Version: 10th of Jan. 2022
As used in this PCI Proxy Service Agreement (“Agreement”), the following terms shall have the meanings set forth below:
The subject of the Agreement is the usage of Datatrans ’PCI Proxy Services pursuant to this Agreement and subject to the conditions of the Service Package chosen by the Counterparty.
The following components form the contractual agreement between Datatrans and the Counterparty: (i) this Agreement and (ii) Datatrans’ PCI Proxy “General Contract Terms”
The Counterparty represents and warrants that it has implemented state of the art technical and organizational measures to safeguard data, including personal data.
The Counterparty represents and warrants that it treats access data (i.e. the credentials to access the Services) and any further information provided under this Agreement as confidential information. Such information shall be protected against loss, disclosure and unauthorized access by third parties.
The Counterparty further represents and warrants to fully comply with the PCIDSS during the term of this Agreement.
The Counterparty also represents and warrants that integrated Receivers shall -at all the time - fully comply with the PCI DSS.
The Counterparty procures that its Receivers disclose to Datatrans their annual PCI DSS Certificate not later than ten (10) days after the date of the issuing date or anytime upon request by Datatrans
If such PCI DSS Certificate will not be provided to Datatrans as stipulated in the above paragraph, Datatrans reserves the right to cease the provision of Services to the affected Receiver until such documentation has been provided to Datatrans. The Counterparty procures that the correct type of certification is secured and disclosed to Datatrans by each and any of its Receivers according to the PCI DSS requirements. Datatrans may at its own discretion notify the respective Receiver directly in case of Receiver’s non-compliance with the PCI DSS.
The Counterparty informs Datatrans immediately if one of its own Receivers has lost its PCI DSS compliance or if there is evidence or other indications that may question the PCI DSS compliance of such Receivers.
The Counterparty further represents and warrants that it integrates and uses the Services of Datatrans only in accordance with the valid technical specifications available on Datatrans’ PCI Proxy website. The Counterparty may not use or access any Service unless it abides by all the terms in this Agreement.
Datatrans’ Show API can display individual credit card numbers as required. The Counterparty ensures that the Show API is implemented according to Datatrans’ documentation and the use of this functionality takes place in compliance with the PCI DSS. The Counterparty ensures that the user administration of the Show API is fully compliant with all requirements of the PCI DSS at any time, including but not limited to requirement 8 of the PCI DSS. The Counterparty guarantees that the user administration of the Show API and the access to the script is treated strictly confidential at any time, is permanently protected against unauthorized access through state of the art technical and organizational measures and that these measures are assessed and amended periodically. Datatrans may at its own discretion deactivate the Show API functionality if suspicious activities have been identified, the security and/or the compliance with the PCI DSS is endangered or pre-defined block limits of the system have been reached. Datatrans informs the Counterparty immediately about such deactivations. The Counterparty is liable for any abuse of the Show API and its user administration. Datatrans liability arising from the use of the Show API is fully excluded to the maximum extent possible according to the applicable law.
Subject matter of these General Contract Terms are the PCI Proxy Service Packages and/or Services ordered of Datatrans AG, Kreuzbühlstrasse 26, 8008 Zürich, Switzerland. The Service Packages and Services of Datatrans are exclusively directed at legal persons.
These General Contract Terms can be accessed, saved, and printed under the following link.
Contractual terms and conditions deviating from the General Contract Terms, namely also those which the Counterparty declares to be applicable together with the acceptance of the Agreement, shall only be valid if and insofar as they have been expressly accepted by Datatrans in writing.
The General Contract Terms in their valid version at the time of the purchase of Services are applicable.
These General Contract Terms are concluded with Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland (Datatrans) and you, as the direct contract partner that integrates and uses the Service Packages and/or Services (Counterparty).
To conclude a contract with Datatrans, the Counterparty must register a User Account within the “Get production ready“ section on Datatrans' PCI Proxy Dashboard.
The Counterparty and its representative registering the User Account confirm that such representative is duly authorized to register a User Account on behalf of the Counterparty and to bind the Counterparty to these General Contract Terms and any other agreement entered into by the Parties. Datatrans may request additional information at its sole discretion, including but not limited to verify the authorization to duly represent the Counterparty by a consent of the board or any other document deemed appropriate by Datatrans, at any time during the term of these General Contract Terms to assess the risk associated with the Counterparty’s business. Failure to provide such information may result in suspension or termination of the Counterparty’s User Account.
