Controls Overview Page on the PayPal website. If you would like to remove your ability to access Risk Controls, please contact your account manager.
b. Expanding Acceptance. You may adjust your Risk Controls to accept certain payments, including:
1. Direct Payments or Virtual Terminal Payments that are unable to verify the cardholder's address through the Address Verification Services. This is also referred to as "AVS No Match."
2. Direct Payments or Virtual Terminal Payments that do not include a card security code. This is also referred to as "Card Security Code Not Submitted".
3. All payment types that failed PayPal's proprietary risk models.
c. Expanding Declines. You may adjust your Risk Controls to decline payments, including:
1. Direct Payments or Virtual Terminal Payments where the address entered by the cardholder only partially matches the information stored by the issuing bank.
2. Direct Payments or Virtual Terminal Payments where the Address Verification Service is unsupported or unavailable at the time the payment is processed.
d. Transaction Reviews. You may adjust your Risk Controls to review and manually accept payments. Reviewing a payment prevents the funds from being transferred to your Account until you review the payment. If you do not accept a payment within 30 days, it will be reversed. Note that not all payment types can be reviewed.
e. Rejecting Transactions. You may not reject a transaction unless, based on various combinations of authentication information, you reasonably determine that the individual requesting the transaction is misrepresenting his or her identity.
10. Fraud Management Filters.
Fraud management filters allow you to accept or reject transactions with a higher likelihood of risk. If you would like to restrict the ability to access fraud management filters, please contact your account manager. Note, not all transactions will be reviewed and there is no guarantee that fraud management filters will prevent losses.
a. Liability. If you adjust your fraud management filters, in addition to your existing liability for fraudulent transactions, you are liable for all additional risk. It is your responsibility to adjust the fraud management filters to determine whether you want to accept or decline such transactions.
b. Adjustments. You may adjust your fraud management filters to accept, flag, review or deny certain payments, including:
1. Direct Payments or Virtual Terminal Payments that are unable to verify the cardholder’s address through the Address Verification Services. This is also referred to as “AVS No Match”.
2. Direct Payments or Virtual Terminal Payments that do not include a card security code. This is also referred to as “Card Security Code Not Submitted”.
3. Direct Payments and Virtual Terminal Payments that failed PayPal’s proprietary risk models.
4. Direct Payments and Virtual Terminal Payments where the address entered by the cardholder only partially matches the information stored by the issuing bank.
5. Direct Payments and Virtual Terminal Payments where the Address Verification Service is unsupported or unavailable at the time the payment is processed.
c. Transaction Reviews. Reviewing a payment prevents the funds from being transferred to your Account until you decide to accept that payment. If you do not accept a payment within 30 days, it will be reversed.
d. Rejecting Transactions. You may not reject a transaction unless, based on various combinations of authentication information, you reasonably determine that the individual requesting the transaction is likely not the consumer they are representing themselves to be.
11. Fraud Protection Services.
If you use Payments Advanced or Payments Pro Payflow, you may use our Fraud Protection Services. If you use our Fraud Protection Services, you are responsible for setting preferences for the PayPal Fraud Protection Services. It is your responsibility to determine which transactions the Fraud Protection Services will accept or reject based on the authentication information provided by PayPal.
12. Recurring Billing/Recurring Payments Consent.
If you are using the Recurring Billing or Recurring Payments feature you agree that it is your responsibility to comply with Card Company Rules, applicable law, including the Electronic Funds Transfer Act (Reg E), including by capturing your customers’ agreement to be billed on a recurring basis.
13. No Warranty.
THE PRODUCTS AND THE PAYPAL SERVICES AND ALL ACCOMPANYING DOCUMENTATION ARE PROVIDED TO YOU ON AN "AS IS" BASIS WITHOUT ANY WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. PAYPAL MAKES NO WARRANTY THAT THE PAYPAL SERVICES WILL BE CONTINUOUS OR ERROR-FREE. PayPal does not guarantee, represent or warrant that the PayPal services and related features that enable you to detect or minimize fraudulent transactions will discover or prevent all non-valid or fraudulent transactions. PayPal is not responsible for any non-valid or fraudulent transactions that are processed.
