If you signed up with Elavon for these gateway services prior to 26 April 2024, these Terms and Conditions will continue to apply to your account until 1 July 2024, when the revised terms we notified to you will take effect and will replace these Terms and Conditions.
This Agreement sets out the terms and conditions between us and you for the provision of the Services and is made between Elavon (as further defined below) (“Elavon” or “our” or “we” or “us”) and you the individual or organisation which registers to use the Service (“Merchant” or “you” or “your”).
Please make sure you are happy with all the terms below before you indicate your acceptance. By entering into this Agreement we both acknowledge that we both intend to be bound by this Agreement and to follow its terms. In return for you doing this we agree to let you use the Services as described in this Agreement.
It is important that you regularly check our website as throughout this Agreement, we make reference to various items that may be notified to you on our website. Importantly, this includes any notifications of unavailability of the Services.
You can request additional services from us at any time. If you do, we will provide you with a quotation outlining the services we will be providing, the relevant fees for this and payment terms. Our delivery of any additional services during the Term will be on the terms and conditions set out in this Agreement.
1. How you indicate that you accept this Agreement
1.1. You indicate that you accept this Agreement by placing an order through our website, or by ticking a box or clicking on a button (or something similar) when asked to confirm this during sign up to the Service at which time this Agreement is displayed to you, or by using the Services (or any part of them).
1.2. If you don't accept this Agreement, you may not use the Services.
1.3. If you place an order for the Services through our website, the steps you must take to conclude the Agreement with us are:
(a) You will need to create an account and log in with your allocated password.
(b) Select the Service you wish to purchase and enter the requested information.
(c) Check variable information like pricing - please note that your order is known as an “invitation to treat” and not a contractual offer from us which you may accept. This means that we reserve the right to correct any errors in information without any liability to you.
(d) Make sure you read and understand the terms of this Agreement – you will be asked to tick to accept these terms online.
(e) Review your order - you can identify and correct input errors before you place your order by using the “back” button on your browser and reviewing and correcting the information you have submitted as necessary.
(f) Place your order by clicking on the relevant button – a page will appear confirming that your order has been submitted.
(g) Wait for our acceptance of your order – we will accept orders either in writing or by commencing provision of the Service, depending on the Service selected. Please note that we are entitled to refuse to accept any order. If that happens, we will let you know as soon as we can.
1.4. We will not file the concluded Agreement between us online, so you should print out and keep a copy of the Agreement for your own record.
1.5. This Agreement may only be concluded online in the languages supported by our website which are currently English, German, and Spanish (subject to paragraph 18.13).
1.6. If you are dissatisfied with the Services, or have any other concern, please email our customer support team on opayosupport@elavon.com or call 0191 313 0299.
2. What do the defined terms in this Agreement mean?
· "Agreement" means this Agreement and any documents expressly incorporated by reference;
· “Additional Services” means any third party complimentary products, software or services that integrate or work with the Services or any other products, services, technology or information not provided by us, including other Elavon Digital Europe Limited products, services, technology information or services not provided by us;
· “Cardholder Present Solution” the solution made up of: (i) the Terminal Hire; and (ii) the provision to you of cardholder present payment processing services that enable you to process Transactions via the Terminals on a face to face or MOTO basis; and (where applicable) (iii) the Opayo Introduced Merchant Services;
· “Chargeable Transaction” means a Transaction authorised by your Merchant Acquirer and then forwarded by us in a settlement file to your Merchant Acquirer to enable the process of transferring the applicable funds from one entity to another, including payments from your Customer to you, and also refunds from your bank to Customers;
· “Chargeback” means a Chargeable Transaction that is invalid or disputed by your Customer and is charged back by the Merchant Acquirer;
· “Commencement Date” means the relevant date(s) on which the Services commence which is usually:
i. in respect of the Opayo Payment Gateway Service, the date your Merchant Services Account number is notified to us and set-up for use; and
ii. in respect of the Cardholder Present Solution, the date we despatch the Terminals to you; and
iii. in respect of any other Service, the date we agree to provide that Service to you;
iv. or as otherwise notified to you by us from time to time;
· “Confidential Information” means all information (of whatever nature) disclosed by one party (“discloser”) to the other (“recipient”) which (i) is indicated to be confidential; or (ii) derives value to a party from being confidential; or (iii) would be regarded as confidential by a reasonable business person;
· “Consumer Credit Laws” means the Consumer Credit Act 1974 as extended or re-enacted from time to time and all subordinate legislation made under it;
· "Customer" means an individual, company or other entity which orders goods or services from you and where payment for such order is to be processed using the Services;
· “Customer Data” – shall mean the data, information or material provided, inputted or submitted by you or on your behalf into the Services, which may include data relating to your customers and/or employees;
· “Customer Personal Data” – has the meaning set out in Clause 16.6;
· “Data Controller” - means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
· “Data Processor” - a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Data Controller;
· “Data subject”; “data processor”; “personal data”; “process”; “processed”; or “processing” have the meanings given to them by the Data Protection Laws;
· “Data Protection Laws” - means all applicable EU laws and regulations governing the use or processing of Personal Data, including (where applicable) the European Union Directive 95/46/EC (until and including 24 May 2018), the GDPR (from and including 25 May 2018) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time;
· “Documentation” means any technical and user guides or similar material we make available for use with the Services from time to time (including via our website) whether in hard copy or electronic form;
· “Fees” means the fees payable by you to us for the provision of the Services as published on our website from time to time or as otherwise notified by us in accordance with this Agreement (including any Minimum Charges);
· “Fraud Detection Parties” means third parties selected by us to review the level of potential fraud risk associated with a Chargeable Transaction, for example the checking of the results of AVS (address verification) and CV2 (the 3 digit security code on the reverse of credit and debit cards);
· “Fraud Detection System” means a series of checks carried out by Merchant Acquirers and Fraud Detection Parties;
· “Fraud Screening Services” means risk or fraud detection and screening services (as described in our published documentation from time to time) including, where applicable, Premium Fraud Screening Services;
· “GDPR” - means EU General Data Protection Regulation 2016/679;
· “Hire Term” means the term of the provision of Terminal Hire (including the Initial Hire Term) determined in accordance with paragraph 6.1;
· “Initial Hire Term” means the minimum fixed period of Terminal Hire which as published on our website from time to time or which you sign up for;
· “Initial Services Term” means the minimum fixed period of the relevant Services as published on our website from time to time or which you sign up for;
· “Initial Term” means the Initial Services Term and/or the Initial Hire Term (as applicable) of this Agreement;
· “Introduced Merchant Acquirer” means the Merchant Acquirer that we work with to source Opayo Introduced Merchant Services
· "Logo” our logo which can be found at https://www.elavon.co.uk/resource-center/help-with-your-account/getting-started.html or such other logo that we indicate (from time to time) that you may use in accordance with paragraph 10.1;
· “Merchant Acquirers” means the financial institutions to which Chargeable Transactions are routed for authorisation, clearing and payment;
· “Merchant Services Account” a merchant account with the Introduced Merchant Acquirer that enables you to accept payments electronically;
· “Merchant Services Application Form” the application form made available by us to enable you to apply for a Merchant Services Account;
· “Minimum Charge” means the minimum monthly charge payable by you under this Agreement (if any) as published on our website from time to time or which you sign up for;
· “My Opayo” means a management portal containing data relating to your Transactions and such other information we make available from time to time;
· “Opayo” means:
i. If you are located in the Republic of Ireland: Elavon Financial Services DAC, a designated activity company registered in Ireland (Registration number 518442) trading as Opayo, with its registered address at Block F1, Cherrywood Business Park, Cherrywood, Dublin 18, D18 W2X7, Ireland.
ii. If you are located in the United Kingdom: Elavon Financial Services DAC (UK Branch) trading as Opayo, registered in England (Establishment number BR022122 with its registered address at Level 15, Citypoint, One Ropemaker Street, London.
We have other trading addresses. If you would like details of our other trading addresses in the UK, please contact us.
