FasterPay Terms of Service

  

Welcome to FasterPay! We provide merchants with an easier way to allow their users to pay using credit cards or other payment methods. These Terms of Service (“Terms”) constitute a binding legal Terms between FasterPay Inc., a Nevada corporation with a principal place of business at 3305 Spring Mountain Road, Suite 69, Las Vegas, Nevada, 89102 (“FasterPay” or “us”) and any legal or natural person that signs up to accept payments from their end users using our service (“you,” “Merchant”). Please review them carefully. By clicking ‘I Agree’ or using our service, you agree to be bound by and comply with these terms, including the additional terms and conditions and policies as may be referenced herein.

This Agreement constitutes an electronic record within the meaning as provided under the Applicable Law. This electronic record is generated by a computer system and does not require any physical or digital signatures.

This Agreement shall also include a Privacy Policy and, if applicable to you Data Processing Agreement contained in Annex 1 as mentioned in Clause 20.

We reserve the right to update, change or replace any part of these Terms of Service by posting updates and/or changes to our website. It is Your responsibility to check this page periodically for changes. Your continued use of our Services or access to the website following the posting of any changes constitutes acceptance of those changes.

NOTE THAT THESE TERMS CONTAIN CLAUSES THAT REQUIRE YOU TO USE ARBITRATION ON AN INDIVIDUAL BASIS AND LIMIT THE AVAILABILITY OF CERTAIN REMEDIES IN THE EVENT OF A DISPUTE BETWEEN US AND YOU.