14. Reserves and other Protective Actions.
If, in our sole discretion, we believe there may be a high level of risk associated with you, your PayPal account, your business model, or your transactions we may take certain actions in connection with your Account and/or your use of the PayPal services.
a. Reserves. PayPal, in its sole discretion, may place a Reserve on funds held in your PayPal account when PayPal believes there may be a high level of risk associated with your PayPal account. If PayPal places a Reserve on funds in your PayPal account, they will be shown as “pending” in your PayPal Balance. If your PayPal account is subject to a Reserve, PayPal will provide you with notice specifying the terms of the reserve. The terms may require that a certain percentage of the amounts received into your PayPal account are held for a certain period of time, or that a certain amount of money is held in reserve. PayPal may change the terms of the Reserve at any time by providing you with notice of the new terms.
b. Additional Actions. We may take other actions we determine are necessary to protect against the risk associated with your PayPal account including requesting additional collateral from you such as a letter of credit or a personal guarantee. PayPal may contact your customers, on your behalf, in the event that PayPal is investigating potential fraud.
c. Information. In order to determine the risk associated with your PayPal account, PayPal may request at any time, and you agree to provide, any information about your business, operations or financial condition. We reserve the right to reassess your eligibility for any Product if your business is materially different from the information you provided in your application.
a. By Merchant. You may terminate your use of the PayPal services at any time. Merchant may terminate its acceptance of American Express at any time upon notice.
b. By PayPal. PayPal may terminate your use of the PayPal services if:
1. You fail to comply with the terms of, or are unable to pay or perform your obligations under, this Pro/VT Agreement or any of the PayPal Agreements that apply to the PayPal services;
2. We decide, in our discretion, that you become ineligible for the PayPal services because there is a high level of risk associated with your PayPal account or for any other reason, or upon request by any Acquiring Bank or any of the Card Companies.
3. You violate any Card Company Rule as they may be amended by the Card Companies from time to time.
c. Effect of Termination. If your use of any Product is terminated, your use of the PayPal services associated with that Product will immediately end. You agree to complete all pending Card transactions, immediately remove all logos for Cards, and stop accepting new transactions through the Product. If your use of any Product is terminated, you will not be refunded the remainder of the Monthly Fees that you have paid for such Product.
16. PayPal is Your Agent for Receiving Payment.
You represent and warrant to PayPal that each transaction that you process through the PayPal Payments Pro or Virtual Terminal services is solely in payment for your provision of bona fide goods and/or services to your customers (each, a “Payor”). You hereby designate PayPal, and PayPal hereby agrees to serve, as your limited agent for the sole purpose of receiving such payments on your behalf from your Payors. You agree that upon PayPal receiving payment from a Payor: (a) you shall be deemed to have received payment from such Payor, (b) such Payor’s obligation to you in connection with such payment shall be satisfied in full, (c) any claim you have for such payment against such Payor shall be extinguished and (d) you are obligated to deliver the applicable goods and/or services to the Payor, in each case regardless of whether or when PayPal remits such payment to you. PayPal will remit to you in accordance with this Agreement, or apply as an offset to any obligation you may have to PayPal, any such payments it receives on your behalf. Any receipt provided to the Payor shall be binding on you and shall satisfy all applicable regulatory requirements. This paragraph states the entirety of PayPal’s duties as your agent for receipt of payment, and no other duties shall be implied by PayPal’s undertaking to act in that capacity.
a. Law and Forum for Disputes. Except as otherwise agreed by the parties or as described in the PayPal User Agreement, you agree that any claim or dispute you may have against PayPal must be resolved by a court located in either Santa Clara County, California, or Omaha, Nebraska. You agree to submit to the personal jurisdiction of the courts located within Santa Clara County, California, or Omaha, Nebraska for the purpose of litigating all such claims or disputes. This Pro/VT Agreement shall be governed in all respects by the laws of the State of California, without regard to conflict of law provisions.
b. Indemnification. You agree to defend, indemnify and hold PayPal, its parent, officers, directors and employees harmless from any claim or demand (including attorneys’ fees) made or incurred by any third party due to or arising (i) out of your breach of this Pro/VT Agreement; (ii) your use of the Products or the PayPal services accessed through the Products, including without limitation chargebacks, refunds and Card Company fines/penalties; (iii) your fraudulent transaction or data incidents.