· “Payment Schemes” means those schemes that operate the clearing and settlement of payments, including payment card, transactions. In applicable jurisdictions (including the UK), financial institutions must be members of the appropriate scheme to acquire the applicable payment transactions (and issue payment cards and other instruments as applicable);
· “Payment Scheme Rules” means the relevant business rules that govern the issue of payment instruments;
· “PCI DSS” means the Payment Card Industry Data Security Standards published from time to time by the Payment Card Industry Security Standards Council and available at www.pcisecuritystandards.org;
· “Personal Data” – means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
· “Priority Support Services” means enhanced support services offered by us (as described in our published documentation from time to time);
· “Premium Fraud Screening Services” enhanced fraud detection services offered by us using selected Fraud Detection Parties (as described in our published documentation from time to time);
· “Processing” - means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction and “Process”, “Processed” and “Processes” shall be construed accordingly;
· “Privacy Notice” – means Opayo’s privacy notice posted on www.elavon.co.uk (or such other URL as Opayo may notify to you) and which may be amended by Opayo from time to time;
· “Recurring Transaction” means a repetitive periodic Transaction agreed in advance between you and your Customer;
· “Recurring Transaction Authority” means a Customer’s prior authority for you to process a Recurring Transaction;
· “Regulated Terms” means the agreement we issue to you which sets out details of the hire arrangement for the Terminal(s) in accordance with applicable Consumer Credit Laws;
· “Representatives” means employees, officers, sub-contractors and/or advisors;
· “Opayo European Payments” means (i) Opayo Introduced Merchant Services; and (ii) a facility to allow you to process Transactions via a specified European payment method (as described in our published documentation from time to time);
· “Opayo Introduced Merchant Services” the services described in paragraph 7 below;
· “Opayo Payment Gateway Service” means electronic commerce and/or cardholder not present payment gateway processing services that transmit Transaction data through the Opayo virtual terminal (as described in our published documentation from time to time);
· "Services" means any services to be provided by us pursuant to this Agreement as described in any documentation that we issue from time to time describing such services together with any additional services we agree to provide to you pursuant to this Agreement (where applicable including the Opayo Payment Gateway Service, Opayo Introduced Merchant Services, Opayo European Payments, Token Service, Priority Support Services, Premium Fraud Screening Services and/or the Cardholder Present Solution);
· “Supervisory Authority” - means an independent public authority which is established under applicable Member State law and which concerns itself with the Processing of Personal Data;
· “Term” means the term of this Agreement or the provision of the relevant Services (as applicable) determined in accordance with paragraph 13.1, including any Initial Term;
· “Terminals” means those payment card terminals and any related equipment manufactured by third parties that we have agreed to hire to you (including any replacement payment card terminals or components that we may provide to you in substitution of any originals) during the Hire Term;
· “Terminal Hire” means the hire to you of Terminal(s) by us in accordance with this Agreement;
· “Token” means unique identification information provided by us to you in relation to payment card information that you have asked us to retain as part of the Token Service;
· “Token Service” means the retention of Customer payment card information on your behalf for the specific purpose of enabling you to re-use that information in subsequent Transactions with that specific Customer (as described in our published documentation from time to time);
· “Transaction” an arrangement between you and your Customer to enter into a financial agreement in exchange for goods and/or services using a payment instrument; and
· “our website” means www.elavon.ie or www.elavon.co.uk or such other website we notify to you from time to time.
3. What are our obligations to you under this Agreement?
3.1. In consideration of you paying to us the Fees, we will provide the Services to you in an efficient and effective manner using due skill, care and attention and in accordance with the terms of this Agreement and applicable law and regulation.
3.2. Our ability to provide the Services to you may also be subject to the approval and acceptance of third parties, for example the bank, credit card acquirer or other third party providing merchant acquiring services to you and with which you may have an independent agreement. Any services which are supplied to you by a third party are the responsibility of that third party and you acknowledge that our ability to perform the Services may be impacted by that third party. We are not liable for any delay in or non-performance of the Services which is caused by such a third party.
3.3. The Opayo Payment Gateway Service provides a payment gateway which communicates with the relevant parties to a Transaction, for example, we capture the payment details provided by your Customers, we send these to your bank which sends the details to your Customer’s payment card issuer which authorises or declines the Transaction. Your bank sends the Transaction results back to us and we send the results to you and your Customer to confirm the results of the Transaction. We do not calculate the Transaction amounts or approve, issue, receive, possess or manage any payments or money; these are matters for you, your Customer, your bank and the relevant payment card issuer.
3.4. The Opayo Payment Gateway Service is Level 1 PCI DSS compliant, which sets out the industry standards for maintaining a secure environment. Further details about our compliance certificate can be found on our website at www.elavon.co.uk or provided to you upon reasonable request. We are responsible for securing all Customer Data which is in our possession and under our control and in accordance with paragraph 16 below.
3.5. As part of the Services, we will provide you with standard technical and account support as described in our Documentation. We may also offer you the opportunity to purchase Priority Support Services for an additional Fee. Priority Support Services may be subject to a separate service level agreement.
3.6. During the Term, we grant to you a non-exclusive, non-transferable licence to:
3.6.1. access and use any relevant Documentation; and
3.6.2. if you have purchased the OPAYO Payment Gateway Service, My Sage Pay, for the purpose of receiving the Services in accordance with this Agreement.
3.7. My Sage Pay is provided to help you manage and verify your Transactions and other account information. If you wish to use My Sage Pay, you are responsible for integrating with and maintaining your access to it. My Sage Pay is provided to you on an “as is” basis for your information and you are responsible for maintaining your own records in connection with your activities as a Merchant. On termination of this Agreement, we will have no obligation to retain, store or make available to you any data or information in connection with any of the Services and/or Transactions.
3.8. You may purchase or subscribe to Additional Services but if you choose to do so you must agree to the separate applicable terms and conditions presented to you by us or the third party for those Additional Services. If there is a conflict between any of the terms of this Agreement and the Additional Services terms, the Additional Services terms will apply in relation to your use of the Additional Service in question. You acknowledge and agree that we may collect any fees due for any Additional Services on behalf of the third party providing the Additional Services to you. Except where paragraph 12.3 applies, we are not responsible for any issue with any third-party technology, information and/or services and will not be liable for those issues. We may withdraw access to such third-party technology, information or services at any time without notifying you.
3.9. We may make integration kits or test environments and/or related advice available to you from time to time to assist you with integration to (and testing of) the Services. We are under no obligation to do this and provide these on an “as is” free of charge basis, so you agree that it is your responsibility to check their accuracy and suitability and to implement and maintain (in accordance with any updates or changes we notify on our website) your integration with the Services. You agree that any use is at your own risk and we are not liable for any omissions, errors or inaccuracies in any integration kits, protocols, test environments and/or related advice-
3.10. You should ensure that you use our most up to date protocols and algorithms when integrating with the Services. Without prejudice to our rights in paragraph 13.3, we may (in our absolute discretion) continue to make older protocols and algorithms available to you but these will not be supported by us and your continued use of any such protocols and algorithms is entirely at your own risk. We reserve the right to withdraw or to cease to permit integrations with the Services using any such older protocols and algorithms at any time. We suggest that you follow our then current integration guidance when integrating with our Services (including any recommended protocol settings or attributes) however, it is entirely your responsibility to assess and implement the most appropriate integration settings for your business.
3.11. As part of the Services, we may allow you to set up and use certain functionality, such as 3D Secure, or the processing of Recurring Transactions where you have an appropriate Merchant Services Account specifically for Recurring Transactions set up with your Merchant Acquirer (this is separate to your usual Merchant Services Account). Recurring Transactions can only be facilitated where you have a Recurring Transaction Authority from the Customer. You agree to provide us with any information we require to enable us to assist you in setting up and using any particular functionality we offer.
4. What are your obligations to us under this Agreement?
4.1. You will at all times comply with this Agreement, the Payment Scheme Rules, the PCI DSS, and any law or regulation applicable to your activities as a merchant and/or your use of the Services and/or Transactions, as well as our reasonable instructions from time to time in relation to your use of the Services.
4.2. During the Term and for such period as may be required afterwards for the purposes of this Agreement, you will open and maintain in your name a Merchant Services Account. You agree to provide us with accurate and up to date information in respect of your Merchant Services Account and your access and use of the Services. You acknowledge that we are entitled to rely on the information you provide to us or your Merchant Acquirer as accurate and up to date.
4.3. You will keep any log-in, account, passwords or other access information which we provide to you or which you create in respect of your access to or use of the Services and/or My Sage Pay secure and confidential and will not disclose them to any third party. You are responsible for all losses resulting from any unauthorised activity in connection with your account with us or your access to the Services and/or My Opayo.
4.4. You are responsible for applying adequate security measures to protect any data or information you access via, download or print from My Sage Pay. Except as expressly set out in this Agreement, you must not copy, download, disclose or make available to any third party any data from My Sage Pay or any Documentation for any purpose.
4.5. You agree to act with reasonable skill and care in connection with your activities as a merchant and/or your use of the Services and/or Transactions and not to do anything (or omit to do anything) which may damage or bring our name or business into disrepute. You agree that we may (although we are not under any obligation to) refuse to provide (or to cease providing) all or part of the Services or suspend the processing of any Transactions at any time if we reasonably suspect that you have failed to comply with this Agreement or that there might be fraudulent or illegal activity in connection with your use of the Services or your account with us.