  1. Definitions
    1. A “Chargeback” is a reversal of a transaction initiated by the End User’s financial institution.
    2. The “Corporations” are the financial institutions FasterPay has partnered with to provide payment services, as well as credit card networks (including without limitation Visa, Mastercard, and American Express).
    3. An “End User” is a legal or natural person who purchases goods and/or services from the Merchant.
    4. “FasterPay Service” means the electronic wallet and monetization suite, including an application programming interface and supporting infrastructure, that enables the Merchant to receive end user payments and alternative payments for digital goods and services.
    5. The “Merchant Area” refers to the area of the FasterPay website accessible only by users who long in using valid account credentials that have been established pursuant to the terms of these Terms.
    6. “Refund Costs” include the total amount of any refund issued to an End User, including the costs of issuing a refund and any third party payment processor fees.
    7. “Remittance Costs” are the costs FasterPay incurs to remit funds owed to the Merchant under these Terms, including but not limited to wire transfer fees and any third party processing fees
    8. “Revenue Share” is the amount owed to FasterPay by Merchant in exchange for the use of the FasterPay Service.
    9. “Rolling Reserve” refers to a set percentage withheld from payouts to Merchant to mitigate the risk of fraud, Chargebacks, or other reversed transactions.
    10. "Total Net Revenue" means gross revenues paid by End Users via the FasterPay Service less FasterPay’s Revenue Share, third party payment processor fees, Remittance Costs, Refund Costs, deductions for fraud, chargebacks, chargeback fees, currency exchange rate fluctuation differences, currency exchange fees, and uncollected amounts.
  2. Terms of Payment
    1. FasterPay shall pay you the Total Net Revenue generated by the sale of virtual goods, intangible services, subscriptions, and virtual currency as a result of your End Users’ use of the FasterPay Service. FasterPay expressly reserves the right to deduct the Revenue Share from any amounts owed to Merchant under these Terms prior to paying such amounts out to Merchant.
    2. You shall be responsible for all Remittance Costs.
    3. If for any reason FasterPay is required to (including without limitation by law or its contractual obligations) or resolves to issue a refund to any end user for a transaction, including where the original third party payment option used does not allow refunds, You shall be responsible for total amount of the refund, including the costs of issuing a refund and any third party payment processor fees (collectively, “Refund Costs”) if FasterPay deems it necessary in its sole discretion to issue a refund via a different payment method.
    4. Merchant shall be solely responsible for determining which taxes, if any, apply to the payments received, and to report and remit the correct tax to the appropriate tax authority. FasterPay is not obligated to determine whether taxes apply, and is not responsible to collect, report, or remit any taxes arising from any transaction. Merchant shall be solely responsible for the timely payment of all applicable federal, state or local taxes, including any VAT, sales, use, excise or transfer taxes, and other taxes associated with payments to Merchant under these Terms, except for taxes assessed on FasterPay’s’s net income and local taxes that are already paid by FasterPay or by third party processors. MERCHANT SHALL INDEMNIFY FASTERPAY AGAINST ANY LOSSES, COSTS, LIABILITIES, EXPENSES, INCLUDING ATTORNEYS’ FEES ARISING OUT OF MERCHANT’S FAILURE TO FULLY COMPLY WITH THIS SECTION.
    5. The Revenue Share currently in force may be viewed through the Merchant Area. FasterPay reserves the right to change its Revenue Share upon thirty (30) days' advance notice to You. If you do not agree to a change after you have received such notification, you must immediately cease using the FasterPay Service prior to the effective date of the new Revenue Share. Using the FasterPay Service after the effective date of the new Revenue Share will be deemed to be acceptance of the new terms.
  3. Payment Logistics and Timeframes
    1. All funds collected on Your behalf shall be held in your FasterPay account as pending balance and can be viewed within the Merchant’s account in the Merchant Area. After FasterPay receives the funds from the Corporations, they are displayed as Available Balance and can be withdrawn from the account upon Merchant’s request provided that the Available Balance is at least more than the withdrawal fee as displayed in the Merchant Area. The Merchant can initiate a request for withdrawal from its Available Balance through the Merchant Area. All withdrawals are subject to a fee and shall be limited to the amounts actually collected by FasterPay from the Corporations.  Merchant hereby acknowledges and agrees that the withdrawal requests can take up to 24 hours to five (5) days to be processed or as indicated otherwise.
    2. All payments shall be remitted to the account displayed in the Merchant Area. Merchant is responsible for updating these account details prior to requesting a withdrawal.
    3. Depending on the location of the payment and the payment method selected, most third party payment providers remit the funds to FasterPay on Net 30 payment terms from the end of the month in which the end user transaction occurs. For select markets or payment options, the collection time frame can be Net 45, Net 60, Net 90, or longer. FasterPay will only issue a payout of those funds its third party payment providers have actually remitted to it.
    4. The payout report provided in the Merchant Area shall display the tentative amount of Total Net Revenue that will be paid out to the Merchant. The actual withdrawal amount may fluctuate based on currency exchange rates, uncollected amounts, risk adjustments, chargebacks, reversals and other third party fees.
    5. The Merchant shall notify FasterPay within six (6) weeks after the receipt of a payment if the Merchant wishes to dispute the amount of any payout for the applicable transactions. After the expiration of this period, the payout and FasterPay’s reporting regarding those transactions shall be deemed approved by Merchant.
  4. Refunds
    1. FasterPay may issue refunds on Your behalf in its sole discretion in response to inquiries from End Users or if FasterPay determines that the payment is fraudulent, was submitted by a non-verified user, or if it is an otherwise illegal transaction. If FasterPay fails to receive the appropriate confirmation from You or if an End User inquires about any transaction, FasterPay will contact You for more information and/or to confirm whether the goods or services were actually delivered to the End User. All notifications will be sent to the email address that Merchant provides to FasterPay through the Merchant Area. It is Your obligation to ensure this email address is kept up to date at all times. If the Merchant does not adequately respond to FasterPay within two (2) days of FasterPay’s request, We may issue a refund to the end user without further notice. For all refunds processed, You shall be responsible to reimburse FasterPay for all Refund Costs.
  5. Rolling Reserves and Other Risk Measures
    1. FasterPay shall be entitled to implement a Rolling Reserve to mitigate the risk of fraud, chargebacks or any other applicable risks. The Rolling Reserve rate shall be the amount of all funds owed to Merchant but not yet collected from the Corporations. We may change the amount of the Rolling Reserve depending on the transaction history and risks associated with Your account. Merchant irrevocably authorizes FasterPay to deduct from the Rolling Reserve or any payout owed to Merchant the amount necessary to cover Refund Costs, chargebacks, amounts for fraud, or other amounts due to: FasterPay; the Corporations; or penalties based on the Merchant’s violation of any of the respective party’s terms of service. For purposes of clarity, FasterPay shall have the right to deduct Refund Costs or chargebacks even for those transactions whose amounts have already been paid out to You.
    2. If FasterPay, in its sole discretion, determines that the measures in Section 5.1 are insufficient to address the high level of risk with the Merchant’s account, FasterPay may take further reasonable actions it deems are necessary regarding Merchant’s account.
  6. Fraud and Chargebacks
    1. FasterPay will not be obligated to pay for any fraudulent actions generated by any person, bot, automated program, or similar device on the FasterPay Service in connection with any payment collected by FasterPay, as determined by FasterPay in its sole discretion. Merchant is solely liable to FasterPay for the full amount of all Chargebacks plus associated fees, fines, expenses or penalties (including those assessed by the Corporations). FasterPay may recover these amounts by debiting Your Rolling Reserve account or setting off any amount owed to You. If FasterPay determines in its reasonable discretion that a Chargeback is likely for any transaction, FasterPay may withhold the amount of a transaction until the expiration of the period during which the End User may dispute the transaction, the Chargeback is processed, or FasterPay determines that a Chargeback will not occur. Additional restrictions, fees, penalties, or fines may apply if FasterPay or the Corporations determines that Merchant is incurring excessive Chargebacks. Excessive Chargebacks may result in changes to the Rolling Reserve terms, Revenue Share, holds on payouts to You, suspension of the FasterPay Services, or termination of these Terms.