c. No Waiver. Our failure to act with respect to a breach by you or others does not waive our right to act with respect to subsequent or similar breaches.
d. Compliance with Laws. You agree to comply with all applicable laws, rules, or regulations, including the Card Company Rules.
e. Data Use. PayPal shall have the right (i) to use the Data it receives from you as necessary to perform the PayPal services; (ii) to collect and process the Data subject to applicable law to use internally for record keeping, internal reporting, analytics, fraud detection and support purposes; (iii) to compile and disclose Data in the aggregate where your individual or user Data is not identifiable, including calculating Merchant averages by region or industry; and (iv) to provide the Data as required by the Card Companies, the Acquiring Banks, law or court order, or to defend PayPal’s rights in a legal dispute.
f. Complete Agreement. This Pro/VT Agreement , along with the PayPal User Agreement and any applicable policies and agreements on the Legal Agreements page on the PayPal website, sets forth the entire understanding between you and PayPal with respect to the your use of the Products and the PayPal services accessed through the Products. If any provision of this Pro/VT Agreement is held to be invalid or unenforceable, such provision shall be struck and the remaining provisions shall be enforced. In addition, your acceptance of Card transactions via a Product is also subject to a Commercial Entity Agreement you have with each of the Acquiring Banks.
"Account Monitoring Service" means the optional service associated with Payments Pro Payflow that receive notifications of suspicious activity, as described in more fully on the PayPal website.
"Acquiring Bank" means each of the financial institutions PayPal partners with to process your Card payments, including your Direct Payments and Virtual Terminal Payments, and each of your Card funded Express Checkout payments, and with whom you entered into a Commercial Entity Agreement.
"Advanced Fraud Management Filters" means the optional feature associated with Payments Pro and Virtual Terminal that allows you to use additional filters and toggles to help protect you from fraud and chargebacks, as described in more detail on the PayPal website.
"American Express" means American Express Travel Related Services Company, Inc. and its affiliates.
"API" means PayPal’s proprietary application programming interfaces used to interface with the PayPal systems in order to use certain PayPal services.
"Buyer Authentication Service" means the optional service associated with Payments Pro Payflow that enables you to integrate Visa’s Verified by Visa and MasterCard’s SecureCode into the Payments Pro Payflow service, as described in more detail on the PayPal website.
"Card Companies" means a company or group of financial institutions that promulgate rules to govern Card Transactions via bankcard and payment networks including MasterCard, Visa, Discover, American Express, as well as US debit networks including Star, Nyce, Pulse and Accel.
“Card Company Rules” means the rules and regulations governing acceptance of Cards. Rules are available for Visa, MasterCard, American Express, Discover, and for Star, Nyce, Pulse and Accel upon request, each as updated from time to time.
"Cards" means payment cards branded with the logos of (i) Visa, MasterCard, American Express, Discover and (ii) US debit networks including Star, Nyce, Pulse and Accel.
"CVV2 Data" means the three or four digit number printed to the right of the Card number in the signature panel on the back of the Card. On American Express Cards, it is printed on the front of the Card above the Card number.
"Data" has the meaning provided in Section 3(a).
"Direct Payment" means a payment processed by PayPal through the Direct Payment API that is funded directly by a Card and not through a PayPal account.
"Express Checkout" means the PayPal service where PayPal is a payment option on a merchant’s website at checkout, with payments being processed by PayPal through the Express Checkout API and funded directly from a User’s PayPal account.
"Fixed Fee" means the portion of the Transaction Fees that is a fixed monetary amount and not a percentage of the payment amount.
"Fraud Protection Services" means the optional service associated with Payments Advanced and Payments Pro Payflow, that allows you to access additional risk management features to help protect you from fraud and chargebacks, as described in more detail on the PayPal website.
"Monthly Sales Volume" means the total payment volume processed by you through any Product using any payment method.
"Payments Advanced" means PayPal Payments Advanced (also known as Website Payments Pro Payflow Link Edition), which is the suite of PayPal services consisting of Express Checkout, PayPal Credit, and Direct Payments services as standard, and that provides PayPal-hosted checkout, as described in more detail on the PayPal website. Optional additional services include Fraud Protection Services and Recurring Billing, which are all more fully described on our website.