4.6. Notwithstanding any information we may provide to you (whether via My Sage Pay or otherwise), you are responsible for maintaining your own records relating to the Services and Transactions and for reconciling these with your own bank account data and other accounting records.
4.7. You will obtain all necessary consents, authorisations and approvals from your Customers to enable us to provide the Services and perform our obligations to you under this Agreement.
4.8. You acknowledge and agree that you are solely responsible for the provision of all equipment, software, systems and telecommunications facilities which are required to enable you to receive the Services.
4.9. You acknowledge that we are a company incorporated and registered in England and that the Services are provided in compliance with applicable law and regulation in England. You are responsible for making your own assessment of the Services before choosing to receive them and for ensuring that the Services (and any specific functions or features we make available, for example, the functionality to apply surcharges) can be and are received and used by you in compliance with applicable law and regulation in the countries in which you operate. You are responsible for any fines or assessments that may result or other losses we may suffer from unauthorised or prohibited practices and/or Transactions as a result of your failure to comply with this paragraph 4.9.
4.10. You acknowledge the nature of the Opayo Payment Gateway Service and our role as described in paragraph 3.3 above and that we are entitled to rely on any Transaction information we receive as being accurate and error-free when performing the Services.
4.11. You are responsible for any Chargebacks or other charges made to you by third parties, such as a Merchant Acquirer, as a result of or in connection with your Transactions and merchant status. You acknowledge that Opayo has no visibility of such Chargebacks or other charges and cannot offer advice or assistance in this respect.
4.12. If we receive any complaints from your Customers, we will direct the Customer to you. You are responsible for any complaints with your Customers and you will work in good faith to promptly resolve any such complaints. If a Customer continues to contact us regarding your service, we will make reasonable attempts to discuss this with you but we reserve the right to (i) suspend provision of all or part of the Services to you until such time as we reasonably consider that the complaint is being resolved; or (ii) terminate provision of all or part of the Services to you.
4.13. You are responsible for securing all Customer Data in your possession and/or under your control and in accordance with paragraph 16 below.
4.14. You will immediately notify us if at any time:
4.14.1. You become aware of or reasonably suspect that there has been or could be any breach of Customer Data security or the PCI DSS or other applicable law or regulation; or
4.14.2. you become aware of any matter which might reasonably be considered to affect our ability to provide the Services in accordance with this Agreement, or the Payment Scheme Rules or applicable law or regulation; or
4.14.3. you become aware of any errors or inaccuracies affecting your account with us; or
4.14.4. you are in dispute with your Merchant Acquirer.
5. Fraud Screening Services and Token Service
Fraud Screening Services
5.1. All Fraud Screening Services are provided as described in our Documentation from time to time but include:
5.1.1. basic risk detection tools which you may configure to assist you in risk detection, for example, we offer AVS and CVV verification functionality. It is your responsibility to ensure these detection tools are properly configured for your own particular requirements and used;
5.1.2. basic information on Transaction risk scores provided via My Pay, where applicable; and
5.1.3. Premium Fraud Screening Services which may be purchased by you for an additional Fee.
5.2. You should take note of fraud scores and in particular high risk Chargeable Transactions reported to you using the Fraud Detection System. Our Fraud Detection System gives an indication of risk only and does not give you any guarantees against fraud. You should regularly review whether you wish to initiate any additional fraud screening checks of your own.
5.3. Fraud Screening Services are provided by Fraud Detection Parties. It is important that you contribute information about suspected or actual fraudulent Transactions to the Fraud Detection Parties' database. You are responsible for ensuring your Customers understand this. If you do not contribute information, we reserve the right to withdraw your access to the Fraud Screening Services as it is essential that users of this Service make contributions to enable the Service to remain effective.
5.4. We can only provide Fraud Screening Services to you if you have a fixed IP address. It is your responsibility to maintain that fixed IP address.
5.5. In addition to any other rights that we have under this Agreement, we may suspend the provision of the Fraud Screening Services at any time where we believe it is reasonable to do so (or where the Fraud Detection Party considers it reasonable to do so) in the following circumstances:
5.5.1. to protect the systems, software and services that operate or otherwise facilitate the Fraud Screening Services or to otherwise prevent any perceived security breach;
5.5.2. to protect our own, your or the Fraud Detection Party’s legal, regulatory or contractual position or to otherwise prevent any unlawful activity; or
5.5.3. where we are required to do so by law, regulation or applicable rule and if suspension is required beyond a reasonable period or the cause of the suspension is not capable of being remedied then we may terminate the provision of the Fraud Screening Services.
5.6. The Fraud Screening Services are provided “as is” without any warranty of any kind.
5.7. You acknowledge that deploying any other risk management techniques may be detrimental to the performance of the Fraud Screening Services.
5.8. You acknowledge and agree that the Fraud Detection Party is not:
5.8.1. responsible for the security of Customer Transaction data or any other information stored on your servers or any other party's servers other than subcontractors of the Fraud Detection Party solely to the extent Fraud Detection Party is liable for its own actions in respect of the same;
5.8.2. a party to any Transaction between the Customer and you and the Fraud Detection Party assumes no liability with respect to amounts due and owing for any such Transaction;
5.8.3. a party to the Agreement and that it shall not be receiving Customer data directly from you, but rather that Customer data from you will be transmitted to the Fraud Detection Party by us. As such, the Fraud Detection Party shall not be liable for our or your actions or inactions which would cause the Customer data not to be transmitted and received by the Fraud Detection Party correctly.
5.9. It is your responsibility to obtain the Customer’s consent at the time and point that the Customer attempts to make a purchase from you for the Fraud Detection Party to use the data for the delivery of the Fraud Screening Services.
5.10. You acknowledge that if our relationship with the Fraud Detection Party ends for any reason, then the provision of the Fraud Screening Services will also end.
5.11. On at least ninety 90 days prior written notice to you, we may modify the Fraud Screening Services where the Fraud Detection Party mandates such modification.
5.12. This paragraph 5 is subordinate to any applicable Payment Scheme Rules or rules of companies and financial institutions and to any applicable law. You will be bound to the terms and conditions to which the Fraud Detection Party is bound in its relations with any payment schemes and companies and financial institutions, should those terms and conditions affect the Fraud Screening Services. Accordingly, we reserve the right (at any time) to alter the terms and conditions of the Agreement to reflect any change(s) to the terms and conditions of the Payment Schemes and companies and financial institutions (to the extent they affect the provision of the Fraud Screening Services) upon providing you with written notice of such change(s). In the event that such change(s) result in a material change to the Fraud Screening Services or otherwise adversely affect the contractual arrangements between us in a material manner then you will be entitled to terminate the Fraud Screening Services upon providing us with 90 days prior written notice at any time.
5.13. Either party may terminate the Fraud Screening Services in accordance with any other provision of the Agreement or by giving to the other at least 90 days’ written notice, such notice not to expire before the last day of the Initial Term.
Token Service
5.14. In consideration of payment of the applicable Fee, we will provide you with the Token Service. You are responsible for obtaining the appropriate consent from your Customer for us to retain their payment card data to enable us to provide you with the Token Service.
5.15. We will not retain sensitive authentication data and, subject to paragraph 5.16, we will not give you access to the payment card information (we will merely provide you with Token information).
5.16. If you or we discontinue the Token Service for any reason at our sole discretion we may, following your reasonable request and subject to:
5.16.1. the written authorisation of your Merchant Acquirer and/or the applicable Payment Schemes as the case may be; and
5.16.2. you paying to us any outstanding Fees and any additional Fees we charge for this Service, transfer any payment card data to you or your new payment services provider that we have held on your behalf as part of the Token Service provided that you or your new payment services provider (as the case may be) hold applicable PCI DSS compliance validation from a PCI Security Standards Council certified Qualified Security Assessor and by making such a request you promise to us that you or your new payment services provider (as the case may be) holds the applicable PCI DSS compliance validation and you will provide us with that compliance validation certificate. You agree to fully indemnify us for any loss or damage that we may incur as a result of us transferring the payment card information to you under this paragraph 5.16. In the absence of any request by you under paragraph 5.16 within 21 days of your discontinuance of the Token Service we will have no further obligation to you in this respect.
5.17. If we agree to transfer data to you in accordance with paragraph 5.16, we will do so in a secure manner and in such format as we reasonably determine. You also agree to sign any additional documentation that we might require to confirm that we have transferred the payment card information to you and that confirms that from the point of transfer you are solely responsible for that card payment information.
6. Cardholder Present Solution
6.1. This paragraph 6 applies if we have agreed to supply you with the Cardholder Present Solution. If you are a business to which Consumer Credit Laws apply, then the Regulated Terms apply to you in addition to the terms and conditions set out in this paragraph 6.