    2. You authorize FasterPay to contest any Chargebacks (or any subsequent appeals thereof) against third parties on Your behalf, if We choose to do so in our sole discretion. This provision applies so long as FasterPay has an interest in the Chargeback even if any of the following events occurs to You including but not limited to: the filing of or commencement of bankruptcy proceeding or insolvency whether voluntary or involuntary, the dissolution of Your entity, or the liquidation of Your assets. Merchant agrees to cooperate and provide all information that FasterPay requests from Merchant for the purposes of investigating and/or contesting a Chargeback. FasterPay will send such requests to the email address that Merchant provides to FasterPay in the Merchant Area. You must provide a full response to the request within ten (10) days, unless another time frame is specified in the request. If You do not meet these requirements, You shall nonetheless be responsible for all costs or losses that FasterPay incurs as a result of the Merchant’s failure to comply with this section, in addition to the Chargeback amounts plus associated fees, fines, expenses or penalties (including those assessed by the Corporations). FasterPay assumes no liability for the resolution of any Chargeback case.
    3. Merchant acknowledges and agrees that notwithstanding the termination of these Terms for any reason, FasterPay shall remain entitled to contest and recover chargebacks from Merchant (and, where if relevant, from any party who has provided FasterPay with a guarantee or security relating to Merchant’s obligations under these Terms) that occur in relation to transactions effected during the term of these Terms.
  7. Third Party Services
    1. If Merchant clicks on a third party link or opt to receive third party content or services from a payment option or other service provider, it may be directed to that third party’s website. The fact that FasterPay links to a third party website or provides Merchant access to any third party service or content is not an endorsement or representation of any affiliation with the third party, and it is not an endorsement of their privacy or information security policies or practices. FasterPay does not exercise any control over third party websites or services. By choosing to navigate to third party sites or to receive third party content or services, Merchant shall be subject to the terms and conditions of the respective third party and Merchant agrees that such services and content are provided “as is,” “with all faults,” and without any warranty of any kind. Merchant acknowledges it will only use and implement third party services at its own risk. FasterPay is not liable to Merchant, or any third party, in any way, for any losses, damages, costs or other expenses arising from Merchant’s use of third party services or content.
  8. Merchant Obligations
    1. Merchant is obliged to provide FasterPay all the details in respect of its offices locations, their registered addresses and contacts, all "doing business as" (DBA) names used by the Merchant, key personnel, ownership structure, a complete list with the detailed description of the services and goods provided by Merchant as provided when entering into these Terms, and any business strategy to enlarge/reduce the list of services/goods provided to FasterPay. Merchant shall immediately inform FasterPay in writing of any significant litigation, enforcement action, governmental inquiry, claim, or other fact that relates to the performance of these Terms, any changes to its business model (including any change of control and/or constitution), goods and/or services it sells, leases or distributes or of any changes in regulatory requirements to which it is subject (including but not limited to changes to or the revocation of the licenses it requires for the business), which might have an adverse impact/effect on FasterPay’s compliance with applicable laws and any regulatory requirements.
    2. Merchant acknowledges that FasterPay has the right to terminate these Terms with immediate effect or amend the terms of these Terms, including but not limited to Revenue Share, payout terms, and rolling reserve, in response to Merchant’s disclosures or any change of circumstances under this Section. If the Merchant does not provide the required information to FasterPay and apply preventive actions, in the case that FasterPay or Merchant discovers suspicious and/or fraudulent activity, the Merchant shall indemnify FasterPay against all losses arising out of the Merchant`s failure to notify FasterPay of any changes that are relevant for compliance with regulatory requirements and standards applicable to FasterPay or the Merchant.
    3. In the event that Merchant owes any amount to FasterPay for any reason under these Terms, Merchant shall also be liable for any additional costs associated with the collection of the amount owed, including without limitation attorneys’ fees and expenses, costs of any arbitration or court proceeding, collection agency fees and any applicable interest. FasterPay may also collect such amounts by deducting the amount from Merchant’s account. Merchant’s failure to fully pay the amounts owed will be a material breach of these Terms.
    4. Furthermore, Merchant is obliged and agrees:
      1. to comply with the approved standards by the Corporations and incorporate on an ongoing basis all the applicable amendments into its business process. These standards will be made available to You through the Merchant Area;
      2. to fully accept that the Corporations are the sole and exclusive owners of their marks and therefore can make a decision to prohibit the Merchant from using their marks at any time for any reasons without advance notification;
      3. that Merchant is not permitted to contest the ownership of the trademarks of the Corporations for any reason;
      4. that the Corporations have the right to enforce any provisions of their standards and to prohibit the Merchant and/or FasterPay from engaging in any conduct that any of the Corporations deem could injure or create the risk of injury to any of the Corporations, including damage of reputation, adversely affect the integrity of their systems and etc.;
      5. to cooperate with FasterPay to investigate any suspected illegal, fraudulent or improper activities; and,
      6. that the standards promulgated by the Corporations will govern if there is any inconsistency between any provision of these Terms and the standards.
  9. Compliance with Laws
    1. Merchant agrees that it will deliver the content and service in compliance with all applicable local, state, national and international laws, rules and regulations, including any laws regarding privacy and the transmission of technical data exported from Merchant's country of residence. Merchant will not authorize nor otherwise encourage any third party to (a) interfere or attempt to interfere with the proper working of the FasterPay Service or prevent others from using the FasterPay Service; or (b) use the FasterPay Service for any fraudulent or unlawful purpose. Violation of any of the foregoing may result in immediate termination of these Terms, at FasterPay's sole discretion, and may subject Merchant to state and federal penalties and other legal consequences. FasterPay reserves the right, but will have no obligation, to review Merchant's display of and use of the FasterPay Service in order to determine whether a violation of these Terms has occurred or to comply with any applicable law, regulation, legal process, or governmental request.
  10. Representations and Warranties
    1. Without limiting any other representation, warranty or covenant herein, each party hereby represents and warrants to the other party that: (a) it has the full right, power and authority to enter into these Terms; (b) these Terms is a valid and binding obligation of such party; and (c) it has obtained and shall maintain throughout the term of these Terms all necessary licenses, authorizations, approvals and consents to enter into and perform its obligations hereunder in compliance with all applicable laws, rules and regulations.
    2. Merchant represents and warrants to FasterPay that it lawfully owns the rights to all content on the Projects and its website, including any trademarks, trade names, copyrights, and other intellectual property.
  11. Indemnification
    1. Merchant agrees to indemnify and hold FasterPay, its payment processors, its providers, its licensors, the Corporations, and the respective subsidiaries, affiliates, agents, directors and employees of the same, harmless from and against any losses, costs, liabilities and expenses, including attorneys' fees, arising out of any claims relating to the Merchant’s breach of this Terms, any alleged violation or infringement for any copyright, trademark, trade name, or any other intellectual property, or any other claim about the Merchant, the Merchant’s website or any of the goods or services advertised or delivered by the Merchant.