"Payments Pro" means PayPal Payments Pro (Website Payments Pro), which is also known as Website Payments Pro, and is the suite of PayPal services consisting of Express Checkout, Direct Payments, Virtual Terminal and Fraud Management filters as standard, as described in more detail on the PayPal website. Optional additional services include Advanced Fraud Management Filters and Recurring Payments, which are all more fully described on our website.
"Payments Pro Payflow" means PayPal Payments Pro (Website Payments Pro Payflow Edition), which is also known as Website Payments Pro Payflow Edition, and is the suite of PayPal services consisting of Express Checkout, PayPal Credit, Direct Payments, and Virtual Terminal services as standard, and that provides full checkout page customization, as described in more detail on the PayPal website. Optional additional services include Fraud Protection Services and Recurring Billing, which are all more fully described on our website.
"PayPal Agreements" has the meaning provided in the second paragraph of this Pro/VT Agreement.
"PayPal Credit" means the open-end, consumer credit account issued by Synchrony Bank. It is available to US consumers who are of legal age in their state of residence and is subject to credit approval.
"PayPal User Agreement" means the online agreement you entered into with PayPal when you opened your PayPal account, as it may have been amended from time to time. The PayPal User Agreement currently in effect can be accessed via the Legal Agreements link in the footer of nearly every page on the PayPal website.
"Products" has the meaning provided in the first paragraph of this Pro/VT Agreement.
"Pro/VT Agreement" has the meaning provided in the first paragraph of this Pro/VT Agreement.
"Recurring Billing" means the optional feature associated with Payments Advanced and Payments Pro Payflow that, with the consent of your customer, enables you to set up payments that recur at specified intervals and frequencies as described in more detail on the PayPal website.
"Recurring Payments" means the optional feature associated with Payments Pro and Virtual Terminal that, with the consent of your customer, enables you to set up payments that recur at specified intervals and frequencies, as described in more detail on the PayPal website.
"Risk Controls" means the optional feature available to certain users of the Products that provide a merchant with the option of changing certain controls to accept or decline transactions with a higher likelihood of risk.
"Transaction Fees" means the fees provided in Section 2(b) of this Pro/VT Agreement. Note, if you use certain optional PayPal services, certain additional fees may apply to your transactions on a per transaction basis, as outlined in Section 2(c); however, these are not included in this definition.
"Virtual Terminal" means the PayPal service that enables you to receive a Card payment by manually entering Card Data given to you by a customer.
"Virtual Terminal Payment" means a payment processed by PayPal through the Virtual Terminal flows that is funded directly by a Card and not through a PayPal account.
"Website Payments Pro" is defined under “Payments Pro”.
"Website Payments Pro Payflow Edition" is defined under “Payments Pro Payflow”.
DATA PROTECTION SCHEDULE
This Data Protection Schedule applies only to the extent that PayPal acts as a processor or Sub-processor to Merchant.
Capitalized terms used but not defined in this Schedule shall have the meaning set out in the Agreement.
1 DEFINITIONS AND INTERPRETATION
1.1 The following terms have the following meanings when used in this Schedule:
"Card Information" is defined in Section 2.15 of this Schedule.
"Customer" means a European Union customer of Merchant who uses the PayPal services and for the purposes of this Schedule, is a data subject.
"Customer Data" means the personal data that the Customer provides to Merchant and Merchant passes on to PayPal through the use by the Merchant of the PayPal services.
"data controller" (or simply "controller") and "data processor" (or simply "processor") and "data subject" have the meanings given to those terms under the Data Protection Laws.
"Data Protection Laws" means General Data Protection Regulation (EU) 2016/679 (GDPR) and any associated regulations or instruments and any other data protection laws, regulations, regulatory requirements and codes of conduct of EU Member States applicable to PayPal's provision of the PayPal services.
"Data Recipient" is defined in Section 2.15 of this Schedule.
"PayPal Group" means PayPal and all companies in which PayPal or its successor directly or indirectly from time to time owns or controls.
"personal data" has the meaning given to it in the Data Protection Laws.
"processing" has the meaning given to it in the Data Protection Laws and "process", "processes" and "processed" will be interpreted accordingly.