6.2. In consideration of you paying to us the applicable Fees in accordance with paragraph 11, we will supply you with the Terminals for the Initial Hire Term (unless this Agreement is terminated earlier in accordance with its terms) and thereafter until this Agreement is terminated in accordance with its terms, such termination to take effect no earlier than the expiry of the Initial Hire Term.
6.3. Following the commencement of the Initial Hire Term, we will dispatch the Terminals to your address noted at the beginning of this Agreement or such other of your premises agreed by us using first class post or such other delivery method we approve from time to time. If we quote any dates for the delivery of Terminals, you agree that they are for guidance only and whilst we will aim to meet those dates, we will not be liable if we do not achieve those dates. On delivery of the Terminals, it is your responsibility to install the Terminals for use at the agreed premises in accordance with the installation guide and other documentation or instructions that we provide to you. You are responsible for ensuring that installation takes place promptly following delivery so that you are able to receive the full benefit of the Cardholder Present Solution during the Hire Term.
6.4. You agree only to use and operate the Terminals in accordance with any user guide and any other documentation or written instructions that we provide you with in relation to those Terminals from time to time whilst you continue to hire the Terminals and you will only use and store the Terminals in those premises you have previously notified to us in writing and which we have consented to.
6.5. The risk of loss, theft, damage or destruction of each of the Terminals passes to you on delivery to your premises. The Terminals remain at your sole risk for the full period during which the Terminals are in your possession, custody or control until such time as the Terminal is returned to us. During this period you must ensure that the Terminals are kept at all times safely and securely and maintained in good working order and that the Terminals, their components and component software are not altered, amended, disassembled, tampered or otherwise interfered with or otherwise accessed or used in any unauthorised way.
6.6. The Terminals at all times remain our or our licensors’ (as applicable) property and you have no right, title or interest in or to the Terminals (save the right to possession and use of the Terminals in accordance with this Agreement).
6.7. At your own expense, you will obtain and maintain comprehensive insurance for each of the Terminals to a value not less than their combined full replacement value against all usual risks of loss, damage or destruction by fire, theft or accident, and insurance against such other or further risks relating to the Terminals as may be required by law.
6.8. If any Terminal becomes stolen, lost, damaged or otherwise inoperable you will report it to us as soon as you become aware of it. Subject to paragraph 6.9, you will be responsible for paying to us our then current replacement or repair charges (as applicable) in respect of each Terminal which is stolen, lost, damaged or otherwise inoperable, and you will indemnify us from and against any loss, damage, costs and expenses and other liabilities we may incur as a consequence of us hiring the Terminals to you.
6.9. Where the Terminal fails as a result of any fault in its hardware or software and such failure is not as a result of your own or any third party’s (excluding the manufacturer’s) act or omission you should promptly return the faulty Terminal to us in accordance with our instructions and we will dispatch a replacement Terminal to you (new or refurbished). If, after we have received the Terminal we find that its failure was due to your own or any third party’s (excluding the manufacturer’s) act or omission, we reserve the right (at our discretion) to charge you for any repair of that Terminal or for the then current replacement cost. If you do not return the Terminal to us as instructed we will not be responsible to you in relation to your inability to use that Terminal and we also reserve the right to charge you the full replacement value of that Terminal.
6.10. It is your responsibility to have in place all necessary power and telecommunications devices, connections and third-party equipment and other requirements for the proper use and performance of the Terminals and the Cardholder Present Solution (including, for example, ensuring you have appropriate systems and Internet access and any other appropriate equipment as we advise you of from time to time) (“Service Infrastructure”). If you do not have in place and maintain the necessary Service Infrastructure, we will not be responsible to you for your inability to obtain the full benefit of the Cardholder Present Solution, or any part of it, whilst any part of the Service Infrastructure is unavailable.
6.11. You acknowledge that the Terminals are manufactured by a third-party and we do not warrant that the Terminals will be free from errors, faults or defects. Subject to your right to a replacement Terminal in paragraph 6.9 and as far as applicable law allows, the Terminals are provided to you “as is” without any condition or warranty of any kind, express or implied, including, any implied warranties of satisfactory quality, fitness for any particular purpose, compliance with description or sample and non-infringement of third party rights, provided that this does not exclude any implied warranties or conditions that (a) we have the right to hire the Terminals to you on the terms of this Agreement; and (b) you will enjoy quiet possession of the Terminals during the Hire Period (subject to our rights under this Agreement or applicable law).
6.12. We do not warrant that the Terminals will be capable of uninterrupted use. You acknowledge and agree that use of the Terminals is dependent on a number of third party reliances that are outside of our control (for example, the Service Infrastructure). You also acknowledge and agree that we will not actively notify you that your Terminal has lost connectivity to our payment processing system. Accordingly, we will not be responsible to you for your inability to use the Cardholder Present Solution and/or the Terminals as a result of: (i) the act or omission of any third party; or (ii) the Service Infrastructure; or (iii) for any other reason outside of our control.
6.13. You will permit us, or our authorised representatives, access to each of your premises where the Terminals are located to inspect, repair, maintain and/or remove those Terminals at all reasonable times. At our reasonable request you will promptly provide us with any assistance we require to benefit from this right.
6.14. If at any time you materially breach the terms of this paragraph 6 and/or fail to pay any Fees due to us for the Cardholder Present Solution, or any part of it, in accordance with paragraph 11, in addition to our other rights under this Agreement, we may:
6.14.1. suspend provision of the Cardholder Present Solution, or any part of it, until such time as the breach is remedied to our satisfaction and we will be entitled to charge you a reconnection fee for re-commencing provision of the Cardholder Present Solution, or any part of it, which you will pay in accordance with paragraph 11; or
6.14.2. terminate this Agreement in relation to the Cardholder Present Solution, or any part of it, immediately on written notice.
6.15. Where this Agreement expires or is terminated in relation to:
6.15.1. the Cardholder Present Solution; or
6.15.2. the Terminal Hire; or
6.15.3. the hire of only a certain number of Terminals, you must deliver those Terminals (which are subject to the expiration or termination) to us in accordance with our instructions at such location as we notify to you within the UK. You must ensure that all Terminals are delivered to us in good condition and repair.
6.16. If you do not return the Terminals to us in accordance with paragraph 6.15, we will be entitled to enter any premises where the Terminals are located to recover them without incurring liability to you or any third party and to invoice you for any charges we incur as a result of such recovery, which you will pay in accordance with paragraph 11.
6.17. In addition to your obligations under paragraph 6.15, if the agreement between us for the Cardholder Present Solution ends (or if the hiring of one or more of the Terminals ends) before the expiration of the Initial Hire Term then, without prejudice to our other rights and remedies, you will pay to us all sums that would have been due to us for the remainder of such Initial Hire Term and all costs incurred by us in recovering the Terminals from you.
6.18. In addition to our other rights under this Agreement (and, in particular our rights under paragraphs 6.14 and 6.16 above), if:
6.18.1. we have not received from you the total number of Terminals due to be returned to us within 7 days of the date we stop providing the Cardholder Present Solution to you (or of the date the Hire Term ends in relation to each of those Terminals); or
6.18.2. we receive Terminals that are not in good repair or which are otherwise defective (otherwise due to the fault of the manufacturer), then we will be entitled to invoice you and you will pay to us an amount equal to the then current replacement value of each of the Terminals:
i. we have not received within 7 days of the date we stop providing the Cardholder Present Solution to you; or
ii. we have not received within 7 days of the date the Hire Term ends for the applicable Terminals; or
iii. you do return to us but which are not in good repair or which are otherwise defective.
6.19. You acknowledge that discrepancies between payments taken via the Terminals and payments appearing in your Merchant Services Account may occur from time to time for a number of reasons, many of which are unrelated to the Cardholder Present Solution and/or the Terminals or are otherwise outside of our control. You should contact your Merchant Acquirer with any Transaction queries. It is also your responsibility to:
6.19.1. promptly verify that credit and debit card payments have appeared in your Merchant Services Account and to reconcile them with Transactions made via the Terminals; and
6.19.2. notify us of any potential discrepancy as soon as you become aware of it.
6.20. On notifying us of any potential discrepancy pursuant to paragraph 6.19.2, we will, where practicable, provide reasonable assistance to help you resolve the discrepancy in accordance with the standard support services we agree to provide to you under this Agreement. If you fail to notify us of a potential discrepancy within two weeks of its occurrence or if significant reconciliation efforts and/or ad hoc reports are required, we reserve the right to charge you additional professional services costs at our then current charge rates, which will be payable by you in accordance with paragraph 11.