The Counterparty warrants to keep the information in its User Account current and correct at any time. Any changes affecting the Counterparty, its business activity, including the Counterparty being subject of any voluntary or involuntary bankruptcy or insolvency application, petition or proceeding or any other bankruptcy proceeding, if there is an adverse change in Counterparty's financial condition, if there is a planned or anticipated liquidation or substantial change in the basic nature of Counterparty's business, if Counterparty transfers or sells 25% or more of its total assets, or there is any change in the control or ownership of Counterparty's business or parent entity, if there is a change in the regulatory status of Counterparty's business or Counterparty's business has been notified that it is the subject of an investigation or enforcement action by a regulator or law enforcement, or Counterparty receives a judgment, writ or warrant of attachment or execution, lien or levy against 25% or more of its total assets, or any other relevant information, must be promptly notified to Datatrans. The failure to do so may result in suspension or termination of the Counterparty’s User Account.
The registration of a User Account is required to order Service Packages or Services.
A binding order is only triggered once the Counterparty or its representative has chosen a service package, entered all of the data required pursuant to Clause 3 of these General Terms and Conditions, acknowledged the Agreement and clicked on the button “Enable production mode”. Until the Counterparty clicks this button, it may change the chosen package non-bindingly. By clicking the button “Enable production mode”, the Counterparty gives its consent to Datatrans for the conclusion of a contract.
Upon reception of the binding order of the Counterparty by Datatrans, an automatically generated email will be sent to the Counterparty to confirm the reception of the order (Confirmation of Receipt). The Confirmation of Receipt will consist of information on the ordered Service Package or Services and the relevant documents of the Agreement. The Confirmation of Receipt does not automatically imply the conclusion of the agreement.
Datatrans reserves the right to accept or decline the order. Datatrans is not obligated to conclude a contract based on an order. An order can be cancelled or rejected in particular if there is a violation of these General Contract Terms or a corresponding suspicion. Such a case exists particularly if the Counterparty has not paid for previous orders. The Counterparty will be informed about cancellations and refusals by email.
The Agreement is concluded only upon Datatrans’ explicit confirmation of acceptance (i) by sending the Counterparty an invoice, (ii) by confirming the enablement of the Service Package or Services in the Counterparty’s User Account, or (iii) by enabling the Counterparty’s User Account for the Service Package or the Services without confirmation.
The Service Package or Services chosen by the Counterparty and provided by Datatrans are described in the current product documentation at the time of conclusion of the contract. Datatrans is entitled to adapt its Service Packages or Services, including software and connections, inter alia due technological advancements, changing or new requirements of Financial Service Providers or the PCI DSS provided that the functionality of the contractually agreed Service Packages or Services will be preserved. Datatrans will provide the Counterparty with advance notice of such changes within a reasonable period of time prior to the changes.
Datatrans uses reasonable endeavours to maintain the availability of the Services to the Counterparty but does not guarantee 100% availability. Particularly, downtime caused directly or indirectly by any of the following is not considered a breach of these General Contact Terms:
The Counterparty is obliged to report functional failures, malfunctions or impairments of the Services immediately and as precisely as possible to Datatrans.
Datatrans may refuse, condition, or suspend any transactions that it believes:
If Datatrans suspects or knows that the Counterparty is using or has used the Services for unauthorised, fraudulent, or illegal purposes, Datatrans may share any information related to such activity with the appropriate financial institution, regulatory authority, or competent law enforcement authority consistent with its legal obligations. Such information may include information about the Counterparty, its User Account, its customers, and transactions made through its use of the Services.
Datatrans is responsible for the operation and maintenance of the Datatrans Platform in accordance with the PCI DSS.
Datatrans guarantees uninterrupted maintenance of its own PCI DSS certification. The Counterparty can inspect Datatrans’ PCI DSS certification at any time during the term of this agreement.
Datatrans guarantees that its Services will be rendered in a technically correct and state-of-the-art manner in accordance with the respective applicable product documentation. The Services solely concern technical processing of data. Datatrans does not assume any collection role and does not take receipt of any customer funds.
Datatrans will provide support with the Service Packages or Services selected. The service levels associated with the selected Service Package or Service is described in the documentation for each Service Package. The Datatrans Platform is monitored twenty-four (24) hours a day and seven (7) days a week.
The Counterparty is not entitled to resell the Service Packages, Services or any parts thereof provided by Datatrans to third parties, unless without a supplementary written agreement is concluded with Datatrans in writing.
The Counterparty warrants that the email address provided in its User Account is active and appropriately monitored at any time. The receipt of alerting messages to this email address shall be deemed to be confirmed upon delivery by Datatrans.