"Sub-processor" means any processor engaged by PayPal and/or its affiliates in the processing of personal data.
1.2 Schedule. This comprises (i) sections 1 to 2, being the main body of the schedule; (ii) Attachment 1; (iii) Attachment 2; and (iv) Attachment 3 (with its appendixes).
2 PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE SERVICES
2.1 Merchant data controller. With regard to any Customer Data to be processed by PayPal in connection with this Agreement, Merchant will be a controller and PayPal will be a processor in respect of such processing. Merchant will be solely responsible for determining the purposes for which and the manner in which Customer Data are, or are to be, processed.
2.2 Merchant written instructions. PayPal shall only process Customer Data on behalf of and in accordance with Merchant’s written instructions. The Parties agree that this Schedule is Merchant's complete and final written instruction to PayPal in relation to Customer Data. Additional instructions outside the scope of this Schedule (if any) require prior written agreement between PayPal and Merchant, including agreement of any additional fees payable by Merchant to PayPal for carrying out such additional instructions. Merchant shall ensure that its instructions comply with all applicable laws, including Data Protection Laws, and that the processing of Customer Data in accordance with Merchant's instructions will not cause PayPal to be in breach of Data Protection Laws. The provisions of this Section are subject to the provisions of Section 2.14 on Security. Merchant hereby instructs PayPal to process Customer Data for the following purposes:
2.2.1 as reasonably necessary to provide the PayPal services to Merchant and its Customer;
2.2.2 after anonymizing the Customer Data, to use that anonymized Customer Data, directly or indirectly, which is no longer identifiable personal data, for any purpose whatsoever.
2.3 PayPal cooperation. In relation to Customer Data processed by PayPal under this Agreement, PayPal shall co-operate with Merchant to the extent reasonably necessary to enable Merchant to adequately discharge its responsibility as a controller under Data Protection Laws, including without limitation as Merchant requires in relation to:
2.3.1. assisting Merchant in the preparation of data protection impact assessments to the extent required of Merchant under Data Protection Laws; and
2.3.2 responding to binding requests from data protection authorities for the disclosure of Customer Data as required by applicable laws.
2.4 Scope and Details of Customer Data processed by PayPal. The objective of processing Customer Data by PayPal is the performance of the PayPal services pursuant to the Agreement. PayPal shall process the Customer Data in accordance with the specified duration, purpose, type and categories of data subjects as set out in Attachment 2 (Data Processing of Customer Data).
2.5 Compliance with Laws. The Parties will at all times comply with Data Protection Laws.
2.6 Correction, Blocking and Deletion. To the extent Merchant, in its use of the PayPal services, does not have the ability to correct, amend, block or delete Customer Data, as required by Data Protection Laws, PayPal shall comply with any commercially reasonable request by Merchant to facilitate such actions to the extent PayPal is legally permitted to do so. To the extent legally permitted, Merchant shall be responsible for any costs arising from PayPal’s provision of such assistance.
2.7 Data Subject Requests. PayPal shall, to the extent legally permitted, promptly notify Merchant if it receives a request from a Customer for access to, correction, amendment or deletion of that Customer’s personal data. Merchant shall be responsible for responding to all such requests. If legally permitted, PayPal shall provide Merchant with commercially reasonable cooperation and assistance regarding such Customer's request and Merchant shall be responsible for any costs arising from PayPal’s assistance.
2.8 Training. PayPal undertakes to provide training as necessary from time to time to the PayPal personnel with respect to PayPal's obligations in this Schedule to ensure that the PayPal personnel are aware of and comply with such obligations.
2.9 Limitation of Access. PayPal shall ensure that access by PayPal's personnel to Customer Data is limited to those personnel performing PayPal services in accordance with the Agreement.
2.10 Sub-processors. Merchant specifically authorizes the engagement of members of the PayPal Group as Sub-processors in connection with the provision of the PayPal services. In addition, Merchant generally authorizes the engagement of any other third parties as Sub-processors in connection with the provision of the PayPal services. When engaging any Sub-processor, PayPal will execute a written contract with the Sub-processor, which contains terms for the protection of Customer Data which are no less protective than the terms set out in this Schedule PayPal shall make available to Merchant a current list of Sub-processors for the respective PayPal services with the identities of those Sub-processors.