6.21. Subject to the terms of this Agreement, we will transmit to your Merchant Acquirer for settlement all eligible Transactions to your Merchant Acquirer on a nightly basis or otherwise in accordance with any specific rules you have set up using the functionality within the Terminals (for example, you may, in accordance with the Terminal user guide and other documentation we provide to you, set shift markers via the Terminals to set a time during the day up to which Transactions for that day will be settled and any Transactions after that time are transferred to the next trading day). You acknowledge that where you set-up your own specific rules in relation to the settlement of Transactions, we will transmit to your Merchant Acquirer for settlement any eligible Transactions in accordance with those rules as soon as reasonably possible afterward. You understand that it is your Merchant Acquirer and not us that is responsible for settlement of Transactions.
6.22. You will ensure that:
6.22.1. only authorised and trained personnel use the Terminals and the Cardholder Present Solution;
6.22.2. receipts and cardholder information are stored, and subsequently destroyed, in a secure manner.
6.23. You are responsible for any unauthorised or fraudulent Transactions performed on the Terminals whilst the Terminals are in your possession or under your control.
6.24. You are responsible for your own PCI DSS self-assessment and any applicable legal, regulatory or other compliance requirements relevant to your own business activities and use of the Cardholder Present Solution (or any part of it).
6.25. We are responsible for ensuring the Terminals are compliant with applicable Merchant Acquirer standards and Payment Scheme Rules.
6.26. From time to time, we will remotely make available software updates for the Terminals to ensure continued compliance with such rules and standards. You must download any relevant updates to the Terminals as they become available or as we otherwise notify you. We will not be responsible for your delay or failure to download and install such updates.
6.27. Subject to paragraphs 12.2 and 12.3 below, our maximum responsibility and liability to you in relation to the supply of the Terminals whether in contract, tort (including negligence), breach of statutory duty, or otherwise will be limited to paying you an amount equal to the total amount of Fees you paid to us for Terminal Hire in the 12 months prior to the incident for which we are responsible.
6.28. Each party acknowledges that the allocation of risk and responsibility in this paragraph 6 is reasonable because it reflects:
6.28.1. that it is not within our control how, and for what purposes, you use the Terminals;
6.28.2. that the Terminals have not been specifically developed for you;
6.28.3. that while we follow good industry practice, it is not economically possible for us to exhaustively test the Terminals;
6.28.4. the amount of the Fees paid by you for the Terminal Hire;
6.28.5. that there are a number of alternative payment methods available to you; and
6.28.6. that you had a choice to use one of any number of alternative payment suppliers that provide similar services.
7. Opayo Introduced Merchant Services
7.1. This paragraph 7 applies only if we have agreed to supply you with Opayo Introduced Merchant Services. Merchant Services Accounts are provided and administered by the Introduced Merchant Acquirer as an authorised payments institution and not by Opayo. We do however offer Opayo Introduced Merchant Services where we assist you in applying for a Merchant Services Account with the Introduced Merchant Acquirer and liaise with the Introduced Merchant Acquirer on your behalf.
7.2. If you complete the Merchant Service Application Form and submit it to the Introduced Merchant Acquirer (or do so via us), you make a formal application for a Merchant Services Account. You agree to provide accurate information in your application for a Merchant Services Account and that we may rely on this information as being accurate when providing the Opayo Introduced Merchant Services or any related Services. Any information that you submit on the Merchant Service Application Form will be used in accordance with paragraph 16 and in accordance with the Introduced Merchant Acquirer’s terms and conditions which you should read carefully.
7.3. By completing the Merchant Service Application Form, you acknowledge and agree that, should your application be successful, you will be entering into a direct contractual relationship with (and agreeing to pay applicable fees) to the Introduced Merchant Acquirer (or its agent) for your merchant services as well as a separate direct contractual relationship with us for our own Services. Accordingly, you agree to comply with this Agreement and all of the Introduced Merchant Acquirer’s terms and conditions.
7.4. You should ensure that your Merchant Service Application Form is fully completed before you submit it to the Introduced Merchant Acquirer. You must immediately inform the Introduced Merchant Acquirer directly if you wish to amend the details contained in your Merchant Service Application Form.
7.5. The Introduced Merchant Acquirer reserves the right to reject any applications and, if you subsequently enter into a merchant services agreement with the Introduced Merchant Acquirer, it may terminate your merchant services agreement at any time in accordance with its terms and conditions. You understand that the Introduced Merchant Acquirer (not us) decides whether or not to approve your application and may terminate your Merchant Services Account in accordance with its own terms and conditions. If your Merchant Services Account is terminated for any reason the Opayo Introduced Merchant Services will also terminate automatically and you must immediately pay to us all Fees due in relation to Opayo Introduced Merchant Services for the remainder of the Initial Term. Termination of any Opayo Introduced Merchant Services will not affect the delivery of any other Services under this Agreement (which will continue unaffected unless a party terminates those Services as otherwise provided under this Agreement).
7.6. Our ability to provide Opayo Introduced Merchant Services is conditional upon you obtaining a Merchant Services Account and retaining it throughout the duration of the Opayo Introduced Merchant Services.
7.7. If your application for a Merchant Services Account is successful, the Introduced Merchant Acquirer will, in accordance with its terms and conditions, provide you with a Merchant Services Account and settle all funds, manage all Chargebacks, risk, fraud and financial adjustments in accordance with its terms and conditions. The Introduced Merchant Acquirer will also administer your Merchant Services Account directly and invoice you for all fees associated with that Merchant Services Account. Accordingly, it will be necessary for you to complete a second direct debit mandate (available from the Introduced Merchant Acquirer) which will apply to the Introduced Merchant Acquirer’s own fees.
8. Third party products or services
8.1. During the Term, we may from time to time introduce you to third party products or services which may be of interest to you, such as services allowing you to process Transactions with your Customers using additional payment methods. If we do this you agree that:
8.1.1. any third-party products or services are the responsibility of that third party;
8.1.2. we do not endorse or recommend the third party’s products or services and you should check whether they are suitable for your needs;
8.1.3. you will enter into a direct contractual relationship with the third party for the product or service subject to the third party’s terms and conditions and you may be liable to pay fees directly to them; and
8.1.4. we are not liable for the third party’s products or services or for any delay in or non-performance of the Services which is caused by such the third party or their products or services.
8.2. We may also from time to time use other organisations to help us provide all or part of the Services, including by subcontracting the provision of the Services to other organisations. Where we do this, we will take reasonable steps to ensure the suitability of those organisations.
9. Confidentiality
9.1. Subject to the following, each party will keep confidential all Confidential Information and only use it for the purpose of exercising or performing its rights and obligations under this Agreement.
9.2. Each party may disclose Confidential Information to its Representatives, provided that:
9.2.1. it makes such Representatives aware of the confidential nature of the Confidential Information and the terms of this paragraph 9; and
9.2.2. the recipient establishes and maintains adequate security measures to safeguard the Confidential Information from unauthorised access or use; and
9.2.3. the recipient remains liable to the discloser for any breach of this Agreement by its Representatives.
9.3. The provisions of paragraph 9.1 will not apply to information which:
9.3.1. is or becomes generally available to the public other than as a result of its disclosure by the recipient or its Representatives in breach of this Agreement; or
9.3.2. was available to the recipient on a non-confidential basis prior to disclosure by the other party; or
9.3.3. was, is or becomes available to the recipient on a non-confidential basis from a person who, to the recipient's knowledge, is not bound by a confidentiality agreement with the other party or otherwise prohibited from disclosing the Confidential Information to the recipient; or
9.3.4. was lawfully in the possession of the recipient before the Confidential Information was disclosed to it by the other party; or
9.3.5. is developed by or for the recipient independently of the Confidential Information disclosed by the discloser.
9.4. Nothing in this Agreement will restrict either party from disclosing any Confidential Information pursuant to a judicial or other lawful statutory or regulatory obligation, to the extent that such party is obliged to make such a disclosure. Where possible, the recipient will inform the discloser in advance that it is making such a disclosure.
9.5. All Confidential Information will remain the property of the discloser and no right or licence is granted in respect of the Confidential Information except as otherwise set out in this Agreement.
9.6. Each party will return to the other party and/or securely destroy all Confidential Information (including copies thereof) on written request from the other party subject to any legal or regulatory obligation to retain records and, if requested, will certify in writing (signed by a director of the party) that this has been done.
9.7. This paragraph 9 will remain in full force and effect notwithstanding termination of this Agreement for any reason.
10. Copyright and related rights
10.1. We or our licensors reserve all copyright, intellectual property rights and other rights throughout the world in the Services and to any information, idea, design, computer program, database, textual, graphical or other material comprised in the Services, or otherwise provided by us in relation to this Agreement or developed by us or on our behalf and to our Logo. This material may not be reproduced or copied by any means whether electronically or not without our prior written permission.