    2. The indemnified party reserves the right, at the indemnifying party's expense, to assume the exclusive defense and control of any matter for which the indemnifying party is required to indemnify the indemnified party and the indemnifying party agrees to cooperate with the indemnified party's defense of such claims.
  12. Disclaimer of Warranty
    1. FASTERPAY SERVICES, AND ANY OTHER MATERIALS OR SERVICES PROVIDED IN CONNECTION THEREWITH, ARE PROVIDED “AS IS” AND “AS AVAILABLE,” AND MERCHANT RECEIVES AND USES THOSE SERVICES AT ITS OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, FASTERPAY, THE CORPORATIONS, ITS PROVIDERS, ITS LICENSORS (AND THEIR RESPECTIVE SUBSIDIARIES, AFFILIATES, AGENTS, DIRECTORS, AND EMPLOYEES) DO NOT WARRANT THAT THE SERVICES WILL BE ERROR FREE, UNINTERRUPTED, OR SECURE; THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED; OR THAT THE SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. ANY CONTENT OR DATA DELIVERED ON MERCHANT’S REQUEST OR OBTAINED THROUGH THE USE OF THE SERVICES IS OBTAINED AT ITS OWN RISK AND MERCHANT WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO ITS PROPERTY OR LOSS OF DATA THAT MAY RESULT. FASTERPAY DOES NOT WARRANT THE RESULTS OF USE OF THE FASTERPAY SERVICE, INCLUDING, WITHOUT LIMITATION, THAT MERCHANT WILL EARN ANY PARTICULAR AMOUNTS (OR ANY AMOUNTS) HEREUNDER.
    2. FASTERPAY DOES NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SERVICES. FASTERPAY WILL NOT BE A PARTY TO OR IN ANY WAY MONITOR ANY TRANSACTION BETWEEN MERCHANT AND ANY THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES, BEYOND WHAT IS EXPRESSLY STATED BY FASTERPAY.
  13. Limitation of Liability and Damages
    1. FasterPay shall not be liable to Merchant or any other party if FasterPay is delayed or unable to fulfill any of its obligations in this Terms due to an event beyond the reasonable control of FasterPay, including but not limited to acts of God, strikes, labor disputes, war, terrorism, riots, acts of civil or military authority, economic instability, power outages, fire, flood, theft, equipment breakdowns, hacking attacks, internet connection unavailability, internal mechanical or systems failures. FasterPay shall also not be liable in any case for any transaction where the payment instructions received contain incorrect or improperly formatted information or any suspension or refusal to accept a payment that FasterPay reasonably believes to be made fraudulently or without proper authorization.
    2. UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, WILL FASTERPAY OR ITS AFFILIATES BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, RELIANCE, OR EXEMPLARY DAMAGES THAT RESULT FROM THIS TERMS, EVEN IF FASTERPAY OR A FASTERPAY AUTHORIZED REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL FASTERPAY'S OR ITS AFFILIATES' TOTAL LIABILITY TO MERCHANT FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION ARISING OUT OF OR RELATING TO THIS TERMS (WHETHER IN CONTRACT OR TORT, INCLUDING NEGLIGENCE, WARRANTY, OR OTHERWISE) EXCEED THE AMOUNTS PAID OR PAYABLE TO MERCHANT FOR THE TRANSACTION TO WHICH THE CLAIM RELATES.
    3. UNDER NO CIRCUMSTANCES SHALL FASTERPAY OR ITS AFFILIATES BE RESPONSIBLE OR HELD LIABLE FOR ANY TRANSACTIONS OR PAYMENTS THAT ARE BLOCKED BY THIRD PARTIES, INCLUDING BANKS, FINANCIAL INSITUTIONS, OR ANY GOVERNMENT BODY. THIS DISCLAIMER OF LIABILITY INCLUDES ANY RESTRICTION BASED ON APPLICABLE INTERNATIONAL, NATIONAL, OR LOCAL LAWS, RULES AND REGULATIONS, THE SPECIALLY DESIGNATED NATIONALS LIST PUBLISHED BY THE OFFICE OF FOREIGN ASSETS CONTROL, ANY INTERNAL BANK “BLACK LISTS,” OR ANY OTHER SIMILARLY RESTRICTIVE THIRD PARTY MEASURES.
  14. Intellectual Property License and Ownership
    1. FasterPay hereby grants to Merchant a non-exclusive, non-transferable, revocable, worldwide license to access and use the FasterPay Service for incorporation into any of Merchant’s social media, online application, mobile application, website, or any other medium that is approved by FasterPay.
    2. FasterPay manages a portfolio, which is updated from time to time, of names, logos, unregistered and registered trademarks, copyrights, and other branding materials in supporting documentation that relate to the FasterPay Services (the “Licensed Material”). FasterPay grants the Merchant a non-exclusive, non-transferable, revocable, worldwide license to use the Licensed Material for the sole purposes of promoting the FasterPay Services during the Term, provided that:
      1. Merchant’s use of the Licensed Material is subject to FasterPay’s then current policies and procedures, as currently in effect and posted in the Merchant Area;
      2. Merchant acknowledges and agrees that any use of the Licensed Material is solely as licensee from FasterPay and that any goodwill arising from the Merchant’s use of the Licensed Material will be for the benefit of FasterPay; and
      3. FasterPay may limit, expand, or terminate this license with prior written notice at any time.
    3. Merchant grants to FasterPay a non-exclusive, non-transferable, revocable, and royalty-free worldwide license to use the names, logos, and unregistered or registered trademarks that relate to the Merchant or its services for the purposes of promoting the availability of the FasterPay Services.
    4. Merchant agrees that it will use any data (including any usage data and compilations thereof), information or software provided by FasterPay to Merchant only for the purpose of providing content for FasterPay on the Site as set forth in these Terms. Except as expressly described in this section, FasterPay does not grant to Merchant any license, express or implied, to the intellectual property of FasterPay or its licensors. FasterPay will own and retain all rights, title, and interest in and to the FasterPay Service (except for any licensed content and third-party content included therein), including all data (including any usage data and compilations thereof), information and software related thereto. Merchant acknowledges that the software, information and data related to the FasterPay Service (including, without limitation, any usage data or compilations thereof) are protected by FasterPay copyrights or other intellectual property owned by FasterPay. Merchant agrees not to copy, alter, modify or create derivative works of the FasterPay Service or any such data, information or software or otherwise use the FasterPay Service or any such data, information or software in any way that violates the use restrictions contained in these Terms.
  15. Confidentiality
    "Confidential Information" shall mean (a) any data (including any usage data and compilations thereof) relating to the business of the disclosing party, including product designs, product plans, data, software and technology, financial information, marketing plans, business opportunities, proposed terms, pricing or rate information, discounts, inventions and know-how disclosed to the other party; and/or (b) any other information designated in writing, or identified orally at time of disclosure, by the disclosing party as "confidential" or "proprietary." During and after the term of this Agreement, the receiving party shall not use for any purpose, or disclose to any third party, any Confidential Information of the disclosing party except as specifically permitted herein. The foregoing restriction does not apply to information that: (I) has been independently developed by the receiving party without access to the other party's Confidential Information; (II) has become publicly known through no breach of this Section by the receiving party; (III) has been rightfully received from a third party authorized to make such disclosure; (IV) has been approved for release in writing by the disclosing party; (V) is required to be disclosed by a competent legal or governmental authority, provided that the receiving party gives the disclosing party prompt written notice of such requirement prior to disclosure and assists in obtaining an order to protect the information from public disclosure; or (VI) is required by our payment partners for select payment processing services such as credit card, bank transfer or other services.
  16. Term and Termination
    1. These Terms shall continue in force until terminated.
    2. FasterPay reserves the right to terminate Your use of the FasterPay Service, including your FasterPay account, if you violate these Terms or any other applicable terms posted in the Merchant Area, or for any other reason in our sole discretion. In the event of any termination, FasterPay may delay payment to Merchant for up to six months, or longer if necessary, and may deduct from the payout any amounts necessary to satisfy any debts or obligations that result from the Merchant's account. Following the reconciliation of any anticipated obligations, FasterPay will remain liable for any amount remaining of Total Net Revenue due to Merchant through the effective date of termination and such obligation to pay shall survive any termination of these Terms.
    3. You may view your account or edit your information by visiting the Merchant Area. If you want to delete your personal information, change your settings, or stop storing information using your Account, you can submit these requests through the Merchant Area.
    4. Notwithstanding, anything contained in this Agreement, FasterPay may terminate this Agreement under any one or more of the following conditions:  