2.12 Security. PayPal shall, as a minimum, implement and maintain appropriate technical and organizational measures as described in Attachment 1 to this Schedule to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the PayPal services. Since PayPal provides the PayPal services to all Merchants uniformly via a hosted, web-based application, all appropriate and then-current technical and organizational measures apply to PayPal’s entire customer base hosted out of the same data center and subscribed to the same service. Merchant understands and agrees that the technical and organizational measures are subject to technical progress and development. In that regard, PayPal is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained in relation to the provision of the PayPal services.
2.13 Security Incident Notification. If PayPal becomes aware of a Security Incident in connection with the processing of Customer Data, PayPal will, in accordance with Data Protection Laws: (a) notify Merchant of the Security Incident promptly and without undue delay; (b) promptly take reasonable steps to minimize harm and secure Customer Data; (c) describe, to the extent possible, reasonable details of the Security Incident, including steps taken to mitigate the potential risks; and (d) deliver its notification to Merchant's administrators by any means PayPal selects, including via email. Merchant is solely responsible for maintaining accurate contact information and ensuring that any contact information is current and valid.
2.14 Deletion. Upon termination or expiry of the Agreement, PayPal will delete or return to Merchant all Customer Data processed on behalf of the Merchant, and PayPal shall delete existing copies of such Customer Data except where necessary to retain such Customer Data strictly for the purposes of compliance with applicable law.
2.15 Data Portability. Upon any termination or expiry of this Agreement, PayPal agrees, upon written request from Merchant, to provide Merchant’s new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to Merchant’s Customers (“Card Information”). In order to do so, Merchant must provide PayPal with all requested information including proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements and is level 1 PCI compliant. PayPal agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) Merchant provides PayPal with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (Level 1 PCI compliant) by providing PayPal a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by PayPal; (b) the transfer of such Card Information is compliant with the latest version of the Association PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Association Rules, and any applicable laws, rules or regulations (including Data Protection Laws).
Technical and Organizational Measures
The following technical and organizational measures will be implemented:
- Measures taken to prevent any unauthorized person from accessing the facilities used for data processing;
- Measures taken to prevent data media from being read, copied, amended or moved by any unauthorized persons;
- Measures taken to prevent the unauthorized introduction of any data into the information system, as well as any unauthorized knowledge, amendment or deletion of the recorded data;
- Measures taken to prevent data processing systems from being used by unauthorized person using data transmission facilities;
- Measures taken to guarantee that authorized persons when using an automated data processing system may access only data that are within their competence;
- Measures taken to guarantee the checking and recording of the identity of third parties to whom the data can be transmitted by transmission facilities;
- Measures taken to guarantee that the identity of the persons having had access to the information system and the data introduced into the system can be checked and recorded ex post facto at any time and by any authorized person;
- Measures taken to prevent data from being read, copied, amended or deleted in an unauthorized manner when data are disclosed and data media transported;
- Measures taken to safeguard data by creating backup copies.
Data Processing of Customer Data
Categories of data subjects
Customer Data – The personal data that the Customer provides to Merchant and Merchant passes on to PayPal through the use by the Customer of the PayPal services.
Subject-matter of the processing
The payment processing services offered by PayPal which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.
Nature and purpose of the processing
PayPal processes Customer Data that is sent by the Merchant to PayPal for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.
Type of personal data
Customer Data – Merchant shall inform PayPal of the type of Customer Data PayPal is required to process under this Agreement. Should there be any changes to the type of Customer Data PayPal is required to process then Merchant shall notify PayPal immediately. PayPal processes the following Customer Data, as may be provided by the Merchant to PayPal from time to time:
|Payments Pro||Virtual Terminal||Payments Pro Payflow||Payments Advanced|
|A Billing address||X||X||X||X|
|Government ID number||X|
|Bank account number and bank routing number||X|
|Card or payment instrument type (optional)||X||X||X||X|
|Card Primary Account Number (PAN)||X||X||X||X|
|Card Verification Value (CVV)||X||X||X||X|
|Card expiration date||X||X||X||X|
|Business tax ID||X|
Special categories of data (if relevant)
The transfer of special categories of data is not anticipated.
Duration of Processing
The term of the Agreement.