10.2. We grant to you a non-exclusive non-transferable right to display our Logo on your website for the duration of this Agreement (but we reserve the right to end this licence earlier at any time for any reason) only for the purpose of informing your Customers that you process your payments using Opayo.
10.3. You must use our Logo in accordance with our guidelines (that we publish from time to time). You must not alter our Logo or do (or fail to do) anything that could adversely affect our rights in the Logo or its value and you agree to immediately enter into any document necessary for the recording, registration or safeguarding our rights in the Logo. You also agree to tell us as soon as possible if you become aware of any infringement of our rights in our Logo. You agree to fully reimburse us for any loss or damage that we suffer as a result of any use by you of our Logo which is not in accordance with this Agreement.
10.4. Unless you inform us otherwise in writing on the commencement of this Agreement, you grant to us a non-exclusive non-transferable right to use your name and logo on our website and in our marketing or promotional material for the Term for the purpose of identifying you as a customer.
11. What are the terms of payment?
11.1. You agree to pay the Fees (plus VAT and any other taxes where applicable) and any other sums payable by you in accordance with this Agreement to us without deduction, withholding or set-off monthly in arrears within 14 days of the date of invoice, except for any Fees relating to Terminal Hire which you agree to pay: (i) (in relation to the Terminal set-up and configuration fee) on accepting this Agreement or on the Commencement Date of the Initial Hire Term, as notified to you by us; and (ii) (in relation to the monthly Terminal Hire fee) monthly in advance on the payment date agreed with us or within 14 days of the date of invoice. Fees may be subject to amendment from time to time and we will provide details of such amendment to you on our website or directly with a minimum of 30 days written notice.
11.2. Your obligation to pay Fees commences on the Commencement Date or in respect of certain Services (which you may ask us to provide after the Commencement Date) from the date we tell you about prior to those Services commencing. Where this date falls part way through a calendar month, you acknowledge that you must pay the whole monthly fee for that calendar month. Where this Agreement terminates part way through any calendar month you acknowledge that you must pay the whole monthly fee for that calendar month.
11.3. Some Services are limited to a Transaction threshold or other use limit. You agree that if you exceed any Transaction threshold or other use limit for the pricing plan that you have signed up for, your account will automatically be upgraded to the next higher pricing plan and you must pay the Fees associated with that upgraded pricing plan as detailed on our website or otherwise notified to you from time to time.
11.4. Unless agreed in writing with us, you agree to sign a direct debit mandate to allow the Fees and any amount owed by you to us to be debited directly from your bank account in accordance with the regulations imposed under the BACS scheme. You agree to keep such mandate in place until termination of this Agreement and all monies due to us have been paid in full.
11.5. We reserve the right to charge an additional nominal administration fee to you if you do not sign a direct debit mandate where requested by us to do so as per paragraph 11.4.
11.6. All invoices will be issued in and all payments are due in British Pounds Sterling or such other currency we accept from time to time.
11.7. We may raise and issue invoices electronically to you and you hereby consent to receive electronic invoices from us and:
11.7.1. you are responsible for ensuring that any digital signatures or electronic certificates issued alongside our electronic invoices are valid from the date that the invoice is issued to you. You may wish to verify this online at websites such as utimaco.com/signature-check or by any other method of your choosing; and
11.7.2. you are responsible for ensuring that your systems, processes and controls are VAT compliant to allow the receipt of electronic invoices in your member state; and
11.7.3. you are not permitted to tamper with or amend any electronic invoices we issue to you in anyway; and
11.7.4. if you receive an invoice from us that is illegible or a signature or certificate that is invalid you are required to notify us immediately.
11.8. When payment of any invoice or direct debit is overdue, we may:
11.8.1. suspend performance of the Services (or any part of them);
11.8.2. (except where the invoice or direct debit is incorrect) charge and recover interest from you on the sum of the outstanding invoice or direct debit calculated at a compound rate of two per cent per month from the due date until the date of full payment; and
11.8.3. where we have suspended performance of the Services charge a reconnection fee of £50 (or equivalent sum in our invoice currency) plus VAT or other applicable taxes to resume the Services.
11.9. If we are forced to take legal action against you to recover overdue payments, you shall be responsible for all costs and disbursements incurred by us on a full indemnity basis.
12. Our responsibility if something goes wrong
Your attention is specifically drawn to the following provisions.
12.1. Subject to paragraphs 6.27, 12.2 and 12.3 below, our maximum responsibility and liability to you our maximum responsibility and liability to you in relation to this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, will be limited to paying you an amount equal to the total amount of Fees you paid to us in the 12 months prior to the incident for which we are responsible.
12.2. Subject to paragraph 12.3, we will not be responsible for any of the following however caused and even if we knew or should have known there was a possibility you could experience the problem and in each case whether suffered by you directly or indirectly:
12.2.1. loss of profits, business, Customers, contracts, revenue, estimated savings, chargeable time or goodwill or wasted expenditure;
12.2.2. any interruption to your business (including interruption to Service) or loss of or damage to information or data, however that interruption, loss or damage is caused;
12.2.3. loss or damage suffered by you which we could not have reasonably known about at the time you entered into this Agreement;
12.2.4. loss or damage you suffer as a result of using any third party products or services;
12.2.5. loss or damage you suffer as a result of our suspension or termination of the Services (or any part of them) in accordance with the provisions of this Agreement; and
12.2.6. loss or damage you suffer as a result of using the Services other than as described in the relevant Documentation or as otherwise described on our website.
Except as set out in this Agreement, all warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from this Agreement. We recommend that you consider obtaining insurance cover if you believe that you could experience anything that we have told you that we will not be responsible for.
12.3. Nothing in this Agreement will prevent or limit either your or our liability for:
12.3.1. a party’s own fraud or fraudulent misrepresentation;
12.3.2. death or personal injury arising out of your or our negligence (as applicable); or
12.3.3. any legally binding promise which is implied by law that we can provide the Service to you or that you can use the Service without interference which cannot be excluded or limited under applicable law.
12.4. Each party acknowledges that the allocation of risk and responsibility in this Agreement is reasonable in all circumstances because it reflects:
12.4.1. that it is not within our control how, and for what purposes, you use the Services;
12.4.2. that we have not developed the Services specifically for you;
12.4.3. that there are a number of alternative similar services available to you;
12.4.4. you had a choice to use one of any number of alternative payment suppliers that provide similar services;
12.4.5. that the processing of Transactions via the Internet involves specific risks which are insurable only to a limited extent and this may particularly be the case for loss/damage in connection with unavailability of service;
12.4.6. that while we follow good industry practice, it is not economically possible for us to exhaustively test the software that supports the Services; and
12.4.7. the amount of the Fees paid by you for the Services.
12.5. This paragraph 12 will remain in full force and effect notwithstanding termination of this Agreement for any reason.
13. How long does this Agreement last and how can it be terminated?
13.1. This Agreement will commence on the Commencement Date and will continue in force for the Initial Term and thereafter unless terminated in accordance with any other provision of this Agreement or by either party giving to the other at least 30 days’ written notice to terminate the Agreement, provided that the earliest that such notice will take effect is expiry of the Initial Term unless you have agreed with us to take any applicable Services for a longer period, in which case you may not terminate the Agreement in respect of those particular Services until after the expiry of the relevant period by providing us with 30 days’ written notice of termination.
13.2. Except where an application is made to court, or an order is made, for the appointment of an administrator or an administrator is appointed over the other party (or something similar happens), this Agreement will automatically (i.e. without either party having to tell the other) and immediately end without refund if either party (i) becomes bankrupt (or something similar happens); or (ii) is not able to pay its debts; or (iii) becomes insolvent (or something similar happens). In those circumstances neither party will have any further obligation to the other under this Agreement except that any monies due from either party to the other shall become immediately due and payable. For the avoidance of doubt, any transfer by us of our business and therefore, this Agreement in accordance with paragraph 18.3, shall not trigger any automatic termination under this paragraph 13.2.
13.3. Notwithstanding any other rights or remedies we may have, we may terminate this Agreement (or any part of it) or suspend the Services (or any part of them) with immediate effect following written notice to you if:
13.3.1. you fail to pay any Fees on the due date for payment and they remain unpaid at least 7 days after being notified by us to make such payment; or
13.3.2. the provision of the Services causes us or our affiliates to be in violation of any Payment Scheme Rule, the PCI-DSS or any applicable law or regulation; or
13.3.3. you commit a material breach of this Agreement (which includes any breach of the provisions of paragraphs 9, 10 or 11), which if capable of remedy, has not been remedied to our reasonable satisfaction within 14 days of our written notice to do so, or you persistently breach any of the terms of this Agreement; or
13.3.4. you do (or omit to do) anything which does or may reasonably be expected to put us in breach of any Payment Scheme Rules, the PCI-DSS or applicable law or regulation; or
13.3.5. you fail to adopt the most up to date protocols and algorithms or to comply with our current integration guidance (including any recommended protocol settings or attributes) in relation to your integration with the Service within any timescales that we notify to you from time to time; or
13.3.6. we reasonably suspect or have evidence that there might be fraudulent or illegal activity in connection with your use of the Services or your account with us; or
13.3.7. we consider such suspension or termination to be reasonably necessary to safeguard the security of the Services and/or its users; or
13.3.8. the Introduced Merchant Acquirer or any other bank, credit card acquirer or other third party with which you have a merchant agreement declines to offer or continue to provide merchant services for any reason or you are investigated by the Introduced Merchant Acquirer or any other bank, credit card issuer or other third party under its Payment Scheme Rules or you have failed to comply with those Payment Scheme Rules.