      In event of default of performance of any of its material obligations by You under this Agreement or the services provided herein being in contravention of any regulatory requirements or law, as may be applicable from time to time; or

      If a petition for insolvency is filed against the other Party and such petition is not dismissed within ninety (90) days  after  filing  and/or  if  the  other  Party  makes  an  arrangement  for the benefit of its creditors or, if the court receiver is appointed as receiver of all/any of properties of the Party. 
       
    5. If FasterPay has reasonable grounds to believe that Merchant has breached terms of this Agreement by selling any prohibited items in that particular jurisdiction and/or due to noncompliance of taxation laws and liabilities, FasterPay shall have right to terminate this Agreement.  
  17. Changes to these Terms
    1. FasterPay may, in its discretion, make changes to these Terms at any time. If FasterPay considers any such changes material, we will notify you in accordance with these Terms. We may also provide notices of changes to these Terms or other matters by displaying links to notices in the Merchant Area. By continuing to use the FasterPay Service after those changes are made, you are expressing and acknowledging your acceptance of the changes.
  18. Assignment
    1. You may not assign this Agreement or any rights or obligations hereunder, by operation of law or otherwise, without our prior written approval and any such attempted assignment shall be void and FasterPay shall have the right to terminate the Agreement as per the terms of this Agreement. We reserve the right to freely assign the Agreement and the rights and obligations hereunder, to any affiliates/subsidiaries/third party/ without consent. Subject to the foregoing, the Agreement shall be binding upon and inure to the benefit of the parties hereto, their successors and permitted assigns.
  19. General Legal Terms
    1. Notice. All notices under these Terms will be sent to you via the email address associated with your account, and will be deemed to have been given as of the first business day after the date sent.
    2. Relationship Between the Parties. These Terms shall not be construed to create a partnership, joint venture, or other business enterprise between the parties.
    3. Severability. If any provision contained in these Terms is determined to be invalid, illegal, or unenforceable in any respect under any applicable law, then such provision will be severed and replaced with a new provision that most closely reflects the original intention of the parties, and the remaining provisions of these Terms will remain in full force and effect.
    4. Waiver. Failure by FasterPay to exercise or enforce any provision of these Terms shall not be deemed to be a waiver of future enforcement of those or any other rights under these Terms.
    5. Construction. Section headings are for convenience only.
    6. Official Language. The official language of these Terms is the English language. Any translations are provided for your convenience only, and in the case of any conflict or ambiguity between the English version of these terms and any other version of this terms in a different language shall be resolved based on the English version.
    7. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of California, without giving effect to principles of conflicts of law. Company agrees that any action at law or in equity arising out of or relating to this Agreement will be filed only in the state or federal courts in and for San Francisco, California, and Company hereby consents and submits to the personal and exclusive jurisdiction of such courts for the purposes of litigating any such action.
    8. Disputes. Any dispute hereunder will be privately negotiated in good faith between the parties within forty-five (45) calendar days commencing upon written notice from one party to the other. If the parties fail to privately resolve any dispute, the parties shall submit to arbitration performed by a mutually agreed upon arbitration provider in San Francisco, California.