The Counterparty is obligated to treat as strictly confidential all identifying characteristics that are used for the identification/authentication of the Counterparty in connection with its use of the Service Packages and/or Services provided by Datatrans. All actions and transactions executed with identifying characteristics of the Counterparty are deemed to be approved by the Counterparty.
The Counterparty is responsible:
To the extent tokenization is part of the Service Package or the Services selected by the Counterparty, the Counterparty ensures that the tokens are stored and protected against unauthorized access with state of the art technical and organizational measures.
The Counterparty represents and warrants that it uses the tokens of the Services only within its own environment. The transfer of tokens from the Counterparty’s environment to any third-party is only permitted with Datatrans’ prior written consent.
The Counterparty is required to use all verification methods available to verify its submitted data is correctly processed by Datatrans.
Towards its Receivers the Counterparty is solely responsible for the first level support.
The applicable Fees for Service Packages or Services selected by the Counterparty are governed by the Agreement. Unless indicated to the contrary, Fees are exclusive value added tax (VAT). For the avoidance of doubt, the Counterparty must pay all taxes, fees and other charges imposed by any governmental authority, including any VAT on the Service Packages or Services provided under this Agreement.
The Counterparty agrees to pay the Fees assessed by Datatrans to Counterparty for providing the Services. The billing period will start at the date of the conclusion of this Agreement pursuant to Clause 4 of these General Terms and Conditions. Invoices from Datatrans are due for payment thirty (30) days after they have been issued. The Counterparty is prohibited to offset invoices from Datatrans against any amounts owed to it.
Datatrans may charge Counterparty’s credit card or other payment mechanism that Counterparty has selected and which has been confirmed by Datatrans with any Fee amounts due and payable.
Datatrans may amend the Fees at any time. Datatrans will provide the Counterparty with at least thirty (30) days’ advance notice before revisions of Fees become applicable. Datatrans provides the Counterparty the option to terminate its User Account in the event that Datatrans changes the price of a Service Package or Service Counterparty has subscribed to at the end of the month, subject to thirty (30) days’ notice. The Counterparty agrees that, if Datatrans is unable to collect the Fees owed by the Counterparty for the Services provided by Datatrans to the Counterparty, Datatrans may take all necessary steps to collect those Fees from the Counterparty and the Counterparty is liable for all costs and expenses related to Datatrans’ fee collection efforts including but not limited to collection fees, court and legal fees.
In addition, Counterparty agrees that Datatrans may charge interest at a rate of 1% per month on any unpaid amounts due.
Datatrans does not represent and warrant that the Services are free of defect and/or mistake. Services are provided on an “as is” basis with all faults.
Datatrans disclaims all representations and warranties, express or implied, with view to the Services:
All of the Datatrans' representations and warranties in respect of the subject matter of these General Contract Terms are expressly set out in these General Contract Terms. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of these General Contract Terms will be implied into these General Contract Terms or any related agreement.
The counterparty acknowledges that the Service Packages and Services offered by Datatrans are technical measures to increase security and reduce the risk of abuse, but do not offer complete protection. The Counterparty is responsible for selection and adjustment of these Services and for compliance with the PCI DSS and other Financial Service Provider’s security regulations.
Datatrans does not represent or warrant that the Datatrans Service is entirely free from defects, errors, bugs and is completely secure as well as uninterruptedly accessible.
Datatrans shall not be liable to the Counterparty nor shall any other remedy be extended in respect of anything which, apart from this provision, may constitute a breach of the terms of these General Contract Terms arising by reason of force majeure (i.e. any event beyond Datatrans' reasonable control, including acts of war, earthquakes, hurricanes, floods, fires or other similar casualties, embargos, riots, terrorism, sabotage, strikes, governmental acts, insurrections, pandemics, epidemics, failures of power, restrictive laws or regulations, court orders, condemnation, failure of the Internet or other event of a similar nature). If Datatrans is unable to provide the Services for a period in excess of thirty (30) consecutive calendar days due to an event of force majeure, then Datatrans or the Counterparty may terminate the relevant Service(s) upon written notice to the other Party.
The Counterparty is responsible for any penalties or fines imposed in relation to its Datatrans User Account on itself, Datatrans or any third party resulting from Counterparty's use of Services in a manner not permitted by this Agreement or any applicable rules and regulations.
The Counterparty indemnifies Datatrans and its officers, directors and employees against all liability and costs, including the potential and actual costs of litigation, if any claim is brought against Datatrans by any third party, including Counterparty's employees, as a result of any act or omission by the Counterparty under its control or related to its business activities. The indemnification exists in particular in connection with claims of third parties with regard to:
Datatrans notifies the Counterparty immediately of any such claim and, to the extent legally permissible, gives the Counterparty the opportunity to defend itself against such claims. At the same time, the Counterparty immediately and completely informs Datatrans of all information available to the Counterparty regarding the facts of the claim.