13.4. Notwithstanding any other rights or remedies you may have, you may terminate this Agreement (or any part of it) with immediate effect following written notice to us if we commit a material breach of this Agreement, which is capable of remedy, has not been remedied to your reasonable satisfaction within 14 days of your written notice to us to do so, or we persistently breach any of the terms of this Agreement.
13.5. Where we have stopped providing the Services pursuant to paragraph 13.3 we may at our sole discretion agree to recommence the Services at any time following your request and subject to such terms and conditions that we may specify from time to time.
13.6. On termination for any reason:
13.6.1. all outstanding Fees will become immediately due and payable by you;
13.6.2. all licences granted under this Agreement will immediately terminate;
13.6.3. you must stop use of our Logo and no longer refer to yourself as an Opayo merchant and you must return to us all information, sales, marketing and other materials and documents that we have provided to you;
13.6.4. we will stop using your logo and no longer refer to you as an Opayo merchant and we will return to you all information, sales, marketing and other materials and documents that you have provided to us and that is in our possession; and
13.6.5. we may agree to provide reasonable assistance to you in any handover to a new service provider, subject to your payment of our then current charges for such assistance.
13.7. Termination of this Agreement will not prejudice any of the parties' rights and remedies which have accrued as at termination and any provisions which expressly or by implication survive termination will continue in full force and effect.
14. Service adjustments
From time to time we may adjust the content and interfaces of the Services, make changes to the Services which are necessary to comply with any applicable law or regulation or Payment Scheme Rule, or make changes which do not materially affect the nature and quality of the Services. If such adjustments or changes lead to a change in the software, interfaces or operating procedures, we will notify you as soon as reasonably practicable via our website or other notification method we consider appropriate given the nature of the changes.
15. Service availability
15.1. Whilst we aim to provide continuous access to the Services unfortunately, given the nature of the Services, we cannot guarantee that they will be uninterrupted or error free.
15.2. Wherever possible, we will provide advance warning (for example, on our website) of any known or planned interruptions and we will try to ensure any interruption is kept as brief as possible.
15.3. If circumstances happen beyond our reasonable control, we will not be liable for any failure to perform our obligations under this Agreement because of those circumstances, and we will be excused from that failure for so long as those circumstances continue. Interruptions caused by factors outside our control may include: failure of our or your internet service provider, a distributed denial of service attack (where hackers overload networks with data in an effort to disable them) or an issue with your Merchant Acquirer.
16. What we will do with your details, Customer Data and Data Protection
Information you provide to us (excluding Customer Data)
16.1. We will use any information you provide us under this Agreement (excluding Customer Data) to:
16.1.1. provide the Services and manage and administer your use of the Services;
16.1.2. fulfil our contractual obligations under this Agreement;
16.1.3. liaise with regulators, banks, Payment Schemes, law enforcement agencies (including the police) and Fraud Detection Parties;
16.1.4. (subject to paragraph 16.4) contact you (not your Customer) to see if you would like to take part in our customer research;
16.1.5. (subject to paragraph 16.4) contact you (not your Customer) about other products and services which we think you will be interested in; and
16.1.6. otherwise in accordance with our privacy policy on our website.
We will always try to speak to the relevant person in your organisation. We may contact you directly or use other organisations which we have hired to contact you for us.
16.2. We may disclose information to other companies in the Elavon Financial Services DAC group of companies, our contractors, and other organisations for example, we may disclose information to:
16.2.1. Elavon Financial Services DAC (which owns us);
16.2.2. organisations which we use to help us send communications;
16.2.3. law enforcement agencies and Fraud Detection Parties;
16.2.4. third parties (if any) used by us to perform our obligations to you under this Agreement;
16.2.5. any other person in order to meet any legal obligations on us, including statutory or regulatory reporting;
16.2.6. the Payment Schemes;
16.2.7. your Merchant Acquirer; and
16.2.8. your Customer’s issuing bank.
16.3. If you provide us with information which contains Personal Data we will process that data in accordance with applicable data protection legislation and you agree and authorise us to use it as described in paragraphs 16.1 and 16.2.
16.4. If at any time you do not want us to use your Personal Data in the manner described at paragraphs 16.1.4 (customer research) or 16.1.5 (information about other products or services), please call us on 0191 313 0299 or email us at opayosupport@elavon.com.
16.5. In relation to your account with us, we will liaise only with your named contact or an alternative contact provided by your named contact. It is your responsibility to let us know of any changes to your named contact.
Data Protection
16.6. For the purposes of this Agreement, the parties agree that you are the Data Controller in respect of Personal Data contained within Customer Data (“Customer Personal Data”) and as Data Controller, you have sole responsibility for its legality, reliability, integrity, accuracy and quality.
16.7. You warrant and represent that:
16.7.1. you will comply with and will ensure that your instructions for the Processing of Customer Personal Data will comply the Data Protection Laws;
16.7.2. you are authorised pursuant to the Data Protection Laws to disclose any Customer Personal Data which you disclose or otherwise provide to us regarding persons other than yourself;
16.7.3. you will where necessary, and in accordance with the Data Protection Laws, obtain all necessary consents and rights and provide all necessary information and notices to Data Subjects in order for:
16.7.3.i.1. you to disclose the Customer Personal Data to us;
16.7.3.i.2. us to Process the Customer Personal Data for the purposes set out in this Agreement; and
16.7.3.i.3. us to disclose the Customer Personal Data to: (a) our agents, service providers and other companies within the Elavon DAC group of companies; (b) law enforcement agencies; (c) any other person in order to meet any legal obligations on us, including statutory or regulatory reporting; and (d) any other person who has a legal right to require disclosure of the information, including where the recipients of the Customer Personal Data are outside the European Economic Area.
16.8. To the extent that Opayo Processes any Customer Personal Data, the terms of Exhibit A shall apply and the parties agree to comply with such terms.
16.9. Where, and to the extent we Process your Personal Data as a Data Controller in accordance with our Privacy Notice, we shall comply with all Data Protection Laws applicable to us as Data Controller.
16.10. You agree that we may record, retain and use Customer Data generated and stored during your use of the Service (including Customer Personal Data, which we shall Process as Data Controller as set out in our Privacy Notice on the basis of our legitimate business interests), in order to:
16.10.1. deliver advertising, marketing (including in-product messaging) or information to you which may be useful to you, based on your use of Services;
16.10.2. carry out research and development to improve our, and our Affiliates’, services, products and applications;
16.10.3. develop and provide new and existing functionality and services (including statistical analysis, benchmarking and forecasting services) to you and other Opayo customers;
16.10.4. provide you with location based services (for example location relevant content) where we collect geo-location data to provide a relevant experience,
provided that Opayo shall only record, retain and use the Customer Data and/or Process
Customer Personal Data on a pseudonymised basis, displayed at aggregated levels, which will not be linked back to you or to any living individual. If at any time you do not want us to use Customer Data in the manner described in this clause 16.10, please contact us at the email address set out in the Privacy Notice.
17. Dispute resolution
17.1. Should a dispute or other disagreement arise between us and you, we each agree to promptly raise the matter internally to account managers for resolution. If the account managers are unable to resolve the matter within 14 days of being requested to do so, we will each escalate the matter to senior managers for resolution who will attempt to resolve the dispute within a further period of 30 days (or such longer period as they may agree). If the senior managers are unable to resolve the matter within of the aforementioned timescales having being requested to do so, we will each escalate the matter to a director (or their nominee). The directors (or their nominees) will then in good faith attempt to resolve the matter within a further period of 30 days (or such longer period as they may agree).
17.2. Where the matter has not been resolved following the procedure in paragraph 17.1, we each agree to seek to resolve the matter in good faith via a suitable alternative dispute resolution (“ADR”) procedure. If we are unable to mutually agree a suitable form of ADR after a period of 30 days from the date upon which either party sought to resolve the matter via ADR, either party is free to pursue alternative remedies.