      TO THE EXTENT PERMITTED BY LAW, YOU ARE GIVING UP YOUR RIGHT TO GO TO COURT. THERE IS NO JUDGE OR JURY IN ARBITRATION, AND COURT REVIEW OF AN ARBITRATION AWARD IS LIMITED. AN ARBITRATOR CAN AWARD ON AN INDIVIDUAL BASIS THE SAME DAMAGES AND RELIEF AS A COURT, BUT ARBITRATION PROCEDURES (SUCH AS, FOR EXAMPLE, DISCOVERY MAY BE SIMPLER AND MORE LIMITED THAN COMPARABLE RULES IN COURT. YOU AND FASTERPAY AGREE THAT ALL DISPUTES WILL BE RESOLVED ON AN INDIVIDUAL BASIS RATHER THAN A CLASS ACTION, CONSOLIDATED, OR REPRESENTATIVE-- BASIS. SHOULD A PROCEEDING TAKE PLACE IN COURT FOR ANY REASON, BOTH YOU AND PASSPORT.IO WAIVE ANY RIGHT TO A JURY TRIAL.
       
    9. Electronic Signature: The parties agree that this and all future agreements may be conducted electronically. If you wish to opt out of electronic signatures and instead conclude a handwritten agreement, you must not sign this version of the agreement. Instead, contact us at support@fasterpay.com.
       
    10. Note to EU Residents: You may find the European Commission’s entity for online dispute resolution for consumer disputes at http://ec.europa.eu/consumers/odr/. If you have any initial questions concerning a potential dispute or its resolution, please email us through the Merchant Area.
  20. Data protection, security compliance & privacy
    1.   Privacy Policy 
      FasterPay’s Privacy Policy explains how FasterPay treats personal information/data it obtains as well as how FasterPay protects Merchant’s privacy. Merchant’s use of the FasterPay service and providing information to FasterPay means Merchant consents to all actions taken by FasterPay with respect to personal information/data in compliance with FasterPay’s Privacy Policy. The retention of information is subject to various applicable laws including data retention obligation which may not allow us to delete your information for a period of time. 
       
    2. Security of Your Account Access
      You agree to: (I) Not allow anyone else to have or use Your password details and to comply with all reasonable instructions we may issue regarding account access and security. In the event You share Your password details, FasterPay will not be liable to You for losses or damages; (II) In addition, you may create a Sub-Account, protected by a Username and a Password, to provide limited access to anyone else who You require to periodically consult information of Your FasterPay Account (III) Keep Your personal details up to date. We may be unable to respond to You if You contact us from an address, telephone number or email account that is not registered with us; and (IV) Take all reasonable steps to protect the security of the personal electronic device through which You access the FasterPay Services.
       
    3. PCI Compliance
      1. If You use FasterPay Services to accept payment card Transactions, You must comply with the Payment Card Industry Data Security Standards (PCI-DSS) and, if applicable to Your business, the Payment Application Data Security Standards (PA-DSS) (collectively, the “PCI Standards”)
      2. You will promptly provide us with documentation demonstrating Your compliance with the PCI Standards upon our request. If You elect to store, hold and maintain “Account Data”, as defined by the PCI Standards (including Customer card account number or expiration date), You further agree that You will either maintain a PCI-compliant system or use a compliant service provider to store or transmit such Account Data; further, You agree to never store any “Sensitive Authentication Data”, as defined by the PCI Standards (including CVC or CVV2), data at any time.
      3. FasterPay uses PCI-compliant payment providers to process credit card payments. FasterPay does not store, hold or maintain Primary Account Numbers (PAN). FasterPay is PCI-compliant and will maintain all applicable PCI DSS requirements to the extent FasterPay handles, has access to, or otherwise stores, processes, or transmits the customer’s cardholder data or sensitive authentication data, or manages the customer’s cardholder data environment on behalf of a customer.
         
      4. Data Processing
        1. You are the data controller and we are the data processor in relation to Personal Data processed on Your behalf under this Agreement, except that we will be a data controller in relation to Personal Data where we determine the purposes and manner in which the Personal Data is processed (including, for example, in complying with any regulations or laws imposed upon us through Network Rules or Services Providers).
        2. We will, to the extent that we are a data processor, process Personal Data in accordance with the terms of this Agreement and lawful instructions reasonably given by You to us from time to time, and we will employ appropriate technical and organizational measures to protect such Personal Data. We will not be liable for any claim brought by a data subject arising from any action or omission by us, to the extent that such action or omission resulted from Your instructions.







































 

ANNEX 1 

 

STANDARD CONTRACTUAL CLAUSES

SECTION I

Clause 1

Purpose and scope

(a)

The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (1) for the transfer of personal data to a third country.


 

(b)

The Parties:

(i)

the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and


 

(ii)

the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)

have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).


 

(c)

These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.


 

(d)

The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2

Effect and invariability of the Clauses

(a)

These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.


 

(b)

These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3

Third-party beneficiaries

(a)

Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:

(i)

Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;


 

(ii)

Clause 8 – Module One: Clause 8.5 (e) and Clause 8.9(b);


 

(iii)

Clause 9 – Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);


 

(iv)

Clause 12 – Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);


 

(v)

Clause 13;


 

(vi)

Clause 15.1(c), (d) and (e);


 

(vii)

Clause 16(e);


 

(viii)

Clause 18 – Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.


 


 

(b)

Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4

Interpretation

(a)

Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.


 

(b)

These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.


 

(c)

These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8 Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

8.1   Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B. It may only process the personal data for another purpose:

(i)

where it has obtained the data subject’s prior consent;


 

(ii)

where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or


 

(iii)

where necessary in order to protect the vital interests of the data subject or of another natural person.

8.2   Transparency

(a)

In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:

(i)

of its identity and contact details;


 

(ii)

of the categories of personal data processed;


 

(iii)

of the right to obtain a copy of these Clauses;


 

(iv)

where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.


 


 

(b)

Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.


 

(c)

On request, the Parties shall make a copy of these Clauses, including the Appendix as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Appendix prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.