Nothing in this Agreement shall limit or exclude the liability of Datatrans for:
Any further liability of Datatrans, in particular liability for slight negligence as well as liability for auxiliary persons and substitutes is excluded.
Datatrans shall not be liable for actions or omissions of the Financial Service Providers and/or any third parties being part of the payment process.
Datatrans is not liable for any damage arising out of the interruption or the cease of the Services in case of a suspicion of a compromise, if a data breach, a breach of PCI DSS by one of the Counterparty’s Receivers, a loss of PCI DSS compliance by one of the Counterparty’s Receivers, a breach of other obligations of the Counterparty or its Receivers, security and/or the compliance with the PCI DSS of Datatrans is endangered or pre-defined block limits of the system have been reached.
The Counterparty shall be liable to Datatrans for all damages resulting from the non-fulfilment or improper fulfilment of contractual duties and obligations by the Counterparty. In particular, Datatrans shall be entitled to charge the Counterparty any claims for damages of third parties as well as all other damages or other expenses caused by the improper compliance by the Counterparty with the present provisions. If the Counterparty calls in any third-party companies, it is liable for any damage caused by them, as if it had caused them itself.
The Counterparty represents and warrants that it has obtained valid consents under applicable data protection laws and regulations to disclose personal data to Datatrans or allow Datatrans processing personal data transferred to Datatrans by the Counterparty.
These General Contract Terms and the Agreement are effective upon acceptance of Counterparty’s offer by Datatrans according to Clause 4 of the General Contract Terms. It is valid for an indefinite period of time as long as the Counterparty uses the Services and unless not terminated in accordance with this Clause, but at least for an initial term of one (1) month.
The Counterparty may terminate the Agreement as per the end of each calendar month, subject to thirty (30) days’ advance written notice thereof by closing its account directly by following the directions on Datatrans’ PCI Proxy Dashboard.
Datatrans may terminate this Agreement at any time upon providing the Counterparty with a fifteen (15) days’ notice.
The right to terminate the Agreement for good cause remains reserved. Good cause particularly exists:
Termination does not immediately relieve the Counterparty of obligations incurred under these General Contract Terms. Upon termination the Counterparty agrees:
(i) to stop accepting new data through the Service;
(ii) to cease the use of the Service
(iii) to discontinue the use of and remove all Datatrans logos or other references from its website(s);
(iv) that Datatrans reserves the right to delete all information or account data stored on its servers; and
(v) that the Counterparty remains liable for any Fees or any other financial obligation incurred prior to termination.
The Parties mutually agree to maintain strict confidentiality of all confidential information of the other Party. Datatrans is entitled to employ subcontractors and agents to assist in providing Services, but it must impose similar confidentiality undertakings on them.
Datatrans agrees to treat all transmitted data as confidential in relation to third parties.
Neither Party is an agent or representative of the other Party nor has any authority to enter into obligations in favor of third parties.
Each Party can reference the other party for marketing purposes based on the prior written consent of the other Party.
The Counterparty may not assign and/or transfer any rights and/or claims under these General Contract Terms without the prior written consent of Datatrans.
Datatrans reserves the right to amend and to supplement these General Contract Terms at any time. The Counterparty will be notified in writing, whereby email is considered as sufficient, at least thirty (30) days before entering into force of the amendments and/or supplements to these General Contract Terms. If the Counterparty does not agree with the notified amendment or supplement, it has the right to terminate the Agreement or parts of it affected by the amendment and/or supplement at the time before the amendment and/or supplement enters into force. If such termination will not be requested by the time the amendment and/or supplement becomes effective, it is deemed to be accepted by the Counterparty and becomes integral part of the Agreement between the Parties.
Should any provision of these General Contract Terms become invalid or ineffective in whole or in part, such provision shall not affect the validity and effectiveness of the other provisions of these General Contract Terms and shall be replaced by a provision that reflects to the fullest extent possible the original intention of the Parties and the economic purpose that the Parties intended to achieve with such provision.
The Agreement is governed by Swiss Law under the exclusion of the rules of conflicts of laws. The competent, ordinary courts in Zurich/Switzerland have exclusive jurisdiction over any dispute arising out of or in connection with the Agreement or any other agreement between the Parties.
The competent, ordinary courts in Zurich (Switzerland) shall have exclusive jurisdiction over any dispute arising out of or in connection with this these General Contract Terms.