17.3. No party may commence any court proceedings in relation to any dispute arising out of this Agreement until it has attempted to settle the dispute in accordance with this paragraph 17, except where a party seeks interim injunctive relief or to issue a claim within an applicable limitation period.
18. What else do you need to know?
18.1. In this Agreement:
18.1.1. a reference to a statute, statutory provision or subordinated legislation is a reference to it as it is in force from time to time, taking account of any amendment or re-enactment and includes any statute, statutory provision or subordinate legislation which it amends or re-enacts;
18.1.2. any reference to the singular will include the plural and vice versa.
18.1.3. any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and will not limit the sense of the words preceding those terms; and
18.1.4. the headings are for convenience only and shall not affect the construction of these terms.
18.2. If there is any conflict between the following documents (or parts thereof), the following rules of precedence will apply to the extent of the conflict only:
18.2.1. this Agreement and any Documentation: this Agreement will prevail;
18.2.2. paragraph 6 (Cardholder Present Solution) (if applicable) and any other terms of this Agreement: paragraph 6 will prevail; and
18.2.3. the Regulated Terms (if applicable) and paragraph 6: the Regulated Terms will prevail.
18.3. It is important to us to have a direct relationship with you so you will not transfer this Agreement to anyone else. We may transfer this Agreement to another organisation which is part of the group of companies of which we are a member.
18.4. Any dates quoted for the provision of the Services are for guidance only and whilst we aim to meet those dates, we will not be liable if we don’t achieve them.
18.5. Any notice required to be given under this Agreement, will be in writing and will be sent by pre-paid first class post or email, to the party required to receive the notice at the address for that party above or as otherwise previously specified by that party by notice in writing to the other party. Any notice will be deemed to have been duly received if sent by: (i) pre-paid first class post or recorded delivery, 72 hours after posting; or (ii) email on actual receipt by the recipient party
18.6. We will have no liability to you under this Agreement if we are prevented from or delayed in performing our obligations under this Agreement, or from carrying on our business, by acts, events, omissions or accidents beyond our reasonable control.
18.7. From time to time we may modify this Agreement by notifying you by email or on our website that it has been modified. If you do not agree with those modifications, please contact us as soon as possible. By continuing to use the Service after such notifications, you indicate your acceptance of those modifications.
18.8. If either of us fails or delays the exercise of any rights or remedies under this Agreement, we will not be deemed to have given up those rights or remedies in any way.
18.9. If a court or similar body decides that any wording in this Agreement is invalid or unenforceable, that decision will not affect the rest of this Agreement, which will remain binding on both of us. However, if the wording that is invalid or unenforceable can be made valid and enforceable by deleting part of it, we will both treat the wording as if it is deleted, so that the remainder of the wording in question becomes valid and enforceable.
18.10. Nothing in this Agreement will give anyone who is not a party to this Agreement any right or benefit under it pursuant to the Contracts (Rights of Third Parties) Act 1999 or otherwise. This means that only you and we can benefit from the rights in this Agreement.
18.11. This Agreement is the entire agreement between you and us with respect to your use of the Services, and supersedes any previous agreements or understandings and all other documentation, information and other communications (in each case whether spoken or written) between both parties with respect to the Services. Each of us acknowledge that, in entering this Agreement, we have not relied on, and will have no right or remedy in respect of, any statement or assurance (whether made negligently or innocently) other than as expressly set out in this Agreement. No party shall have any claim for innocent or negligent misrepresentation based upon any statement in this Agreement. Nothing in this paragraph will limit or exclude any liability for fraud.
18.12. If you are located in the Republic of Ireland, this Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with Irish law. Subject to paragraph 17, the parties irrevocably agree that the Irish Courts have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims). If you are located in the United Kingdom, this Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with English law. Subject to paragraph 17, the parties irrevocably agree that the English Courts have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).
18.13. This Agreement is drafted in the English language. If this Agreement is translated into any other language, the English language text which can be found here www.elavon.co.uk will prevail. Any notice given under or in connection with this Agreement will be in the English language. All other documents provided under or in connection with this Agreement will be in the English language. If such document is translated into any other language, the English language text will prevail.
Exhibit A
Data Protection
1. Interpretation
1.1. Where there is any inconsistency between the terms of this Exhibit A and any other terms of this Agreement, the terms of this Exhibit A shall take precedence.
2. Processing of Customer Data
2.1. During the term of this agreement we warrant and represent that we:
2.1.1. shall comply with the Data Protection Laws applicable to us whilst such Customer Data is in our control;
2.1.2. when acting in the capacity of a Data Processor, shall only Process the Customer Data:
2.1.2.1. as is necessary for the provision of the Services under this Agreement and the performance of our obligations under this Agreement; or
2.1.2.2. otherwise on your documented instructions.
2.2. We agree to comply with the following provisions with respect to any Personal Data Processed for you in connection with the provision of the Service under this Agreement.
3. Obligations of Opayo
3.1. Opayo shall:
3.1.1. taking into account the nature of the Processing, assist Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests from individuals for exercising Data Subjects’ rights; and
3.1.2. taking into account the nature of the Processing, and the information available to it, provide reasonable assistance to Customer in ensuring compliance with its obligations relating to:
3.1.2.1. notifications to Supervisory Authorities;
3.1.2.2. prior consultations with Supervisory Authorities;
3.1.2.3. communication of any breach to Data Subjects; and
3.1.2.4. privacy impact assessments.
4. Personnel
4.1. Opayo shall:
4.1.1. take reasonable steps to ensure the reliability of any personnel who may have access to the Customer Data;
4.1.2. ensure that access to the Customer Data is strictly limited to those individuals who need to know and/or access the Customer Data for the purposes of this Agreement; and
4.1.3. ensure that persons authorised to Process the Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.2. If so required by Data Protection Laws, Opayo shall appoint a data protection officer and make details of the same publicly available.
5. Security and Audit
5.1. Opayo shall implement and maintain appropriate technical and organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Customer Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in clause 5.3.
5.2. Subject to any existing obligations of confidentiality owed to other parties, we shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by us.
5.3. Opayo operates, maintain and enforce an information security management programme (“Security Program”) which is consistent with recognised industry best practice. The Security Program contains appropriate administrative, physical, technical and organisational safeguards, policies and controls in the following areas:
• Information security policies
• Organization of information security
• Human resources security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• System acquisition, development and maintenance
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity management
• Legislative, regulatory and contractual compliance
6. Data Breach
6.1. Opayo shall notify you if we become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data arising from any act or omission of Opayo or its sub-processors.
7. Transfer of Personal Data outside the EEA or the United Kingdom
7.1. You expressly agree that we may transfer Customer Data within the Elavon DAC group of companies on the terms of its Master Data Processing and Transfer Agreements, which incorporate the European Commission’s standard contractual clauses.
7.2. You acknowledge that the provision of the Service may require the Processing of Personal Data by sub-processors in countries outside the EEA or the United Kingdom. We shall not transfer Personal Data outside the EEA or the United Kingdom to a sub-processor where such transfer is not subject to: (a) an adequacy decision (in accordance with Article 45 of the GDPR); or (b) appropriate safeguards (in accordance with Article 46 of the GDPR); or (c) binding corporate rules (in accordance with Article 47 of the GDPR), without your prior written consent.
8. Return and deletion
8.1. At your option, Opayo shall delete or return all Customer Data to you at the end of the provision of the Services and delete all existing copies of Customer Data unless we are under a legal obligation to require storage of that data or we have another legitimate business reason for doing so.
9. Use of Sub-Processors
9.1. Customer agrees that Opayo has general authority to engage third parties, partners, agents or service providers, including its Affiliates, to Process Personal Data on Customer’s behalf in order to provide the applications, products, services and information Customer has requested or which Opayo believes is of interest to Customer (“Approved Sub-Processors”). Opayo shall not engage a sub-processor to carry out specific Processing activities which fall outside the general authority granted above without Customer’s prior specific written authorisation and, where such other sub-processor is so engaged, Opayo shall ensure that the same obligations set out in this Addendum shall be imposed on that sub-processor.
9.2. Opayo shall be liable for the acts and omissions of its Approved Sub-Processors to the same extent Opayo would be liable if performing the services of each Approved Sub-Processor directly under the terms of this Exhibit A.
ELAVON FINANCIAL SERVICES DAC, trading as Opayo. Registered in Ireland – Company Registration No. 418442. Registered Office at: Block F1, Cherrywood Business Park, Cherrywood, Dublin 18, D18 W2X7, Ireland. VAT Number: IE9568650O.
ELAVON FINANCIAL SERVICES DAC (UK Branch), trading as Opayo. Registered in England and Wales – Establishment No. BR022122. Registered Office at Level 15 City point One Ropemaker Street, London, EC2Y 9AW. VAT Number: GB907955293.