 

(d)

Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

8.3   Accuracy and data minimisation

(a)

Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.


 

(b)

If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.


 

(c)

The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.

8.4   Storage limitation

The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation of the data and all back-ups at the end of the retention period.

8.5   Security of processing

(a)

The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.


 

(b)

The Parties have agreed on the technical and organisational measures set out in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.


 

(c)

The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.


 

(d)

In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.


 

(e)

In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.


 

(f)

In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.


 

(g)

The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.

8.6   Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter ‘sensitive data’), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.

8.7   Onward transfers

The data importer shall not disclose the personal data to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:

(i)

it is to a country benefiting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;


 

(ii)

the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;


 

(iii)

the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;


 

(iv)

it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;


 

(v)

it is necessary in order to protect the vital interests of the data subject or of another natural person; or


 

(vi)

where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

8.8   Processing under the authority of the data importer

The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.

8.9   Documentation and compliance

(a)

Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.


 

(b)

The data importer shall make such documentation available to the competent supervisory authority on request.

 

Clause 9

Data subject rights

(a)

The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request. The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language. 

 

(b)

In particular, upon request by the data subject the data importer shall, free of charge:

(i)

provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i); 

 

(ii)

rectify inaccurate or incomplete data concerning the data subject;

 

(iii)

erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.

 

 

(c)

Where the data importer processes the personal data for direct marketing purposes, it shall cease processing for such purposes if the data subject objects to it.

 

(d)

The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter ‘automated decision’), which would produce legal effects concerning the data subject or similarly significantly affect him/her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:

(i)

inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and

 

(ii)

implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.

 

 

(e)

Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.

 

(f)

The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.

 

(g)

If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.

Clause 10

Redress

 

The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

Clause 11

Liability

 

(a)

Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.


 

(b)

Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.


 

(c)

Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.


 

(d)

The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.


 

(e)

The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.



Clause 12

Supervision

(a)

The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as a competent supervisory authority.

[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679:] The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.

[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679:] The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.


 

(b)

The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14

Local laws and practices affecting compliance with the Clauses

Transfer processor to controller (where the EU processor combines the personal data received from the third country-controller with personal data collected by the processor in the EU)

(a)

The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.


 

(b)

The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:

(i)

the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;


 

(ii)

the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards (12);


 

(iii)

any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.


 


 

(c)

The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.


 

(d)

The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.


 

(e)

The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a). [For Module Three: The data exporter shall forward the notification to the controller.]


 

(f)

Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation [for Module Three:, if appropriate in consultation with the controller]. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by [for Module Three: the controller or] the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

Clause 15

Obligations of the data importer in case of access by public authorities

Transfer processor to controller (where the EU processor combines the personal data received from the third country-controller with personal data collected by the processor in the EU)

15.1   Notification

(a)

The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:

(i)

receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or


 

(ii)

becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.


 


 

(b)

If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.


 

(c)

Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.)


 

(d)

The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.


 

(e)

Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

15.2   Review of legality and data minimisation

(a)

The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).


 

(b)

The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request. [For Module Three: The data exporter shall make the assessment available to the controller.]


 

(c)

The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

SECTION IV – FINAL PROVISIONS

Clause 16

Non-compliance with the Clauses and termination

(a)

The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.


 

(b)

In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).


 

(c)

The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:

(i)

the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;


 

(ii)

the data importer is in substantial or persistent breach of these Clauses; or


 

(iii)

the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority [for Module Three: and the controller] of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.


 

(d)

Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data.] [For Module Four: Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof.] The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.


 

(e)

Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

Clause 17

Governing law

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of  Portugal.

 

Clause 18

Choice of forum and jurisdiction

Transfer controller to controller

 

(a)

Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.


 

(b)

The Parties agree that those shall be the courts of Portugal.


 

(c)

A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.


 

(d)

The Parties agree to submit themselves to the jurisdiction of such courts.

 


 

(1)  Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915.

(2)  This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU) 2016/679, and that this process is irreversible.

(3)  The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.

(4)  The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.

(5)  See Article 28(4) of Regulation (EU) 2016/679 and, where the controller is an EU institution or body, Article 29(4) of Regulation (EU) 2018/1725.

(6)  The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purposes of these Clauses.

(7)  This includes whether the transfer and further processing involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences.

(8)  This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7.

(9)  This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7.

(10)  That period may be extended by a maximum of two more months, to the extent necessary taking into account the complexity and number of requests. The data importer shall duly and promptly inform the data subject of any such extension.

(11)  The data importer may offer independent dispute resolution through an arbitration body only if it is established in a country that has ratified the New York Convention on Enforcement of Arbitration Awards.

(12)  As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies.

 


 

APPENDIX

EXPLANATORY NOTE:

It must be possible to clearly distinguish the information applicable to each transfer or category of transfers and, in this regard, to determine the respective role(s) of the Parties as data exporter(s) and/or data importer(s). This does not necessarily require completing and signing separate appendices for each transfer/category of transfers and/or contractual relationship, where this transparency can be achieved through one appendix. However, where necessary to ensure sufficient clarity, separate appendices should be used.

 


 

ANNEX I

A.   LIST OF PARTIES

Data exporter(s): The legal entity and/or sole proprietor along with his contact details provided to FasterPay’s Onboarding Department. 

   

Data importer(s): Fasterpay inc 

 

1.

Contact person’s name, position and contact details: 

Data Protection Team

dataprotection@fasterpay.com

B.   DESCRIPTION OF TRANSFER

The Personal Data transferred concern the following categories of data subjects:

Owners, directors, managers of Data Exporter, the Data Exporter’s partners and their partners 

Customer and prospective customer personnel

Data obtained from the data exporter in order to fulfil its contractual obligations. 

Clients of the data exporter 

 

Categories of personal data transferred

Identification data Personal identification data->  Title, name, first name, private address, phone numbers, email addresses (personal or professional at your choice).
Financial data ->  Financial identification data Bank account numbers, expenses and supporting documents. 

Personal characteristics->  Personal details Age, gender, year and place of birth, citizenship.


The frequency of the transfer will be on a continuous basis.
The nature of processing is for the operational activity such as collection, recording, organisation, structuring, storage, adaptation , retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.

Purpose(s) of the data transfer and further processing

-To efficiently communicate and transfer the data evaluated from the importer for customer Due Diligence, Merchant Underwriting, Merchant Onboarding and other data obtained from the review of Merchant pursuant to the main contract between the companies. 

-For AML and counter-terrorism financing (CTF) purposes

-To manage risks & AML and CTF obligations, fight frauds, prevent theft and permit identity verifications.

- To execute the contractual obligation of the exporter, including but not limited to payment processing.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

The Data Importer will retain the data for a period consistent with its Financial, Anti-Money Laundering and Counter Terrorist Financing obligations.

 

C.   COMPETENT SUPERVISORY AUTHORITY

Comissão Nacional de Proteção de Dados (‘National Commission for the Protection of Data’. also known as ‘CNPD’). 
Av. D. Carlos I, 134 - 1.º 1200-651 Lisboa 
T +351 21 392 84 00 
F +351 21 397 68 32 
geral@cnpd.pt www.cnpd.pt 

 


 

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

EXPLANATORY NOTE:

The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers.

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

[Examples of possible measures:

The company encrypts, pseudonymised and tokenizes the personal data it receives. All Financial data is protected, tokenized and encrypted. The company is a PCI DSS level 1 certified entity. The information retrieved and stored by the company is obtained in connection with its contractual obligation and the performance of its payment processing activities.  The company abides by the principle of privacy by design and implements strong access restriction towards all collected personal data.  

 

Measures of pseudonymisation and encryption of personal data

 

Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services. Annual training of employees, Protection of data and accountability for data breaches. Chief Information Security Officer responsible for the accurate and diligent storage of data. 

Fasterpay maintains, reviews and updates internal protocols and measures in place to back-up the personal data and to ensure that it can be recovered and maintained in the event of an incident. FasterPay also maintains, reviews and updates its internal policies for information and security, its cybersecurity measures and the management of information & reporting. Furthermore a culture of security and data protection awareness as well as Remote access restrictions, is established in the company in order to ensure that all the employees, contractors and any third party working for or with the company, know what is expected and how to maintain compliance. Regular and ongoing training sessions are key to ensuring that the latest information, guidance, legislations and regulations are known and understood. 

Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident


 

Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing

 

Evaluation:  Annual review of technical and organisational measures on effectiveness and plausibility. Additionally the company performs risk assessment of transfer, obtainment and storage of personal data.  Annual Audit on the Information Security Measures of the importer. 

Measures for user identification and authorisation

For access rights to personal data, and exercise of right in accordance with the GDPR, individuals need to confirm the information provided by them as a result of the transfer of data.

Measures for the protection of data during transmission

Transmission control: The company uses  SSL certificate for websites (https: //) to transfer data within formsThe transportation of servers or other storages containing personal data to another location must be authorised by Directors. Only secure channels may be used for the transportation of such media.  The status of the shipment should be monitored until it has been delivered to its new location.

Measures for the protection of data during storage

Strong Data Storage Security Policies and Data Access restrictions are enforced in all data storage facilities.

 

Measures for ensuring physical security of locations at which personal data are processed

Pseudonymisation: Replacement of user-related data by random codes

Encryption: Cloud solution with encryption

Access control: e.g. Access to server rooms only with key or chip card, offices are secured with alarms and video monitoring. 

Confidentiality: Password policies, Physical security policy, Code of Conduct, Access Right policies.


Measures for ensuring events logging
Integrity: e.g. User authorisations are restricted to only key personnel (eg. Onboarding Department ,Compliance Department, Fraud Department)

 

Measures for ensuring system configuration, including default configuration

The company limits the categories of personal data chosen for processing to a data collection that is directly relevant for the originally specified purposes. When accessing the website or visiting a page that integrates the services provided by FasterPay the systems gather data automatically transmitted from the device(s) you use to access the Fasterpay website or other sites integrating the Services, such as your IP address, unique device identifier, browser information, and system information (e.g., operating system). This information, alone or combined with other information, may allow you to be identified. FasterPay inc has strict system configuration standards, respecting ISO/IEC 27701, ISO/IEC 27702, EDPS guidelines on specific IT related matters, such as those on mobile devices, web services, mobile apps and cloud computing. ??

Measures for internal IT and IT security governance and management

Annual Audit on internal IT systems and policies. 

Measures for certification/assurance of processes and products


 

Measures for ensuring data minimisation
FasterPay limits the collection of personal information to what is directly relevant and necessary to accomplish the functionality of the services we provide. The company obtains only the data it needs to perform its contractual obligations and comply with AML and CTF obligations.

Measures for ensuring data quality

Accuracy: for whatever data described, it needs to be accurate.

Relevancy: Data collected to perform contractual obligations and satisfy international obligations. 

Completeness:  Data completeness is ensured by secured cannot begin without complete information from 

Timeliness: the data should be up to date. Data obtained only at time of transaction/request. 

Measures for ensuring limited data retention
DPO agents ensure that the stored data is deleted after the end of the minimum retention period . 

 

Measures for allowing data portability and ensuring erasure.
Data Privacy and rights are guaranteed to all European People citizens and individuals residing in jurisdictions which allow data portability and erasure. 

For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter

Each transfer 


Recoverability: Backups that are regularly checked for successful recovery.